Home  │  Lock Reg Part I  │  Merge Registry  │  Reg.exe  │ 


Remote (Network) Registry Editing in Windows XP

This article applies to: Windows 2000/XP/Server 2003

Topics on this page:

[1] Introduction

[2] Pre-requisites for Remote Registry Editing

[3] Connecting to the Remote Registry

[4] Editing the Remote Registry keys




1. Introduction

You can access the registry of another computer on a network if you have the right credentials. This method of accessing the registry has been available in older versions of Windows and is usually reserved for system administrators. it is useful for troubleshooting if the registry is damaged or locked (see my tutorial on locking the registry).

The term remote registry and network registry is used interchangeably in Windows XP. The service is called Remote Registry service but in the registry editor it is called network registry.

It is still prudent to back up the registry regularly. Windows XP's own back up tool NTbackup is well equipped to do this.


2. Pre-requisites for Remote Registry Editing

You need to connect the remote computer on a network and both computers must be started and logged on.

The Remote Registry service in the remote computer needs to be running. If in doubt, go to:

Start > Run > services.msc

to verify its status. Unless you carry out remote registry editing, it is best to disable this service or at least leave it to Manual for security.

Caution: in Remote Registry Properties > Log On tab, do not change anything (i.e. leave Log on as: This account: NT AUTHORITY\localservice).

If you cannot connect, check the user account password and Remote Registry service. I find that first logging on to a network shared folder on the same computer enables remote registry connection to be made more quickly (using the same logon credentials); or start the TCP/IP NetBIOS Helper service (but it is not strictly essential).

Both Windows Firewall (SP2 version, Exceptions: File and Printer Sharing; Remote Desktop not needed) and Zone Alarm can be left enabled (Trusted Zone - Medium) with no extra configuration. It works with both wired and wireless LAN.


3. Connecting to the Network Registry

Run regedit in the client computer. Go to:

File > Connect Network Registry...

Type the correct computer name in the dialogue box (similar procedure as accessing a network shared folder).

If password authentication is required (as it should be for all shared resource), type the login User Name and Password in the fields. Click OK.

Once connected, the remote computer's registry hives


will appear at the bottom of the local computer's five registry hives under its computer name. Figure 1 shows an example in which a label "Remote Computer" has been used to identify the registry hive from the Remote Computer. In the real world, the remote computer's real computer name will be shown.

Remote registry hive loaded

Fig. 1. Remote registry hive loaded


4. Editing the Network Registry

To edit the per user registry hive belonging to the currently logged on user on the remote computer, go to this subkey:

HKEY_USERS\S-1-5-21-domain identifier-500\

and navigate as if it is in the local computer.

You can see that what usually is the HKCU hive on the remote registry (it maps to the HKU hive in fact) appears under HKU and user SID S-1-5-21. Selecting S-1-5-21 will load the registry hive of the user who is currently logged on on the remote computer (the console user).

SID S-1-5-21 on the remote registry hive.

Fig. 2. SID S-1-5-21 on the remote registry hive.


Thus if the Administrator account is logged on on the remote computer then S-1-5-21 refers to this account. If another account is logged on, S-1-5-21 refers to that account instead. It is important to realise this.

To edit the per computer registry hive belonging to the remote computer, go to:


under the remote computer name.

You can only edit these two registry hives.


5. Disconnecting from the Network Registry

When you have finished editing, remember to go to:

File > Disconnect Network Registry...

Select the computer name (for the computer whose registry is to be disconnected) on the list in the dialogue box and click OK.

Do not shut down (or go to standby) the remote computer before disconnection; otherwise it may not able to access it again without reloading regedit.



KB 314837 How to Manage Remote Access to the Registry

Windows XP Registry in general

KB 256986 Description of the Microsoft Windows Registry

KB 307545 How to Recover from a Corrupted Registry that Prevents Windows XP from Starting

KB 310426 HOW TO: Use the Windows XP and Windows Server 2003 Registry Editor Features

KB 309340 HOW TO: Use Backup to Restore Files and Folders on Your Computer in Windows XP

KB 310516 HOW TO: Add, Modify, or Delete Registry Keys and Values by Using a Registration Entries (.reg) File

KB 322756 HOW TO: Back Up, Edit, and Restore the Registry in Windows XP and Windows Server 2003

Technical Reference to the Windows 2000 Registry

Inside the Registry - Article from Windows NT Magazine

How to Restore the Registry

Honeycutt, Jerry, Microsoft Windows XP Registry Guide (Redmond: Microsoft Press, 2003)


Go to TOP


Copyright 2003-2005 by Kilian. All my articles including graphics are provided "as is" without warranties of any kind. I hereby disclaim all warranties with regard to the information provided. In no event shall I be liable for any damage of any kind whatsoever resulting from the information. The articles are provided in good faith and after some degree of verification but they may contain technical or typographical errors. Links to other web resources may be changed at any time and are beyond the control of the author. Articles may be added, removed, edited or improved at any time. No support is provided by the author. All the products mentioned are trademarks of their respective companies.

DISCLAIMER: Edit the registry at your own risk. If possible use the Group Policy Editor. There is no undo in regedit. If you are inexperienced with regedit, when possible back up the whole registry or the key you are about to change first before modifying or deleting the key. Do not modify more than one key/name/value at a time. Re-logon or reboot and see what happens first.

Created 27 Mar 2005, last updated 4 April 2005