When making a change to the Registry, it is recommended that you first create a export of the entries that you are about to modify. This allows you to save the information to a Registry file, or .reg file, so that if a problem occurs you can import the original settings back into the Registry.
Export Windows Registry File
Download: https://tinurli.com/2vEU1v
When using Windows 10, you may find that the Windows desktop has frozen and you can no longer use the Start Menu, click on programs, drag files, or switch between windows. When this happens, it may be caused by the Windows Explorer, or Explorer.exe, process having issues and can typically be fixed by restarting it.
Alternatively, a slightly quicker method is to browse to the location with the backup, right-click the file and select Merge. The file will be automatically imported to your registry.
Windows 10 allows you to reset your computer and leave all your files untouched. This option completely refreshes your system files and may help with restoring the registry after a system crash. Here are the steps to follow:
In some cases, e.g. in case of virus infection, you may have to delete or edit some registry keys. Before doing that, create a backup copy: export the registry or some of the keys to a file. This will help you restore the previous state of the system registry.
I put together the below powershell scripts for exporting and importing PuTTY settings. The exported file is a windows .reg file and will import cleanly if you have permission, otherwise use import.ps1 to load it.
For those of you who need to import Putty from offline registry file e.g. when you are recovering from crashed system or simply moving to a new machine and grabbing data off that old drive there is one more solution worth mentioning:
This great and free console application will export the entire registry or only a specific registry key. In my case i simply copied the registry file from an old drive to the same directory as the exporter tool and then i used following command and syntax in CMD window run as administrator:
In this directory there should be NTUSER.DAT file. It is hidden by default, so you should enable hidden files in your Windows explorer or use another file browser. This file contains the HKEY_CURRENT_USER branch of your old Windows registry.
Then select File -> Load Hive... and find your old "home" directory of your old Windows installation. In this directory there should be NTUSER.DAT file. It is hidden by default, so, if you didn't enable to show hidden files in your Windows explorer properties, then you can just manually enter file name into File name input box of "Load Hive" dialog and press Enter. Then in the next dialog window enter some key name to load old registry into it. e.g. tmp.
Now export HKEY_USERS\tmp\Software\SimonTatham branch into putty.reg file, open this file in your favorite text editor and find-and-replace all HKEY_USERS\tmp string with HKEY_CURRENT_USER. Now save the .reg file.
Automation Workshop includes the Export Registry Action that can automatically export a Registry key to a standard .reg file. Due to the hierarchical structure of the Windows Registry, exporting a Registry key implies retrieving all its subkeys and values as well, so effectively a whole branch or even a hive is exported.
Within a registry file, comments are prefixed with a semicolon "; " e.g. ; ; Set NUMLOCK at login: ; 0 = Turn OFF at logon. ; 1 = Disable Num Lock. ; 2 = Turn ON at logon.[HKEY_CURRENT_USER\Control Panel\Keyboard]"InitialKeyboardIndicators"="2"
WinSCP can store its configuration both to Windows registry and INI file. When installed, the configuration is stored by default into the registry. Portable versions use by default an INI file (if possible). To switch the storage see Storage page of Preferences window.
To change the default state of whole configuration, set root Access key. In Windows registry, it is a key in WinSCP root registry key. As INI files have no root section, WinSCP looks into a special section named [_] (a single underscore).
On startup, WinSCP first looks for an INI file in the directory, where WinSCP executable is stored in;1 and then in the user profile directory. If it does not find INI file in either location, it looks for presence of its key in registry, both in HKCU and HKLM. The HKLM key is created by the installer, so installed WinSCP uses the registry by default. If it does not find the registry key either, it creates an empty INI file in the directory, where WinSCP executable is stored in. If that directory is not writable, it creates an empty INI file in the user profile directory.
Tag Configuration shows either HKCU Windows registry key or a path to an INI file. When Windows registry configuration storage is in use, it is also important under what Windows account is WinSCP running, to know what account the HKCU refers to. For that refer to Local account tag.
Running this command is recommended in different sources, many DFIR practitioners and pentesters use it to grab registry hives from a live system. This command, however, is unable to export application hives.
The REG_STANDARD_FORMAT and REG_LATEST_FORMAT arguments are suitable for exporting a registry tree under a given non-root key (a root key is fine too). With one of these arguments, a temporary hive is created and the registry tree (under a given key of a source hive) is copied to that hive. This temporary hive is then saved to a specified file.
When the root of a containerized hive is given, the kernel creates a temporary hive and copies a merged view into that hive; then this temporary hive is saved using the format version 1.5. This happens when trying to export a registry hive from inside of a container.
When the REG_STANDARD_FORMAT and REG_LATEST_FORMAT arguments are used, no deleted registry data is preserved in an exported file, because only allocated keys and values are copied into a temporary hive during the export.
When registry hives are frozen, no changes to their files are allowed on a disk (all write operations to the disk are stopped and that files are in a well-defined state for backup). During the freeze operation, transaction log files are applied to corresponding hive files. Then, an applied transaction log file can be emptied.
Thus, the creation of a shadow copy often results in registry data being removed from transaction log files. Also, some registry data can be overwritten in hive files when transaction log files are applied.
In Windows 8.1 and 10, updates to hive files are less frequent (by default, usually once in an hour) and registry data in transaction log files is checksummed, so the risk of capturing a hive file containing invalid data is lower and a transaction log file with some invalid blocks of registry data can be processed properly.
To export a Registry key, launch the Registry editor (type regedit on the Start Screen), right-click the key, and then select Export from the context menu. The Registry editor will then prompt you to specify a file name for your REG file.
Exporting the Registry creates a text file with the .reg extension that youcan edit using any text editor. This file contains all the information requiredto describe the subkeys and values in the subkey you export; in fact, you canimport a REG file back into the Registry. When you export a subkey, Regeditwrites all of that subkey's descendent subkeys and values. No means isavailable to export a single subkey without its descendents.
Up to this point, you've used Regedit to work with the Registry. You canalso export subkeys to a REG file and edit them using a text editor such asMicrosoft Notepad. For example, use the editor's search-and-replace featureto make massive changes to the REG file. Beware, however, because you caninadvertently change values you don't mean to change. More common isediting a REG file to remove subkeys and values that you don't want in thefile. If you want to create a REG file that includes a subkey without all itsdescendent subkeys, for example, edit the file to remove the descendent subkeys.Here's a more practical example: Fergus customized Microsoft Windows 2000Professional on one computer and then exported the subkey HKCU\ControlPanel\desktop to a REG file. Because Fergus is using the REG file to customizeother computers and is only interested in a handful of values, he removes thevalues and subkeys he doesn't want to include in it.
Aside from editing subkeys and values with a text editor and sharingcustomizations, exporting subkeys to a REG file has more immediate practicalpurposes. Export as a backup any subkey in which you're working. Whenconfusion clouds your mind or edits get out of hand, import it back into theRegistry to restore the original settings. This will restore values that youchange and remove, but it won't remove values that you added to theRegistry. Thus, if you added a value that prevents Windows 2000 from workingproperly, restoring a REG file won't fix the problem; you'll have toremove the new value yourself.
The differences are only significant when you work with different operatingsystems. Version 5 REG files are only compatible with Windows 2000 and many texteditors can't properly edit them. If you must create REG files that arecompatible with earlier versions of Windows or your text editor doesn'tsupport Unicode character encoding, create version 4 REG files. Note also thatcertain values are easier to edit in version 4 REG files. The last caveat, andthe most important one for my international readers, is that you must useversion 5 REG files if the registry contains multilingual data.
Nothing prevents you from importing a Windows 98 or Windows NT 4.0 REG fileinto Windows 2000, and vice versa. Don't because it might prevent eitheroperating system from working properly. The content of each operatingsystem's registry is sufficiently different for me to jump up and down andwave my arms madly while I give you this warning. 2ff7e9595c
Comments