http://windowsxp.mvps.org/peboot.htm

 

Bart's PE is a bootable live Windows CD that can be used to recover your system when in a disaster. Some situations may require you to do an offline registry editing, or modifications to the file system when you're unable to boot into Windows even from Safe Mode or Recovery Console. In such situations, BartPE boot CD is your ticket.

BartPE (Bart Preinstalled Environment) is a bootable Windows XP/Server 2003 CD-ROM, created from the original Windows installation CD. BartPE is extremely an useful tool for system maintenance and recovery. Though you may not need it immediately, create one for you and store it safely. You'll definitely need it some day or the other.

Creating a bootable CD-ROM

To create a BartPE bootable CD, check out the article How to Create a BartPE Bootable CD using PE Builder which has the complete instructions with screenshots. You can also add additional plugins (such as the ones for anti-virus, anti-spyware, disk imaging tools etc..) along with the BartPE CD.

Scenario - Incorrect registry value preventing you from logging on to your user account in Windows XP ?

In this example, a basic BartPE CD without any Plugins, has been used for illustration purposes. You may add as many Plugins as you want, depending upon your needs.

Verifying and fixing the Userinit value in the registry

If your PC is a victim of the Malware discussed in this article, and unable to login to your profile, then you'll need to fix the registry as discussed there. As you're unable to login, registry modification can only be done from a remote system, or via offline registry editing. This article discusses about offline registry editing.


BartPE screen


Registry Editor


Load Hive option


Select the Hive


Name the Hive


Fixing a key


Unload the hive

  1. Insert the BartPE CD into the drive, and boot the system from the CD. Once the file loading phase is over, the Bart PE desktop will be visible, as shown in Figure 1.
  2. Type Regedit.exe in the prompt, and press Enter. Select the HKEY_USERS hive
  3. From the File menu, choose the Load Hive option. Browse to your Windows installation drive, for example the following location:

C:\Windows\System32\Config\

  1. Select the file named SOFTWARE (the file without any extensions), and click Open
  2. Type a name for the hive that you've loaded now. (Example: MyXPHive)
  3. Now the SOFTWARE hive is loaded, and present under the HKEY_USERS base hive.
  4. In order to fix the Userinit value in the loaded hive, navigate to the following location:

HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon

  1. Double-click Userinit and set it's value correctly. Example: Set it's data as follows:

C:\Windows\System32\Userinit.exe,

(Include the trailing comma also. The above assumes that Windows is installed in C:\Windows, and Userinit.exe file is actually present in the System32 folder. You may want to verify that as well.)

  1. After entering the correct data, you MUST unload the Hive. To do so, select MyXPHive branch, and then in the File menu, choose Unload Hive. It's important to note that you'll need to select the MyXPHive branch first, before unloading it.
  2. Quit BartPE and restart Windows. See if you're able to logon to your profile.

 

Back to Deighton