Retrieving registry data from a slave drive

Hi Guys
I've tried looking through previous posts but none of them seem to work.
I've got a clients drive that is currently set as a slave in another system due to booting problems and he's requested i wipe the drive and re-install all the software.
I have the media but need the serial keys from various programs but as the drive is a slave i cannot seem to access the hive.
Can anyone tell me how to access the registry on the slave drive so that i can retireve the keys and also if there's any way of getting the Outlook account settings (username, pop and smtp server details etc).

Thanks in advance.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I have used a UBCD4WIN Disk for this, boot the PC with the external drive from the CD. Now run the System Information for Windows "System Info" remote from the CD. It'll show you the keys of the installed software.
To save all the Outlook data, files are stored in two locations. Copy these two folders from the external drive and when the computer has been reformatted, copy them back into their respective locations.

C:\Documents and Settings\User Name\Application Data\Microsoft\Outlook\
C:\Documents and Settings\User Name\Local Settings\Application Data\Microsoft\Outlook\

As far as reading the registry, I am a huge fan of UBCD4Win and second cpottercpotter's recommendation. It takes a little bit to build a disk, but worth the time.
That has been asked a lot here on EE.
Do a site search for "offline registry editing".

I know that there are a couple of posts from "Krompton" and (I think) LeeTutor that do a great job of explaining.

Here is one sample I found:
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

If either of these guys check in - they get the points, not me.

Review these former posts from LeeTutor and Krompton - they really know what they're talking about.

Also, if you can mount a non-booting drive as a secondary drive on a functioning XP computer, you can use the Load Hive and Unload Hive options to edit the registry on the secondary drive's registry.  The technique is this:  Boot up in a parallel copy of XP.


If the information you want to access was in HKEY_CURRENT_USER: Highlight HKEY_USERS, choose "Load hive" from the File menu, open

X:\Documents and settings\<UserProfileName>\ntuser.dat.

(where X: should be replaced by the drive letter corresponding to the secondary slaved drive you have mounted from the nonfunctional computer.)

When asked for a name, choose "OldProfile" (or whatever other easily remembered name you choose).  Access/backup the keys you're interested in. Once you're done, highlight the "OldProfile" key, choose "Unload hive" from the file menu.

If the information you want to access was in HKEY_LOCAL_MACHINE\System or in HKEY_LOCAL_MACHINE\Software: Highlight HKEY_LOCAL_MACHINE, choose "Load hive" from the File menu, open




(no extension). When asked for a name, choose "OldSystem" or "OldSoftware" (or whatever). Access/backup the keys you're interested in. Once you're done, highlight the "OldSystem" or "OldSoftware" key, choose "Unload hive" from the file menu

Open Regedit. When you look at the keys you see the following

All of these KEYS are properly called HIVES and there are in reality only two keys or hives - HKEY_LOCAL_MACHINE and HKEY_USERS. The other three are just "sub keys" of the other two.

Each user profile has it's own NTUser.dat file (unless a roaming profile). NTUser.dat is loaded at login and is presented as HKEY_CURRENT_USER. So if you want to make a change to the HKEY_CURRENT_USER you must login in as that user. Since you cannot login as Default User you need another way to make changes to sub keys that are displayed in HKEY_CURRENT_USER. That is why you use the process of loading a hive. You can load the NTUser.dat file from Default User make the changes then unload the hive and now all of the changes will be pass along to new profiles as the starting defaults for that user.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I would agree that if you find anything from LeeTutor on this, follow his recommendations. That guy is the EE God!  =)
loading remote hives is probably the biggest pain in the ass the M$ ever dreamed up.  Still, that's what they want, they don't really want you to recover a setup.  Pay more to install, that is their revenue mantra.

Anyway, this will NOT help you one bit.  All the logins and passwords to any and all programs that are stored in the registry are almost always encrypted.  Getting the hive loaded will probably a royal waste of time.  Try it if you want.  I'll bet you will be disappointed.  The program directories or emails are likely to have PW data more easily available than the registry.

Go to C:\Documents and Settings\user name\Start Menu\Programs  copy all there to another locale.
Go to C:\Documents and Settings\All USers\Start Menu\Programs    copy all there to another locale
Go to C:\Documents and Settings\username\Application Data  copy all there to another locale.
That will tell you what software to install.
Then copy all his My Documents directory to another place for safe keeping.

Now reinstall the OS, and rebuild the programs based on what you copied

Did you know, you can recover his setup from the restore points in System Volume information????

ALL of what you need to can get from the hard drive directories. The remote REG is almost useless.
I beg to differ....

If you load a reg hive, you can extract software serials AND passwords, yes I said passwords, by vewing Protected Storage....

Protected Storage PassView v1.63: Recover Protected Storage passwords

You can have it open other users reg hives to extract data....

NOTE, you should be able to get Outlook, OE, and stored IE passwords with no effort...
NetexpertsAuthor Commented:
Many Thanks,
This will solve all my problems. Not sure who will get the points but this is the solution i've used.
Many Thanks again !!!
Your welcome!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.