This article applies to: Windows 2000/XP/Server 2003
Topics on this page:
 Regedit disabled: Solutions (continued from Part I)
- [3.4] Xteq X-Setup
- [3.5] System Restore
- [3.6] Full Backup Restore
- [3.7] VBScript: Doug Knox; My own version
- [3.8] Installing INF file ***NEW***
- [3.9] Third party registry editing tools
- [3.10] Other Methods:
 Exe and other files not running after viral or Trojan infection: corrupt shell\open\command registry keys
 Operation cancelled due to Restrictions ***NEW***
3. Regedit disabled: Solutions (continued from Part I)
3.4. Xteq X-SetupDownload and run Xteq X-Setup, go to Security, Disabled Features, Regedit.exe Enabled. Tick the box Allow starting of RegEdit.EXE on the right and click Apply Changes (Fig. 1).
Fig. 1. Xteq Systems X-Setup Registry Option
3.5. System RestoreSystem Restore (the whole system partition or system state) if you have restore points before it happened (kb 309340). Restoring the registry by booting in the Last Known Good Configuration would not work as it only restores the HKLM\System\CurrentControlSet key only (see: How to Restore the Registry).
3.6. Full backup restoreRestore from a full backup (using Automatic System Recovery (ASR) in Windows XP Professional or NTBackup only in Windows XP Home edition) or an image like Symantec Ghost if you have one made before the problem occurred.
126.96.36.199. VBS from Doug KnoxDoug Knox has a VBS to lock and unlock the registry (it toggles between the two settings 0 and 1 but does not delete the policy key and if the key is absent it creates it). Hence I don't like it!
188.8.131.52. My own VBSMy version is simpler and it doesn't toggle (download here, unzip and run it; accept the warning from your anti-virus tool).
If your registry has a key value of 1 the script gives you the reading first and then rewrites it to 0. If it has a key value of 0 it does the same thus making no change and does not set it to 1. If the key is absent the script returns an error. In that case the problem lies elsewhere.
3.8. Installing INF fileUsing the INF file is another way to edit the registry; it's not as powerful as VBS but for this purpose of deleting the culprit registry key it will do the job just fine. It is a text file and when written in a standard form, will use Windows' rundll32.exe to execute the Application Programming Interface (API) in Setupapi.dll in the background. A simple INF file is given below: copy the content in Notepad and save as unlock.inf. Right click it and choose Install.
If all the above and following methods fail to solve the problem, then it is likely to be a more widespread problem and you should remove all viruses and Trojans and do a repair installation with the Windows XP CD (KB 315341).
3.10. Other MethodsThese include: Console Registry Tools (reg.exe), remote registry editing (on a network) and JScript (KB 322756).
The REG DELETE command to unlock the registry can be found in my Console Registry Tools article. It works in Windows XP Home Edition as it doesn't require the Group Policy Editor.
Fig. 2. Regedit DisableRegistryTools key
5. Exe and other files not running after viral or Trojan infection: corrupt shell\open\command registry keysThis can happen after viral infection and may affect other exe files. Try running the exe file from within a batch file first or rename it to reg.com in a command. The shell\open\command registry keys are corrupt and needs to be restored.
If you can run regedit then restore this key (Fig. 3):
HKEY_CLASSES_ROOT\exefile\shell\open\command(In the above key there is a space after 1 and the value data includes the " and * symbols.)
Fig. 3. Regedit HKCR exefile key
If other files such as *.bat, *.chm, *.cmd, *.ini, *.reg, *.scr and *.txt are not running, do the same for their keys but go to batfile (or chmfile and so on) in the registry instead.
***NEW***Symantec now has a tool to reset this (created 7 May 2004) which you can find here but I've not personally tested it (further information can be found in the Reference).
If you cannot run regedit then try the methods in the above section to fix it first. If all the above methods fail to solve the problem, then clean up all viruses and do a repair installation with the Windows XP CD (KB 315341).
Start, Run, gpedit.msc, go to:
User Configuration\Administrative Templates\System: Don't run specified Windows applications (fig. 4).
Fig. 4. Don't run specified Windows applications.
Double Click on this setting to open the Properties box. Click on Show... button (fig. 5).
Fig. 5. Don't run specified Windows applications Properties.
Reset this to allow regedit by choosing Not Configured or remove regedit.exe from the List of disallowed applications in Show Contents box. If there are others you wish to leave behind; you cannot set Enabled with no entries (fig. 6).
Fig. 6. List of disallowed applications: regedit.exe
If you have Windows XP Home edition, try to run regedit.com in Safe Mode if needed and check the corresponding registry entry:
HKCU\software\Microsoft\windows\Delete the disallowrun subkey. If regedit.com cannot be run, use HijackThis to delete the key.
Windows XP RegistryKB 256986 Description of the Microsoft Windows Registry
KB 307545 How to Recover from a Corrupted Registry that Prevents Windows XP from Starting
KB 310426 HOW TO: Use the Windows XP and Windows Server 2003 Registry Editor Features
KB 309340 HOW TO: Use Backup to Restore Files and Folders on Your Computer in Windows XP
KB 310516 HOW TO: Add, Modify, or Delete Registry Keys and Values by Using a Registration Entries (.reg) File
KB 322756 HOW TO: Back Up, Edit, and Restore the Registry in Windows XP and Windows Server 2003
Technical Reference to the Windows 2000 Registry
Inside the Registry - Article from Windows NT Magazine
How to Restore the Registry
Honeycutt, Jerry, Microsoft Windows XP Registry Guide (Redmond: Microsoft Press, 2003)
Registry RestrictionKB 278839 Error Message: This Operation Has Been Cancelled Due to Restrictions in Effect on This Computer
SymantecTool to reset shell\open\command registry keys
VBSarticle on VBS
Go to TOP
Copyright © 2003-2005 by Kilian. All my articles including graphics are provided "as is" without warranties of any kind. I hereby disclaim all warranties with regard to the information provided. In no event shall I be liable for any damage of any kind whatsoever resulting from the information. The articles are provided in good faith and after some degree of verification but they may contain technical or typographical errors. Links to other web resources may be changed at any time and are beyond the control of the author. Articles may be added, removed, edited or improved at any time. No support is provided by the author. All the products mentioned are trademarks of their respective companies.
DISCLAIMER: Edit the registry at your own risk. If possible use the Group Policy Editor. There is no undo in regedit. If you are inexperienced with regedit, when possible back up the whole registry or the key you are about to change first before modifying or deleting the key. Do not modify more than one key/name/value at a time. Re-logon or reboot and see what happens first.
Last updated 22 Mar 2005