A few things you will need before you can mount the hive:
-Access to the NTUSER.dat file in question
-Windows Explorer must be set to "Show hidden files, folders, and drives"
-Windows Explorer must be set to NOT "Hide protected operating system files"
Open regedit (start > run > regedit), select either HKEY_LOCAL_MACHINE or HKEY_USERS, then hit File > Load Hive. When it asks you to browse to a file, be sure you select All Files as the file type (or *.*), and browse to the users directory (commonly C:\Documents and Settings\username\ in XP or C:\users\username\ in 7) and choose the NTUSER.DAT file. You can enter whatever name you want for the Key name - that will not save anywhere in the hive.
Once loaded, you can now browse the hive for any data you may need, such as mapped printers or network drives.
Post a Comment