A few things you will need before you can mount the hive:
-Access to the NTUSER.dat file in question
-Windows Explorer must be set to "Show hidden files, folders, and drives"
-Windows Explorer must be set to NOT "Hide protected operating system files"
Open regedit (start > run > regedit), select either HKEY_LOCAL_MACHINE or HKEY_USERS, then hit File > Load Hive. When it asks you to browse to a file, be sure you select All Files as the file type (or *.*), and browse to the users directory (commonly C:\Documents and Settings\username\ in XP or C:\users\username\ in 7) and choose the NTUSER.DAT file. You can enter whatever name you want for the Key name - that will not save anywhere in the hive.
Once loaded, you can now browse the hive for any data you may need, such as mapped printers or network drives.
Enjoy!
No comments:
Post a Comment