If you're not in a corporate environment, this could mean you have a virus
If you’ve recently tried to open the Windows registry editor and were presented with the message” “Registry editing has been disabled by your administrator”, then you’re not alone! This error message can occur for a couple of different reasons, some of which have a solution and some that don’t.
Most of the time you will see this in corporate environments where the IT staff has locked down the computer by disabling Windows settings and services. If it’s a policy pushed out by the main servers, it can be very hard or impossible to bypass. However, you can still give it a shot!
Another major reason the registry gets disabled is due to malicious viruses. By disabling access to the registry, the virus can prevent the user from repairing their system.
In this article, I’m going to go through a couple of different methods you can try for enabling access to the registry.
Method 1 – Group Policy
The first method involves opening the Group Policy editor in Windows and checking the setting for registry access. Unfortunately, the group policy editor is only available in the Professional, Ultimate and Pro versions of Windows 7 and Windows 8. If you have the Starter or Home editions, this method won’t work.
Step 1: Click on Start and typing gpedit.msc into the search box.
Step 2: Navigate to User Configuration – Administrative Templates – System.
Step 3: In the right hand pane, double click on Prevent access to registry editing tools.
Step 4: If the setting is set to Enabled, you can change it to Not Configured or Disabled.
Now try to run the registry editor and see if it works. If not, go to the command prompt (Start, Run, type cmd) and type in gpupdate, but only if you are not in a corporate environment. In a corporate network, the gpupdate command will download the settings from the server again, which might just overwrite the setting to Enabled.
You can try to avoid receiving the setting from the server by restarting your computer, but disconnecting your network card so that it can’t communicate with the network. You may also want to try the whole procedure above while disconnected from the network in order to ensure that the corporate policy does not override the local policy.
If you have a home computer, then you don’t have to worry about all of this, just restart your computer and you should be able to edit the registry again.
Method 2 – Registry Key
Even if you can’t open the GUI registry editor, there is a DOS command line tool called REG that lets you edit, update and manipulate the registry. Using this command, we can try to add a key that enables the registry. Click on Start, type Run and paste the following line into the Run box:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
Now try to open the registry editor and see if it is accessible. You may have to restart your computer first. Since Windows is running, you might run into problems using this method.
Luckily, there are ways to edit the registry while offline, meaning editing the registry without having to load Windows. Another good tech blog has written a detailed article on different ways to edit the registry offline, so check that out if the Run command method didn’t work. If this didn’t work either, keep reading!
Method 3 – Rename regedit
Sometimes a virus or malware program will simply prevent the registry loading by the name of the EXE file (regedit.exe). This is quite easy to bypass because you can just rename the EXE file to something else like regedit_new.exe and it might load just fine.
You can find the regedit executable file in the C:\Windows directory. Since this folder is a Windows system folder, you won’t be able to simply right-click and rename it. You’ll get an error message saying that you don’t have permission from TrustedInstaller.
In order to rename the file, you’ll have to change the owner to yourself and then change the permissions to give yourself Full Control. I’ve written up the entire procedure for changing permissions from TrustedInstaller so that you can delete, rename or move the file.
Also, check to see if regedit was already named something else like regedit.com. Some viruses rename the .exe file so that it doesn’t load when you try to run it. In these cases, just rename the file back to regedit.exe and see if it works.
Method 4 – Symantec
Symantec has a really old file from 2005 that still seems to work with this registry issue. Some viruses will change the shell command registry keys so that anytime you run an EXE file, it just runs the virus instead. This file will replace those keys with the original default values. Once you download it, just right-click on it and choose Install.
When you open the link above, make sure you right-click on the link to UnHookExec.inf and choose Save link as, otherwise it will simply load the contents of the file in your web browser.
The Save as type should already be set to Setup Information, but in case it’s not, change it to that.
There are a couple of other ways you can try to enable the registry, but I haven’t had any success with any of them and that’s why I’m not mentioning them here. If you’re not in a corporate environment, the first thing you should do is install anti-virus and anti-malware software to try and remove any malicious program that could be causing the issue.
Check out my previous articles that can help you with removing viruses and malware:
If you have any questions, feel free to post a comment. Enjoy!