Disable  mouse:



" Type"=dword:00000010



" Type"=dword:00000010

Disable  keyboard:






" Type"=dword:00000010

Enable  mouse:



" Type"=dword:0000001



" Type"=dword:0000001

Enable  keyboard:






" Type"=dword:0000001


Note: If you keyboard and mouse are disabled you can re-enable them using the following technique: http://betterteamblog.com/readwrite-offline-registry/



1. Boot from PE image.

2. In command line type regedit.

3.  Select HKEY_LOCAL_MACHINE or HKEY_USERS (up to you).

4. Go to File->Load Hive… menu.

5. In the opened explorer windows select the needed registry hive file. The following table shows the location of  registry hive files.

Hive Registry Paths and Corresponding On-Disk Files

Hive Registry Path Hive File Path
HKEY_LOCAL_MACHINE \SYSTEM \winnt\system32\config\system
HKEY_LOCAL_MACHINE \SAM \winnt\system32\config\sam
HKEY_LOCAL_MACHINE \SECURITY \winnt\system32\config\security
HKEY_LOCAL_MACHINE \SOFTWARE \winnt\system32\config\software
HKEY_USERS \UserProfile Profile; usually under \winnt\profiles\usere
HKEY_USERS.DEFAULT \winnt\system32\config\default
HKEY_CURRENT_USER \Users\%userprofile%\ntuser.dat


Now you can read write registry from offline image.

P.S. Unload the hive after a using.



The service information is kept in the registry at


Each service and driver is listed under its own key.

Service startup types are saved in the registry value (DWORD) Start under the corresponding service name. This value can be set to any of the following:


0x0            Kernel     Represents a part of the
(Boot)                    driver stack for the boot
                          (startup) volume and must
                          therefore be loaded by the
                          Boot Loader.

0x1            I/O        Represents a driver to be loaded
(System)       subsystem  at Kernel initialization.

0x2            Service    To be loaded or started
(Auto load)    Control    automatically for all startups,
               Manager    regardless of service type.

0x3            Service    Available, regardless of type,
(Load on       Control    but will not be started until
demand)        Manager    the user starts it (for example,
                          by using the Devices icon in
                          Control Panel).

0x4            Service    NOT TO BE STARTED UNDER ANY
(disabled)     Control    CONDITIONS.

Note that Boot (0) and System (1) are reserved for device drivers. Regular services should not be set to these start types.


Service type is saved in the registry value (DWORD) Type under the corresponding service name. This value can be set to any of the following:

Service Type Description

0x1            A Kernel device driver.

0x2            File system driver, which is also
               a Kernel device driver.

0x4            A set of arguments for an adapter.

0x10           A Win32 program that can be started
               by the Service Controller and that
               obeys the service control protocol.
               This type of Win32 service runs in
               a process by itself.

0x20           A Win32 service that can share a process
               with other Win32 services.




When you install a new SD card, windows install a driver for the card and by default selects “Better performance” policy. It means “Enabling write caching in Windows”.

If you want than all new SD cards will be installed with “Quick removal” options you need modify sffdisk.inf file as following:

1. add a new section:

[expect_surprise_removal_disk_install_HW.AddReg]HKR,Sffdisk,”UserRemovalPolicy”,0×00010001,0×3    ; ExpectSurpriseRemoval

2. In the [sdstorage_Install.NT.HW] section add the following line:


Note: modify sffdisk.inf file in c:\windows\inf directory and in c:\windows\C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_x86_neutral_?????????? dyrectory too (?????????? is different on different computers).




How to modify LAN Settings by registry which are usually available from “Control Panel -> Internet Options -> Connections Tab”


Many settings can be changed using:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]


It is REG_BINARY value type.

The following options can be modified by this key:

1) Byte number zero always has a 3C or 46 – I couldn’t find more information about this byte (to research).

2)The next three bytes are zeros.(to research).
3) Byte number 4 is a counter used by the ‘Internet Options’ property sheet (Internet explorer->Tools->Internet Options…).
As you manually change the internet setting (such as LAN settings in the Connections tab), this counter increments.Its not very useful byte.But it MUST have a value.I keep it zero always.The next three bytes are zeros (Bytes 5 to 7).
4) Byte number 8 can take different values as per your settings.
The value is :
09 when only ‘Automatically detect settings’ is enabled
03 when only ‘Use a proxy server for your LAN’ is enabled
0B when both are enabled
05 when only ‘Use automatic configuration script’ is enabled
0D when ‘Automatically detect settings’ and ‘Use automatic configuration script’ are enabled
07 when ‘Use a proxy server for your LAN’ and ‘Use automatic configuration script’ are enabled
0F when all the three are enabled.
01 when none of them are enabled.
The next three bytes are zeros (Bytes 9 to B).

4) Byte number C (12 in decimal) contains the length of the proxy server address.For example a proxy server ’′ has length 12 (length includes the dots and the colon).The next three bytes are zeros (Bytes D to F).
5) Byte 10 (or 16 in decimal) contains the proxy server address – like ’′ (where 80 is obviously the port number)
6) the byte immediatley after the address contians the length of additional information.The next three bytes are zeros.
For example if the ‘Bypass proxy server for local addresses’ is ticked, then this byte is 07,the next three bytes are zeros and then comes a string i.e. ‘<local>’ (<local> indicates that you are bypassing the proxy server.Now since <local> has 7 characters, the length is 07!).
You will have to experiment on your own for finding more about this.
If you dont have any additional info then the length is 0 and no information is added.
7) The byte immediately after the additional info, is the length of the automatic configuration script address (If you dont have a script address then you dont need to add anything,skip this step and goto step 8).The next three bytes are zeros,then comes the address.
8) Finally, 32 zeros are appended.(I dont know why!)

© 2012 Better Place development team blog Suffusion theme by Sayontan Sinha