WindowsDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement


AddThis Social Bookmark Button

How To Recover from Registry Corruption
Pages: 1, 2

Anyway, here are the steps to recover your registry:



1. Boot your machine from your Windows XP product CD and press R when prompted to launch the Recovery Console.

2. Type your Administrator password or press Enter if it's blank.

3. Assuming that your operating system files are in C:\Windows, type the following commands one at a time:

md tmp
copy c:\windows\system32\config\system c:\windows\tmp\system.bak
copy c:\windows\system32\config\software c:\windows\tmp\software.bak
copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
copy c:\windows\system32\config\security c:\windows\tmp\security.bak
copy c:\windows\system32\config\default c:\windows\tmp\default.bak
delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default
copy c:\windows\repair\system c:\windows\system32\config\system
copy c:\windows\repair\software c:\windows\system32\config\software
copy c:\windows\repair\sam c:\windows\system32\config\sam
copy c:\windows\repair\security c:\windows\system32\config\security
copy c:\windows\repair\default c:\windows\system32\config\default
exit

This replaces your current registry files with those from your Repair folder--that is, with backups of the registry hives that were created when Windows XP was originally installed on your system. (Remember, if you have never run the Backup utility, the Repair folder files have never been updated.) At this point your computer will be operational when you reboot it, but the registry hives will be those created when XP was installed, which means your registry won't detect later applications you've installed. Now, we need to try to make your system aware of these installed applications. To do that, we're going to hack System Restore by taking copies of registry hives from a recent restore point and replacing the current hives with them. Let's continue.

4. Once your machine restarts (if you have Windows XP Home Edition, make sure you start in Safe Mode), log on as Administrator, open Windows Explorer, select Folder Options under Tools, click View, select Show Hidden Files And Folders, and deselect Hide Protected Operating System Files (Figure 2):

Figure 2
Figure 2: Making hidden and system files visible in Explorer.

Now find the folder named System Volume Information in the root of your boot drive. This folder appears ghosted because it's a special, hidden system folder you've now made visible (Figure 3):

Thumbnail, click for full-size image.
Figure 3: The System Volume Information folder (click for full-size image).

5. Double-click on this folder, and if a dialog box appears saying that access is denied, follow the instructions described here. (Note that the exact procedure depends on whether you have Home or Professional edition and whether your computer belongs to a workgroup or a domain.) Inside the System Volume Information folder, you'll find a number of folders named in the form _restore_GUID. These folders were created by System Restore on your computer and contain system restore points. Open one whose timestamp differs from your current time (do not use the most current folder) and you'll find a series of folders named in the form RPn (Figure 4):

Thumbnail, click for full-size image.
Figure 4: System restore point folders (Click for full-size image).

6. Open any of these folders and you'll see a folder named Snapshot. Open it, and copy and paste the five files that are selected in Figure 5 into the C:\Windows\Tmp folder.

Thumbnail, click for full-size image.
Figure 5: Backups of registry hives from your most recent restore point (click for full-size image).

Why copy these registry files to your Tmp folder? So they can be accessed from the Recovery Console, as you'll see in a moment.

7. Open the Tmp folder and rename the copied files from _REGISTRY_USER_.DEFAULT to DEFAULT, from _REGISTRY_MACHINE_SECURITY to SECURITY, and so on.

8. Boot your computer from your Windows XP product CD again and start the Recovery Console. Type the following commands:

delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default
copy c:\windows\tmp\system c:\windows\system32\config\system
copy c:\windows\tmp\software c:\windows\system32\config\software
copy c:\windows\tmp\sam c:\windows\system32\config\sam
copy c:\windows\tmp\security c:\windows\system32\config\security
copy c:\windows\tmp\default c:\windows\system32\config\default
exit

This replaces your original (created at Setup) registry hives with registry hives taken from a recent restore point. Now you can restore your system to a recent restore point by opening System Restore (from System Tools in Accessories) and selecting Restore to a Previous Restore Point.

Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell, Windows Server 2003 in a Nutshell, and Windows Server Hacks.


Return to the Windows DevCenter.