RMacD.com

Introduction

The Windows Registry holds information about your computer's configuration - everything from your preferred media player to the speed at which your context menus appear. The registry is held in a number of files under the path \WINDOWS\SYSTEM32\CONFIG.

In a case of a power cut, or some other form of abrupt interruption, the registry can occasionally become corrupted. This results in your computer not being able to boot. It is presumed that your computer uses the "System Restore" feature - if not, you're in a bit of trouble - the system's registry, in that case, will be restored to its default settings.

A typical symptom of this problem is the following error upon startup:

Windows XP could not start because the following file is missing or corrupt: C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Overview

This procedure can be carried out on the same computer as the problem, or on a different one. This procedure is for those amongst us not fortunate enough to own more than one computer!

If you're looking for how to connect your drive to another computer, wait up a couple of weeks. I'll have a howto here!

Basic outline of the process:

1. Back up the current version for safekeeping
2. Finding and preparing the default registry files
3. Reboot into safe mode to restore the registry from a "System Restore" snapshot
4. Use the "System Restore" feature to restore the computer in general

Before you Begin

This procedure assumes that you have the appropriate CD for your Windows OS Installation.

In the event of you not having this disk, Micro$oft would like you to buy another copy of Windows. In the spirit of TPB, here's the link to download windows yourself (here) and here's the link to get it up and running (here). Remember kids, Ronald Didn't Tell You.

Can't get your CD to work? Make sure your computer's looking for the CD. The BIOS has a list of places to look through in order when your computer boots up. If the Hard Disk is listed before the CD drive, your computer will never boot from the CD. Have a look through Google, type in your computer's manufacturer and "bios cd boot" or something along those lines.

Backing Up

Once your computer's booted from the CD, Windows will give you a few options. The one we want is the "Recovery Console", so press "r". Having done this, you'll be asked for a password. If you know it, put it in. Otherwise, it's probably zilch so just press ENTER.

You'll now be given a prompt as follows: (C:\ might be different depending on your computer)

C:\WINDOWS>

Now make a directory "tmp" in the folder C:\WINDOWS as follows:

md tmp

Here's your chance to show off your WPM. Carefully type all of the following, with a CR (Carriage Return) at the end of each line. Make sure to replace "C:\" with the root of your drive, if applicable.

copy c:\windows\system32\config\system c:\windows\tmp\system.bak
copy c:\windows\system32\config\software c:\windows\tmp\software.bak
copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
copy c:\windows\system32\config\security c:\windows\tmp\security.bak
copy c:\windows\system32\config\default c:\windows\tmp\default.bak

delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default

copy c:\windows\repair\system c:\windows\system32\config\system
copy c:\windows\repair\software c:\windows\system32\config\software
copy c:\windows\repair\sam c:\windows\system32\config\sam
copy c:\windows\repair\security c:\windows\system32\config\security
copy c:\windows\repair\default c:\windows\system32\config\default

Now that you've backed up your registry, type exit to reboot your computer and continue below.

Restoring the Default Registry Files

This procedure can be carried out in a few ways. For example, you could use the cmd (command) terminal as previous, or if you had another computer, it'd be a pointey-clickey job. Here's a compromise - using Windows, but on the buggered comptuer.

From step one, the backup procedure, your computer will be reboot. Just before the Windows logo would ordinarily appear, repeatedly tap F8 on your keyboard until a menu appears. Use the arrow keys on the keyboard to move down to "Safe Mode" and press ENTER. You won't need Networking or the CMD, so leave them be.

At this point, a lot of text'll whizz past the screen. You should be greeted with a familiar interface.

So, back in Windows, get to an Explorer interface. This can be done by simply going to 'My Computer'.

We want to see hidden files and folders, so follow the quick process below:

• On the tools menu, click on folder options. This is near the bottom.
• Click on the view tab.
• Where it says Hidden Files and Folders, select the show hidden files and folders option, and also click to clear the Hide protected operating system files (Recommended) box.
• Click yes to the dialog box and OK to close this window.

Now we're ready to restore the files:

Go back to My Computer, and select the drive on which Windows is located. Open it and make your way to the System Volume Information folder. In this folder is backups of your registry.

If you have problems accessing this folder, Microsoft has provided an article to help you: Follow the link to http://support.microsoft.com/kb/309531/. This link will open in a new window.

In the System Volume Information folder, open the second last folder that was modified.

To see the modification times for folders: Right-click inside the parent folder, select View > Details.

It is important not to use the most recent version of your registry backup, as this is the one that was corrupted. Obviously, if you do not use System Restore, you will not be able to complete this procedure.

In one of these folders, you will find another folder titled 'snapshot'. From this folder, copy the following files to C:\WINDOWS\tmp that we created earlier:

• _REGISTRY_USER_.DEFAULT
• _REGISTRY_MACHINE_SECURITY
• _REGISTRY_MACHINE_SOFTWARE
• _REGISTRY_MACHINE_SYSTEM
• _REGISTRY_MACHINE_SAM

In the C:\WINDOWS\tmp folder, we will now rename these files as follows:

• _REGISTRY_USER_.DEFAULT to DEFAULT
• _REGISTRY_MACHINE_SECURITY to SECURITY
• _REGISTRY_MACHINE_SOFTWARE to SOFTWARE
• _REGISTRY_MACHINE_SYSTEM to SYSTEM
• _REGISTRY_MACHINE_SAM to SAM

Copying the files to C:\WINDOWS\tmp is necessary, as the Recovery Console does not typically have access to the System Volume Information folder which stores the registry backups.

Deleting the Old Registry Files; Restoring the New Ones

This step requires the Recovery Console. Repeat the 'Backing Up' stage, described above in this article, to reach the C:\WINDOWS> prompt.

Once you have reached the Recovery Console, enter the following commands, pressing carriage return at the end of each line.

C:\WINDOWS> del c:\windows\system32\config\sam
C:\WINDOWS> del c:\windows\system32\config\security
C:\WINDOWS> del c:\windows\system32\config\software
C:\WINDOWS> del c:\windows\system32\config\default
C:\WINDOWS> del c:\windows\system32\config\system
C:\WINDOWS> copy c:\windows\tmp\software c:\windows\system32\config\software
C:\WINDOWS> copy c:\windows\tmp\system c:\windows\system32\config\system
C:\WINDOWS> copy c:\windows\tmp\sam c:\windows\system32\config\sam
C:\WINDOWS> copy c:\windows\tmp\security c:\windows\system32\config\security
C:\WINDOWS> copy c:\windows\tmp\default c:\windows\system32\config\default

Then, to exit and restart, type the command:

C:\WINDOWS> exit

Doing the Business

So that Windows 'sees' the new registry files, we now do a typical System Restore.

To do this, click Start and then All Programs > Accessories > System Tools > System Restore.

Once on the Restore Console, click Restore to a Previous Restore Point, and leave the computer to do its thing!

Good luck!

Revised March 2008 © Ronald MacDonald.