Tuesday, March 31, 2009

Restoring Registry

If a windows operating system such as 2000/XP/2003 is hanging, services are freezing... its not booting - before formatting and re-installing it's worth restoring a previous verison of the registry as these problems are normally registry related. To restore a registry follow these steps.

Navigate on the server to c:\windows\repair check the date modified on these files. If they are really old don’t use them, if they are recent we will restore them.

Registry files need to be manually copied outside of windows in Recovery Console. To access this you need to boot of a windows 2003 CD, you will also need the RAID drivers on a floppy disk.

Once you’re in Recovery Console, If the windows\repair backups are too old, navigate to the System Volume Information directory provided. In the system volume information type:

DIR /O:D

This will show you all directories from oldest to newest. You want a relatively new one about 2 weeks old (or before the problem started happening). The directories look like this:

_restore{D86480E3-73EF-47BC-A0EB-A81BE6EE3ED8}

If we were using this directory, navigate to the snapshot directory with a name something like this:
C:\System Volume Information\_restore{D86480E3-73EF-47BC-A0EB-A81BE6EE3ED8}\RP1\Snapshot

In here there are a bunch of files that have this naming format:

_REGISTRY_USER_.DEFAULT
_REGISTRY_MACHINE_SECURITY
_REGISTRY_MACHINE_SOFTWARE
_REGISTRY_MACHINE_SYSTEM
_REGISTRY_MACHINE_SAM

Copy them to C:\Windows\System32\Config and rename them to suit the original name. ie. _REGISTRY_MACHINE_SYSTEM will be renamed to SYSTEM.

Make you backup the original registry files in system32\config to system.bak or something, so if it does not boot with the restored registry files, you can boot back into recovery console and restore the original ones.

1 comment:

  1. Marvelous work.Just wanted to drop a comment and say I am new to your blog and really like what I am reading.

    ReplyDelete