alexander Posted November 17, 2008 Report Posted November 17, 2008 Note: This is only a way to restore your registry and settings, it is however extremely helpful many, many times.Preface: I was working on a user's machine one day, the machine, or i should say the installer (Office 2007) was failing to recognize the local language settings. After 2 hours on the phone with a Microsoft "expert", who was as puzzled by this as i was, i decided to run an upgrade on the system. Problem being that after i started the upgrade, the system would fail to recognize something, and would constantly give me a "The signature for Windows XP Professional upgrade is invalid. Error code fffffbda" and once again, as i always seem to get, i get the one error that even MS debuggers haven't seen (because at this point my case had a debugger assigned to it)... Anyhow, to get the system to not upgrade anymore there was one thing to do, restore. But how do you restore when you can't boot into windows without going through setup? hmmm, here's where this tutorial will hopefully come in handy to some of you!!! Sources: Why sources here? I think the guy who wrote that other article up, deserves every bit of recognition! DMN interstitial Tutorial: Tools:So where do we start? Well, here is what we are going to need: Windows Install CD or Ultimate Boot CD for Windows - i prefer the second, simply because i can use the so awfully broken auto complete "features" of windows shell, which sucks majorly, but is better then having to type what we are going to have to type, all out, by hand! Don't have a current install cd? Either build one, like i did in the other tutorial, or follow my suggestion, download and build a UBCD4WIN. There is a tutorial and a wiki there, its an utterly useful and handy product when you break your Windows install, or just have to work on someone else's broken Windows, like i do. What do i do, oh guru of computer wizdom: For the purpose of this tutorial, i will use the Windows XP setup cd way, though UBCD makes this a whole lot easier, as it provides you with access to the file system in a much cleaner way, i will use the harder way, and maybe someone else can write up a UBCD4Win tutorial extension... maybe it will be you ;) - Ok, so lets boot up our machine, press F2, F9 or F12 to get into the boot menu, depending on your system and/or bios. - Put in the Windows XP CD, choose to boot off that cd drive - Wait for the computer to ask us if we would like to boot off the CD, again, press a key to boot off the cd, and finally we get the blue screen with windows setup starting. - We are looking to get into the Recovery Console, so at the first prompt, you want to use "R" to get into the recovery console - Wait for the 4 second timeout to use the US keyboard layout, the console will then search for previous installations of windows. Note: If it does not find any, go to another computer, download the sata controller driver from the computer maker, for your model, throw that on a cd or a floppy, and when you boot into windows setup again, catch the F6, to load additional drivers, and load the drivers your manufacturer provided for the windows setup. - Now lets choose 1, or whichever installation of windows you are trying to fix. Type in the administrator password (if you don't know it, there are password reset tools on UBCD, i suggest you use read their manual if you need to use them, resetting passwords is beyond this particular tutorial) And we are finally at the command prompt of your windows install, this is the fun part now. All of those years of not using the terminal, will now save your butt :) - First lets back up our settings, use these commands to do so: Create a backup directorymd c:windowstmpCopy your system configuration data to the directorycopy c:windowssystem32configsystem c:windowstmpsystem.bakNow lets do the same for your software config, sam file (which holds your user and password information), security configuration, and the default file.copy c:windowssystem32configsoftware c:windowstmpsoftware.bak copy c:windowssystem32configsam c:windowstmpsam.bak copy c:windowssystem32configsecurity c:windowstmpsecurity.bak copy c:windowssystem32configdefault c:windowstmpdefault.bak- Now that we have backups of all of the files we are about to brake, lets remove them.... a little cd c:windowssystem32config delete software delete sam delete security delete defaultNote: if you can not remove the files, rename them, so instead of above do:cd c:windowssystem32config rename system system.old rename software software.old rename sam sam.old rename security security.old rename default default.old- Ok, now that we have those files removed, the system would be very unhappy with us if we did not replace them with something. Luckily MS has a set of defaults that we can use to our advantage, how, you will catch in a couple of steps, but for now, lets just focus on the procedure. First lets see what the files are:dir c:windowsrepairlook at the files, you may either have system or system.bak, just note this for the next linecopy c:windowsrepairsystem.bak c:windowssystem32configsystemadjust that line accordingly if you that first directory listing listed system backup as system not system.baknow the rest should not be .bak files, so this should be fairly universal:copy c:windowsrepairsoftware c:windowssystem32configsoftware copy c:windowsrepairsam c:windowssystem32configsam copy c:windowsrepairsecurity c:windowssystem32configsecurity copy c:windowsrepairdefault c:windowssystem32configdefault- Now that we have all the new files back in place, its time to use the "exit" command, and boot into our back to defaults windows. BTW this means no drivers will be recognize either, so, dig out that ps/2 keyboard and mouse for the next section, plug them in, and boot - The windows is in defaults mode, it does not know anything, and does not remember any of your users... for now... Don't panic, tis normal, and chances are, you will see some error messages, ok/ignore them, just stay with me here - Right click on the Start button, and select explorer. Go to Tools > Folder Options - Go to View, in the selections, select "Show hidden files and folders", uncheck "Hide extensions for known file types", and uncheck "Hide protected operating system files", click yes at the big scary message, click Apply, then OK - Now then, right click on your C: drive (or whichever drive happens to be the system drive), go to properties. If your "File System:" reads Fat32, skip the next step - We need to make System Volume Information readable, right click on the System Volume Information folder and go to Properties. If you have the Security tab, simply go there and add the user you are working as (note, hit start to figure out your current user name). If the tab is not there, go into Network sharing and Security, and click on the "Share this folder on the network" link, yes to the scary security message. You really don't even have to share it, just enable the sharing, and ok it. Now we are ready for next step. - Go into the "System Volume Information" folder. In there, you should see at least one, or more folders labeled _restore{ GUID(aka a bunch of numbers) } - Go to View, and select Details - Now go into any folder that was not created the day you are doing this. You will now see a set of folders within, all created at different dates, these are your restore points, I would say, go through and find a folder created at least a couple of days prior, in my case, i went back a 1/2 a month. - In the folder there will be one folder named Snapshot, and a bunch of files, go into the Snapshot folder - Now select (hold down Control (Ctrl) and click) and copy (right click on one of the selected files and say Copy) the following files: _registry_user_.default_registry_machine_security_registry_machine_software_registry_machine_system_registry_machine_sam - Navigate to C:windowstmp, then right click on an empty space and hit paste to paste the files - I would go back and disable sharing of the Sytem Volume Information folder at this point, if you had to enable it. - Now another boot into the Recovery Console, follow the same steps as the first time, when prompted for the admin password, just press enter, because remember, its not set.... yet - Now we copy the recovery files back to windows:First delete the files we currently have:delete c:windowssystem32configsystem delete c:windowssystem32configsam delete c:windowssystem32configsoftware delete c:windowssystem32configsecurity delete c:windowssystem32configdefaultNow lets copy the new, restored ones overcopy c:windowstmp_registry_machine_system c:windowssystem32configsystem copy c:windowstmp_registry_machine_software c:windowssystem32configsoftware copy c:windowstmp_registry_machine_sam c:windowssystem32configsam copy c:windowstmp_registry_machine_security c:windowssystem32configsecurity copy c:windowstmp_registry_user_.default c:windowssystem32configdefault- "exit", and you should now boot into the system state at the restore point that you chose. If you'd like to go back further in time, you can now use System Restore to its full galore, it will be now filled with all kinds of restore points. Note: Start > All Programs > Accessories > System Tools > System Restore If you are satisfied with the restore date, then you are all set. Another day saved by the command lines... and you thought it was totally useless ;) Enjoy Quote
Pyrotex Posted November 17, 2008 Report Posted November 17, 2008 Rather awesome, if I say so myself. Outstanding!Pyro Quote
alexander Posted November 18, 2008 Author Report Posted November 18, 2008 Thanks. I am writing up a UBCD4Win version of this article as i type this... Quote
freeztar Posted November 18, 2008 Report Posted November 18, 2008 Great tutorial Alex! I prefer Acronis personally, but this could be useful later on for clients. Thanks! I love command prompts btw! Quote
alexander Posted November 18, 2008 Author Report Posted November 18, 2008 Backing up is good, but when you are talking about a one off workstation, on a network with 300 users and 2 IT people... Acronis, ntbackup, BrightStor, what have you, only has time to be set up on your servers. I will back up the system when i iron out a couple of minor issues that have come up after restoring to the old registry, ntbackup works fine for that on most machines (and you dont have to buy a new cal from Acronis or CA :doh: ) Also i posted a UBCD4Win version here: http://hypography.com/forums/tutorials/17193-xp-recovery-instructions-for-ubcd4win.html its a much faster way.... though i am yet to actually test it out :phones: Quote
freeztar Posted March 1, 2009 Report Posted March 1, 2009 What do you think about Clonezilla? I just burnt a live cd and hope to use it soon once I have everything sufficiently tweaked on this new setup. It has a version for server distribution, which I will never probably use, but you may find useful. On their page, they claim to have installed 40 windows machines in 10 minutes! (not sure if there is an upper limit on this) Quote
alexander Posted March 3, 2009 Author Report Posted March 3, 2009 never tried it actually, but i will see what it can do... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.