Jump to content
Science Forums

XP Recovery, The Long Way


alexander

Recommended Posts

Note: This is only a way to restore your registry and settings, it is however extremely helpful many, many times.

Preface:

 

I was working on a user's machine one day, the machine, or i should say the installer (Office 2007) was failing to recognize the local language settings. After 2 hours on the phone with a Microsoft "expert", who was as puzzled by this as i was, i decided to run an upgrade on the system. Problem being that after i started the upgrade, the system would fail to recognize something, and would constantly give me a "The signature for Windows XP Professional upgrade is invalid. Error code fffffbda" and once again, as i always seem to get, i get the one error that even MS debuggers haven't seen (because at this point my case had a debugger assigned to it)... Anyhow, to get the system to not upgrade anymore there was one thing to do, restore. But how do you restore when you can't boot into windows without going through setup? hmmm, here's where this tutorial will hopefully come in handy to some of you!!!

 

Sources:

 

Why sources here? I think the guy who wrote that other article up, deserves every bit of recognition!

 

DMN interstitial

 

 

Tutorial:

 

Tools:

So where do we start? Well, here is what we are going to need:

 

Windows Install CD or Ultimate Boot CD for Windows - i prefer the second, simply because i can use the so awfully broken auto complete "features" of windows shell, which sucks majorly, but is better then having to type what we are going to have to type, all out, by hand! Don't have a current install cd? Either build one, like i did in the other tutorial, or follow my suggestion, download and build a UBCD4WIN. There is a tutorial and a wiki there, its an utterly useful and handy product when you break your Windows install, or just have to work on someone else's broken Windows, like i do.

 

What do i do, oh guru of computer wizdom:

 

For the purpose of this tutorial, i will use the Windows XP setup cd way, though UBCD makes this a whole lot easier, as it provides you with access to the file system in a much cleaner way, i will use the harder way, and maybe someone else can write up a UBCD4Win tutorial extension... maybe it will be you ;)

 

- Ok, so lets boot up our machine, press F2, F9 or F12 to get into the boot menu, depending on your system and/or bios.

 

- Put in the Windows XP CD, choose to boot off that cd drive

 

- Wait for the computer to ask us if we would like to boot off the CD, again, press a key to boot off the cd, and finally we get the blue screen with windows setup starting.

 

- We are looking to get into the Recovery Console, so at the first prompt, you want to use "R" to get into the recovery console

 

- Wait for the 4 second timeout to use the US keyboard layout, the console will then search for previous installations of windows.

 

Note: If it does not find any, go to another computer, download the sata controller driver from the computer maker, for your model, throw that on a cd or a floppy, and when you boot into windows setup again, catch the F6, to load additional drivers, and load the drivers your manufacturer provided for the windows setup.

 

- Now lets choose 1, or whichever installation of windows you are trying to fix. Type in the administrator password (if you don't know it, there are password reset tools on UBCD, i suggest you use read their manual if you need to use them, resetting passwords is beyond this particular tutorial)

 

And we are finally at the command prompt of your windows install, this is the fun part now. All of those years of not using the terminal, will now save your butt :)

 

- First lets back up our settings, use these commands to do so:

 

Create a backup directory

md c:windowstmp

Copy your system configuration data to the directory

copy c:windowssystem32configsystem c:windowstmpsystem.bak

Now lets do the same for your software config, sam file (which holds your user and password information), security configuration, and the default file.

copy c:windowssystem32configsoftware c:windowstmpsoftware.bak
copy c:windowssystem32configsam c:windowstmpsam.bak
copy c:windowssystem32configsecurity c:windowstmpsecurity.bak
copy c:windowssystem32configdefault c:windowstmpdefault.bak

- Now that we have backups of all of the files we are about to brake, lets remove them.... a little

 

cd c:windowssystem32config
delete software
delete sam
delete security
delete default

Note: if you can not remove the files, rename them, so instead of above do:

cd c:windowssystem32config
rename system system.old
rename software software.old
rename sam sam.old
rename security security.old
rename default default.old

- Ok, now that we have those files removed, the system would be very unhappy with us if we did not replace them with something. Luckily MS has a set of defaults that we can use to our advantage, how, you will catch in a couple of steps, but for now, lets just focus on the procedure.

 

First lets see what the files are:

dir c:windowsrepair

look at the files, you may either have system or system.bak, just note this for the next line

copy c:windowsrepairsystem.bak c:windowssystem32configsystem

adjust that line accordingly if you that first directory listing listed system backup as system not system.bak

now the rest should not be .bak files, so this should be fairly universal:

copy c:windowsrepairsoftware c:windowssystem32configsoftware
copy c:windowsrepairsam c:windowssystem32configsam
copy c:windowsrepairsecurity c:windowssystem32configsecurity
copy c:windowsrepairdefault c:windowssystem32configdefault

- Now that we have all the new files back in place, its time to use the "exit" command, and boot into our back to defaults windows. BTW this means no drivers will be recognize either, so, dig out that ps/2 keyboard and mouse for the next section, plug them in, and boot

 

- The windows is in defaults mode, it does not know anything, and does not remember any of your users... for now... Don't panic, tis normal, and chances are, you will see some error messages, ok/ignore them, just stay with me here

 

- Right click on the Start button, and select explorer. Go to Tools > Folder Options

 

- Go to View, in the selections, select "Show hidden files and folders", uncheck "Hide extensions for known file types", and uncheck "Hide protected operating system files", click yes at the big scary message, click Apply, then OK

 

- Now then, right click on your C: drive (or whichever drive happens to be the system drive), go to properties. If your "File System:" reads Fat32, skip the next step

 

- We need to make System Volume Information readable, right click on the System Volume Information folder and go to Properties. If you have the Security tab, simply go there and add the user you are working as (note, hit start to figure out your current user name). If the tab is not there, go into Network sharing and Security, and click on the "Share this folder on the network" link, yes to the scary security message. You really don't even have to share it, just enable the sharing, and ok it. Now we are ready for next step.

 

- Go into the "System Volume Information" folder. In there, you should see at least one, or more folders labeled _restore{ GUID(aka a bunch of numbers) }

 

- Go to View, and select Details

 

- Now go into any folder that was not created the day you are doing this. You will now see a set of folders within, all created at different dates, these are your restore points, I would say, go through and find a folder created at least a couple of days prior, in my case, i went back a 1/2 a month.

 

- In the folder there will be one folder named Snapshot, and a bunch of files, go into the Snapshot folder

 

- Now select (hold down Control (Ctrl) and click) and copy (right click on one of the selected files and say Copy) the following files:

 

_registry_user_.default

_registry_machine_security

_registry_machine_software

_registry_machine_system

_registry_machine_sam

 

- Navigate to C:windowstmp, then right click on an empty space and hit paste to paste the files

 

- I would go back and disable sharing of the Sytem Volume Information folder at this point, if you had to enable it.

 

- Now another boot into the Recovery Console, follow the same steps as the first time, when prompted for the admin password, just press enter, because remember, its not set.... yet

 

- Now we copy the recovery files back to windows:

First delete the files we currently have:

delete c:windowssystem32configsystem
delete c:windowssystem32configsam
delete c:windowssystem32configsoftware
delete c:windowssystem32configsecurity
delete c:windowssystem32configdefault

Now lets copy the new, restored ones over

copy c:windowstmp_registry_machine_system c:windowssystem32configsystem
copy c:windowstmp_registry_machine_software c:windowssystem32configsoftware
copy c:windowstmp_registry_machine_sam c:windowssystem32configsam
copy c:windowstmp_registry_machine_security c:windowssystem32configsecurity
copy c:windowstmp_registry_user_.default c:windowssystem32configdefault

- "exit", and you should now boot into the system state at the restore point that you chose. If you'd like to go back further in time, you can now use System Restore to its full galore, it will be now filled with all kinds of restore points.

 

Note: Start > All Programs > Accessories > System Tools > System Restore

 

If you are satisfied with the restore date, then you are all set. Another day saved by the command lines... and you thought it was totally useless ;)

 

Enjoy

Link to comment
Share on other sites

Backing up is good, but when you are talking about a one off workstation, on a network with 300 users and 2 IT people... Acronis, ntbackup, BrightStor, what have you, only has time to be set up on your servers.

 

I will back up the system when i iron out a couple of minor issues that have come up after restoring to the old registry, ntbackup works fine for that on most machines (and you dont have to buy a new cal from Acronis or CA :doh: )

 

Also i posted a UBCD4Win version here: http://hypography.com/forums/tutorials/17193-xp-recovery-instructions-for-ubcd4win.html

 

its a much faster way.... though i am yet to actually test it out :phones:

Link to comment
Share on other sites

  • 3 months later...

What do you think about Clonezilla? I just burnt a live cd and hope to use it soon once I have everything sufficiently tweaked on this new setup. It has a version for server distribution, which I will never probably use, but you may find useful. On their page, they claim to have installed 40 windows machines in 10 minutes! (not sure if there is an upper limit on this)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...