-- MikeGore - 19 May 2009
Example the \Windows\system32\config\system registry error that is so common
Windows XP Registry Repair
Linux can be used to restore Windows registry files that are corruptedExample the \Windows\system32\config\system registry error that is so common
- Resource: reg: Linux script to restore registry files from System Restore Points
- We are using Ubuntu 8.04 or newer
- - Boot Linux and mount your Windows partition
- - Use fdisk to list the partitions
- fdisk /dev/sda
- p - list partitions
- q - quit
- - mount /dev/sda2 /mnt - example mount of Windows Partition 1 - In this example we will restore our Registry files from the follow path - the HEX string in the _restore{...} path is unique for every system
- /mnt/System Volume Information/_restore{1ABB8FC8-42ED-441F-B524-972F0B78A79F}/RP39/snapshot
- - copy the reg file listed above to your Linux machine
- scp -p cscf-adm@asimov:/images/exports/linux/windows/reg .
- - or -
- wget http://asimov:8080/exports/linux/windows/reg
- mount /dev/sda2 /mnt
- cd /mnt
- cd System\ Volume\ Information/
- ls -l
total 40
-rwxrwxrwx 2 root root 0 2008-06-09 05:43 MountPointManagerRemoteDatabase
-rwxrwxrwx 1 root root 20480 2008-06-09 10:33 tracking.log
drwxrwxrwx 1 root root 8192 2009-05-19 09:23 _restore{1ABB8FC8-42ED-441F-B524-972F0B78A79F}
- cd _restore\{1ABB8FC8-42ED-441F-B524-972F0B78A79F\}
- ls -lart
total 529 drwxrwxrwx 1 root root 4096 2009-05-01 10:29 .. drwxrwxrwx 1 root root 8192 2009-05-01 10:52 RP1 drwxrwxrwx 1 root root 28672 2009-05-01 11:09 RP2 <SNIP>... drwxrwxrwx 1 root root 4096 2009-05-01 11:10 RP35 drwxrwxrwx 1 root root 278528 2009-05-04 14:55 RP36 drwxrwxrwx 1 root root 4096 2009-05-04 19:41 RP37 drwxrwxrwx 1 root root 12288 2009-05-05 12:42 RP38 drwxrwxrwx 1 root root 32768 2009-05-06 12:47 RP39 drwxrwxrwx 1 root root 4096 2009-05-07 13:47 RP40 drwxrwxrwx 1 root root 4096 2009-05-08 01:22 RP41 drwxrwxrwx 1 root root 4096 2009-05-09 01:45 RP42 drwxrwxrwx 1 root root 4096 2009-05-10 01:47 RP43 drwxrwxrwx 1 root root 4096 2009-05-11 02:47 RP44 drwxrwxrwx 1 root root 4096 2009-05-12 00:48 RP45 drwxrwxrwx 1 root root 8192 2009-05-13 01:47 RP46 <SNIP>...Note: we pick a time before the last software update - or a time known to have worked
- cd RP39
- cd snapshot
- ls -l
total 17174 -rwxrwxrwx 1 root root 22988 2009-05-01 10:27 ComDb.Dat -rwxrwxrwx 1 root root 44 2009-05-05 12:42 domain.txt -rwxrwxrwx 1 root root 539 2009-05-19 09:19 reg -rwxrwxrwx 2 root root 28672 2009-05-05 12:42 _REGISTRY_MACHINE_SAM -rwxrwxrwx 2 root root 61440 2009-05-05 12:42 _REGISTRY_MACHINE_SECURITY -rwxrwxrwx 2 root root 23023616 2009-05-05 12:42 _REGISTRY_MACHINE_SOFTWARE -rwxrwxrwx 2 root root 9592832 2009-05-05 12:42 _REGISTRY_MACHINE_SYSTEM -rwxrwxrwx 2 root root 262144 2009-05-05 12:42 _REGISTRY_USER_.DEFAULT -rwxrwxrwx 2 root root 262144 2008-08-28 07:14 _REGISTRY_USER_NTUSER_S-1-5-18 -rwxrwxrwx 2 root root 237568 2009-05-05 12:42 _REGISTRY_USER_NTUSER_S-1-5-19 -rwxrwxrwx 2 root root 237568 2009-05-05 12:42 _REGISTRY_USER_NTUSER_S-1-5-20 -rwxrwxrwx 2 root root 1114112 2009-05-05 12:42 _REGISTRY_USER_NTUSER_S-1-5-21-3240149900-406491170-3688870583-1003 -rwxrwxrwx 2 root root 1048576 2009-05-01 10:28 _REGISTRY_USER_NTUSER_S-1-5-21-3240149900-406491170-3688870583-1004 -rwxrwxrwx 2 root root 1835008 2009-05-04 15:48 _REGISTRY_USER_NTUSER_S-1-5-21-3240149900-406491170-3688870583-500 -rwxrwxrwx 2 root root 1048576 2009-05-04 19:41 _REGISTRY_USER_NTUSER_S-1-5-21-860606365-2559132667-2327032736-5340 -rwxrwxrwx 2 root root 8192 2009-05-05 12:42 _REGISTRY_USER_USRCLASS_S-1-5-19 -rwxrwxrwx 2 root root 8192 2009-05-05 12:42 _REGISTRY_USER_USRCLASS_S-1-5-20 -rwxrwxrwx 2 root root 147456 2009-05-05 12:42 _REGISTRY_USER_USRCLASS_S-1-5-21-3240149900-406491170-3688870583-1003 -rwxrwxrwx 2 root root 262144 2009-05-01 10:25 _REGISTRY_USER_USRCLASS_S-1-5-21-3240149900-406491170-3688870583-1004 -rwxrwxrwx 2 root root 262144 2009-05-01 10:25 _REGISTRY_USER_USRCLASS_S-1-5-21-3240149900-406491170-3688870583-500 -rwxrwxrwx 2 root root 262144 2009-05-04 19:29 _REGISTRY_USER_USRCLASS_S-1-5-21-860606365-2559132667-2327032736-5340 drwxrwxrwx 1 root root 0 2009-05-05 12:42 Repository
- run the reg sript - bash reg
- - this will backup the registry files in \Windows\system32\config \Windows\system32\config\old
- The files get mapped as follows:
REGISTRY=../../../../WINDOWS/system32/config cp _REGISTRY_MACHINE_SAM $REGISTRY/SAM cp _REGISTRY_MACHINE_SECURITY $REGISTRY/SECURITY cp _REGISTRY_MACHINE_SOFTWARE $REGISTRY/software cp _REGISTRY_MACHINE_SYSTEM $REGISTRY/system cp _REGISTRY_USER_.DEFAULT $REGISTRY/default
Edit | Attach |
Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.
- CF Web
- CF Web Home
- Changes
- Index
- Search
- Administration
- Communication
- Hardware
- HelpDeskGuide
- Infrastructure
- InternalProjects
- Linux
- MachineNotes
- Macintosh
- Management
- Networking
- Printing
- Research
- Security
- Software
- Solaris
- StaffStuff
- TaskGroups
- TermGoals
- Teaching
- UserSupport
- Vendors
- Windows
- XHier
- Other Webs
- My links
 |
|
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback