Recovering the Windows Registry
Some advice in case you find yourself with the great good fortune of a corrupted Windows registry, indicated by the following message on startup:
Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM
There is an official Microsoft solution, but, as usual, it's incomplete. In particular, note that the warning not to use this procedure if “your computer has an OEM-installed operating system” has no alternate suggestion. Don't worry, the advice below should work whether or not your operating system was installed by the “original equipment manufacturer”, also known as the company that made your computer (e.g., Dell, Compaq).
First, some terminology. The Windows registry stores configuration information for Windows and the rest of the software on your computer, along with user accounts and other important data. It is kept in these so-called “registry hives”:
- c:\windows\system32\config\system
- c:\windows\system32\config\software
- c:\windows\system32\config\sam
- c:\windows\system32\config\security
- c:\windows\system32\config\default
An initial backup copy of these files is found in c:\windows\repair, and regular snapshots are saved to C:\System Volume Information. To repair your computer, you must replace the current, corrupt registry “hives” with the initial backups, which restores enough functionality to enable recovery from a more recent snapshot.
But there's a catch or two. Following the previously mentioned official instructions unaltered will likely leave you worse off than you started. After booting from the Windows CD and launching the recovery console, restoring the registry from c:\windows\repair will overwrite all the user names and passwords on your computer. So that upon rebooting as directed in step two, you'll find yourself unable to login to your computer.
Here are two alternatives that may prevent this and allow you to successively repair your computer. The first is simpler, but I haven't tried it. Instead of all five of the files listed in step one of the Microsoft instructions, try copying only SYSTEM, or all the files except for SAM. This should leave your user names and passwords unchanged, allowing you to reboot, login to your computer, and follow the rest of the directions.
What I did instead was to copy all five registry files from c:\windows\repair and then use this utility for resetting Windows password. Burn it to CD and boot from that CD to reset the Administrator password between steps one and two of the Microsoft instructions. You'll then be able to log back into your system and access a more recent snapshot of your registry.
If, as in my case, the only working computer you can access is a Mac, you need to burn the password utility ISO CD image using the Disk Utility, not the finder. Otherwise, the other computer won't boot from the resultant CD. Disk Utility is in Applications:Utilities and you'll have to open the ISO image from the Open item in the Images menu.
This complicated process leaves me wondering why Microsoft doesn't allow access to your recent registry snapshots from the recovery console. Imagine how (relatively) easy it would be if the Windows CD offered a graphical utility to allow you to pick a registry snapshot by date, copy over the current one, and reboot. My mom might be able to do it. Is there some obtuse reason for believing that access to old copies of the registry is more of a security risk than access to the current registry? Or is this just an oversight? In any case, I hope that you and I won't have to restore another Windows registry anytime soon.