Sharing Knowledge | System Admin Articles

Restoring a Corrupted Registry using Linux Live CD



To run the following commands, you must either use a Boot CD that will give you read/write access to the Windows partition, or put your drive into a working system and run these commands on your Windows Partition from that system. Note that the Windows
Recovery Console will not work to run these commands because it will not allow read access to the "System Volume Information" folder.


First, backup the existing Registry - You can do this with the following commands using a GNU/Linux Boot CD: mkdir /windrive
ntfs-3g /dev/sda1 /windrive (this could be /dev/hda1 if using ide drives)
mkdir /windrive/regbackup
cp /windrive/WINDOWS/system32/config/system /windrive/regbackup
cp /windrive/WINDOWS/system32/config/software /windrive/regbackup
cp /windrive/WINDOWS/system32/config/sam /windrive/regbackup
cp /windrive/WINDOWS/system32/config/security /windrive/regbackup
cp /windrive/WINDOWS/system32/config/default /windrive/regbackup
cd
umount /windrive


Now, copy a System Restore Point Registry to the config directory - To do this, you have to figure out which System Restore Point is somewhat recent, you can do this using a Linux CD by issuing the "ls -l" command to find out the dates of the folders. The System Restore Points are located in the "System Volume Information" directory. Here is an example (remember that GNU/Linux has Tab Completion): mkdir /windrive
ntfs-3g /dev/sda1 /windrive (this could be /dev/hda1 if using ide drives)
cd /windrive/System\ Volume\ Information
ls -l
cd _restore{2E926FD9-.......} (Select the recently created file like one or two days back)
cd RP1/snapshot
cp _REGISTRY_MACHINE_SYSTEM /windrive/WINDOWS/system32/config/system
cp _REGISTRY_MACHINE_SOFTWARE /windrive/WINDOWS/system32/config/software
cp _REGISTRY_MACHINE_SAM /windrive/WINDOWS/system32/config/sam
cp _REGISTRY_MACHINE_SECURITY /windrive/WINDOWS/system32/config/security
cp _REGISTRY_MACHINE_.DEFAULT /windrive/WINDOWS/system32/config/default
cd /
umount /windrive
Now, when you restart the computer, you will be using the restored Registry.


Labels: Linux, Windows

About the Author
My Profile Photo

I'm Shankar, A Windows System Admin. I'm Experienced in Windows Server Technologies and Citrix Administration. I'm blogging since 2009 and I'm currently working for a Organization as Senior System Engineer.
Follow Me On Twitter or On Facebook

0 Comments for "Restoring a Corrupted Registry using Linux Live CD"

What do you think about this Article? Add your Opinion..!

Back To Top