Hive File Restoration – Step By Step Part 2

Hive File Restoration – Step By Step

So did you complete Step 1?  That wasn’t so bad, now was it? You’ve officially backed up your current HIVE files. Now we need to replace the Hive file your system uses with the originals from when your computers OS was first installed.

Type:

cd ..

cd system32

cd config

delete c:windowssystem32configsam

delete c:windowssystem32configsecurity

delete c:windowssystem32configsoftware

delete c:windowssystem32configsystem

delete c:windowssystem32configdefault

copy c:windowsrepairsam

copy c:windowsrepairsecurity

copy c:windowsrepairsoftware

copy c:windowsrepairsystem

copy c:windowsrepairdefault

Once again not so bad, eh? Now you have deleted the corrupted HIVE files that Windows was booting from and copied the originals into their place.

Type exit and press enter. Your system should now reboot. This time, don’t press a key when it asks you if you want to boot from CD. I prefer to do things in safe mode (it also makes the security tab viewable in most XP Home most of the time) so start pressing F8 right after the ‘Boot from CD’ option goes away. Another menu should show up, select SAFE MODE, and press enter.

With any luck Windows will now boot. If you still get errors on bootup then your system is likely more corrupted than is worth fixing this way, and you may want to consider taking it to a repair joint to have your data backed up and your OS reinstalled.

Once Windows is booted then start Windows Explorer: Start->All Programs->Accessories->Windows Explorer. Once in click Tools->Folder Options. This opens a window called ‘Folder Options’ click the view tab. Click the radio button next to ‘Show hidden files and folders’ and un-check ‘Hide protected operating system files’. If you’re in XP Pro, scroll down and uncheck ‘Use simple file sharing’. Click Apply, then OK.

On the C: You should now be able to see a folder called System Volume Information. It’ll look half transparent. This is Windows Explorers way of letting you know that the folder is hidden. Right click on it and go to Properties. Select the Security tab and click Add. Type your username exactly as Windows has it into the objects box and click OK. You’re now going to want to select your name and check the Full Control box under ‘Allow’. Click Apply, then OK.

Now double-click the System Volume Information folder to open it. It shouldn’t give you an access denied error. Once in, you should see either one or a few folders named similar to this _restore{F34409E2-C606-4B88-888C-F7BB6CF35F32}. Double click on one that was created before your problem started. Inside of that there should be several folders named RP1, RP2, etc. If there is only a couple then try another _restore folder. Select an RP folder that is dated a few days before your crash occured. You want to find one that is close to your current date so it’s got all of your settings, but far enough away that it isn’t corrupted. I usually go back about a week or two from when the crash happened. (If you can’t see the dates click view->details) Inside of the RP folder you will see another one called snapshot. Go into it. Highlight the files

_REGISTRY_MACHINE_SAM
_REGISTRY_MACHINE_SECURITY
_REGISTRY_MACHINE_SOFTWARE
_REGISTRY_MACHINE_SYSTEM
_REGISTRY_USER_.DEFAULT

right click on them, and click copy. Go to the Windows directory, right click and press new->folder. Name the folder hive. Paste the files into the hive directory.

Time to venture back into the land of console. Reboot your system again and go into the recovery console like before. Like last time, once logged in, you should start out in C:Windows. Type:

del c:windowssystem32configsam

del c:windowssystem32configsecurity

del c:windowssystem32configsoftware

del c:windowssystem32configdefault

del c:windowssystem32configsystem

cd hive

copy _registry_machine_sam c:windowssystem32configsam

copy _registry_machine_security c:windowssystem32configsecurity

copy _registry_machine_software c:windowssystem32configsoftware

copy _registry_machine_system c:windowssystem32configsystem

copy _registry_user_.default c:windowssystem32configdefault

Finished! What you’ve done is deleted the HIVE you backed up earlier and replaced those files with ones that are more current, but pre-crash. Type exit and let your machine reboot. If you don’t like the point that you restored to click Start->All Programs->Accessories->System Tools->System Restore and choose a restore point that better suits you.