XP won't boot? - Performing a manual restore of the Windows XP registry
Source: XP won't boot? Try manual registry restore (Sorry for copyrights - I must keep this in case your page will not be available. Thanks.)
Is your safe mode boot frozen at mup.sys?
The last driver that loaded may be mup.sys. To solve that issue on a number of systems, I performed this manual
restore procedure for the windows XP registry. On a few occasions I have also seen this related to a USB device. To
find out about other possible causes of the windows XP boot hang at mup.sys see the following link.
How to recover from the dreaded mup.sys hang.
- Boot your system from the XP installation CD. If you don't get the choice when you restart with the CD
in the drive you may want to check the boot order in your BIOS
- It will take some time to load but you should eventually see the XP Setup screen. Press R to enter the
Recovery Console
- Select your windows installation. Enter 1 or if you have multiple installations select the 1st or default
instance of XP which should be the broken one
- Supply the administrators password or if you do not know it, just try no password (Enter) which may be the default.
- Forgot the administrators password? There are bootable linux based utilities that can help but be very careful!
One you might try is the NT Password and Registry editor. Please see their site for downloading and support.
Also, it might be possible to use a win2K bootable install cd on an XP system and not require a password because
of differences in the Windows 2000 and XP SAM. May be worth exploring as a last resort. Your mileage may vary.
If you don't have your Windows recovery or install disk available there are other methods with their own set
of procedures but the theory is the same. The specific procedures on how to use them is beyond the scope
of this article which is long enough already! I can however point you to some useful recovery utilities.
Using these windows recovery utilities you can still perform the below tasks to recover your registry after you
take into consideration the procedural differences and sucessfully bring your Windows XP system back to life.
To copy and rename Windows XP registry files you could try the NTFS for DOS utility from a bootable floppy or CD.
This utility also has a version of chkdsk to help aid in fixing corruption on the NTFS hard disk
A utility CD can be had that has both the NTFS for DOS and the linux based NT Password and Registry
editor mentioned above as well as much more. Consider checking out the Ultimate Boot CD for Windows.
Please see the individual sites for downloading and support information.
- Run chkdsk \p (The \p option forces testing on a non-dirty flagged drive. If it finds errors it should try to
fix them). Re run chkdsk and make sure it comes up clean.
So now you think all is OK since chkdsk "FIXED" the errors and that your good to go, right? Not so fast. It
should have corrected the filesystem's integrity but even with that fixed, corrupted files may still exist
- Exit the recovery console by typing exit at the command prompt and hit enter
- Your system should restart automatically. If not hit reset or cycle power
- If your system restarts ok now fantastic. The issue was not that serious and chkdsk fixed it! Congratulations!
- If unfortunately your system does not come up, you should the follow the restoring XP registry" sections below
If your system won't boot successfully, you may have a corrupted registry. The following is the first step in
the restoring your windows xp registry procedure that will enable you to boot your system with generic registry
information.
Note: The following assumes you are using the NTFS filesystem and that your windows directory is C:\WINDOWS.
If your are using the FAT32 filesystem, some instructions may not apply or be slightly different. I'll try and note
where the differences exist.
If your windows directory is different than C:\WINDOWS then substitute the correct value in the following instructions.
Also! It is important you type all instructions exactly as shown!
Commands you need to type in will be displayed in lower case, a larger font, and a different color.
FYI, Windows doesn't really care about case but I will use this convention for clarity.
I will prefix commands with the command prompt that includes the current working directory.
The Command Prompts will be in upper case as this is how they are displayed.
Yours should look the same and we can use this verify you are in the correct directory.
Be sure to pay attention to this as working with the command line is not at all forgiving!
If for some reason your command prompt doesn't reflect the current working directory, you can try executing this
command at the prompt.
set prompt $p$g
As a FYI, There are ways to automate some of this process and/or read the commands from a text file using the
recovery console. I'll leave those options to your imagination or possibly a future article.
Let's get started!
- Boot your system from the XP CD. At the XP Setup screen press R to enter the Recovery Console.
- Select the installation you want to work with (Usually 1)
- Log on the the desired installation with the administratiors password.
If you don't know the password you can try just hitting Enter.
You should now be at a C:\WINDOWS> prompt.
First we will make a new directory to use for backup and as a scratch area.
At the C:\WINDOWS> prompt enter:
- C:\WINDOWS>md mytmp
- Use the dir(ectory) command to verify the directory was created (Optional)
C:\WINDOWS>dir m*
Now we'll back up your current configuration(registry). We should not need those files anymore but it's good
just to be safe and it's free CYA.
Change your current working directory from C:\WINDOWS to C:\WINDOWS\SYSTEM32\CONFIG.
- C:\WINDOWS>cd system32\config
Your command prompt should now be: C:\WINDOWS\SYSTEM32\CONFIG>.
Now we will copy the folowing 5 regestry files.
- C:\WINDOWS\SYSTEM32\CONFIG>copy system c:\windows\mytmp\system.bak
- C:\WINDOWS\SYSTEM32\CONFIG>copy software c:\windows\mytmp\software.bak
- C:\WINDOWS\SYSTEM32\CONFIG>copy security c:\windows\mytmp\security.bak
- C:\WINDOWS\SYSTEM32\CONFIG>copy sam c:\windows\mytmp\sam.bak
- C:\WINDOWS\SYSTEM32\CONFIG>copy default c:\windows\mytmp\default.bak
Now these files are backed up to \MYTMP. Execute the following dir command to check.
- C:\WINDOWS\SYSTEM32\CONFIG>dir c:\windows\mytmp
You should see the five files listed:
default.bak
sam.bak
security.bak
software.bak
system.bak
It wouldn't be a bad idea to compare the file sizes with the originals, that's your choice.
To show the file sizes of the originals just execute the dir command.
- C:\WINDOWS\SYSTEM32\CONFIG>dir
Now we will replace the registry with the base files created\saved during the initial windows XP installation.
This will enable us to boot the system normally and access the system restore files.
BTW, I know there are some Windows gurus out there that can restore the registry from your last checkpoint
using the recovery console without booting Windows XP itself but that is an even more tedious procedure and we
want to make this as painless as possible.
Besides, If you already know how to do that you are probably not reading this article anyway.
Enough digression. Back to business.
Your current directory should still be C:\WINDOWS\SYSTEM32\CONFIG. If not make it so!
Copy these five files.
Make sure you are in the C:\WINDOWS\SYSTEM32\CONFIG Directory and check your spelling!
Please, DO Not overwrite any files or folders in the C:\WINDOWS\REPAIR Directory!
Also note the single space between the filenames at the end of the following commands.
When you get the warning about overwriting the destination file, Press Y to allow it.
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\system system
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\software software
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\security security
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\sam sam
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\default default
Now we should have good (albeit somewhat generic) registry files back in place.
- Exit the recovery console and restart, Before it boots enter your BIOS setup
- Change the date to the previous month. Make note of this date so we can reference it further along in the
process. It will make things easier. I'll explain later
- Save and exit BIOS setup
Don't boot the Windows CD. Do a normal non-safe mode boot from the hard drive.
Depending on your system you may need to take out the CD from your optical drive.
If you followed along precisely, Your previous registry was corrupted, The repair files from you previous windows XP
install were in good shape, and of course, there is no other show stoppers here, you should be greeted by something
you havn't seen in a while!
A Windows XP Welcome screen!
You will notice your user ID(s) are not one of the selections. This is because of the generic registry that is loaded.
Note: System Restore is turned on by default. The following procedure assumes you have NOT turned off System
Restore.
- Logon to your system as someone with administrator privliges (administrator is fine)
Next we need to change some options so we can access hidden and system files created by System Restore.
- Open up windows explorer (Right click start and select explorer)
- Click tools, click Folder Options... and under the view tab uncheck the "Hide OS Files" checkbox and
Select/Check the box for "Show hidden files and folders".
Also, If you have XP Pro, scroll down to the bottom and uncheck "Use Simple File Sharing"
Click apply and OK
We'll change these all back later when we're done.
- In explorer go to the root of the system drive (C: most likely) and open the System Volume Information folder
Help! I get a security error whenI try to open the System Volume Information folder
- Right click on the System Volume Information folder and select sharing and security...
- If you are running XP Pro, skip ahead to the "If you are running XP Pro..."
- If you are running XP Home go under the sharing tab and select both checkboxes in the Network
Sharing and Security section and click apply. If you get a warning about filenames over 12 characters
in regard to windows 98/ME, Click Yes, and Click Apply
Skip the next section on XP Pro and continue from the "Now open the System Volume Information folder"
step further down the page.
If you are running XP Pro follow closely.
- Click on the Security tab.
- If you don't see the Securiy tab go back to tools, Folder Options and make sure you unchecked Use
Simple File Sharing in the previous step.
- Click add and click the advanced button. In the select users and groups box click "Find Now" and
select your user name/RDN from the list at the bottom
Be sure you select a user and not a group. For example, if your user id is administrator, Make sure you select
the administrator user (Icon with one head). Do not select the administrators group (Has an icon with two heads).
- Now open the System Volume Information folder
- For those continuing from the previous section - This is where the changed date in the BIOS comes into play. When we booted Windows with the generic registry it created a folder here which would normally be the newest folder. What it did was create a folder with the older date you specified. Since we don't want the restore data from that folder, it is now easy to identify the folder we want to use.
- Open the newest folder named _restore{some hex digits called GUID's}
You should now see a number of folders named RP##. These are Restore Points.
- Open the latest Restore Point folder (It may be a different color than the rest)
- Open the folder called snapshot
- Multi-Select the following "_REGISTRY_MACHINE_" files:
_REGISTRY_MACHINE_SAM
_REGISTRY_MACHINE_SECURITY
_REGISTRY_MACHINE_SOFTWARE
_REGISTRY_MACHINE_SYSTEM
_REGISTRY_USER_.DEFAULT (Note the dot prefix)
- Right click on the highlighted files and select copy
- Drop\Paste these into the C:\WINDOWS\MYTMP folder we created earlier
- Rename these files by deleting off the _REGISTRY_MACHINE_ portion
For example: _REGISTRY_MACHINE_SAM becomes just SAM
Also, don't forget to remove the dot in the name for the default file!
- Exit explorer and restart with the XP CD in your optical drive
- Before you boot the XP CD enter the BIOS Setup and correct the date/time!
- Save and exit the BIOS, Restart, When promped to boot from CD, Do it!
We are going back to the recovery console so we can copy in the extracted registry files to the current active
configuration. This needs to be done when windows is not running otherwise they are locked and therefore
can't be replaced.
- At the XP Setup screen, Press R at the XP setup screen to enter the recovery console
- Select the installation you want to work with (Usually 1)
- Log on the the desired installation with the administratiors password
Now back at the C:\WINDOWS prompt:
Change your current working directory from C:\WINDOWS to C:\WINDOWS\SYSTEM32\CONFIG
- C:\WINDOWS>cd system32\config
Your command prompt should now be: C:\WINDOWS\SYSTEM32\CONFIG>
Make Sure!
Enter each command below and Type Y when prompted to overwrite. Also note the single space between
the filenames at the end of the command lines!
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\software software
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\system system
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\security security
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\sam sam
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\default default
This Is IT! The moment we have been waiting for!
- C:\WINDOWS>Exit the recovery console and Restart!
You can remove the XP CD from your optical drive and put it away for safe keeping.
Note that during this particular startup Windows needs to rebuild itself and it will take some time so be patient.
It is best to wait until most of the major HD activity is finished before you logon. I've seen a non-responsive
keyboard issue occur when trying to enter your password. If that happens to you, just give it a minute and try again.
Now you should be back at your original configuration with all the applications, settings and updates that were in
effect at the time reflected by the selected Restore Point.
Congratulations! Great Job!
If this somehow is not the configuration you want you can always go back to System Restore in the normal
fashion and load a different restore point.
You can get there by START>ACCESSORIES>SYSTEM TOOLS>SYSTEM RESTORE and selecting another
restore point using the wizard.
Now, If you have not done so already there are a few items you need to address once you feel all is stable and
have restarted a few times.
Logon to your system as a user with administration privleges
To enhance security: Bring up Explorer (Right Click START), Click on tools, Click Folder Options,
Click the View tab
1. Under hidden files and folders, Set the "Do not show hidden files and folders" radio button
2. Make sure there is a check in the "Hide protected operating system files" item
3. (XP Home) While you are still in explorer navigate to the C:\System Volume Information folder, Right click,
select Sharing and Security..., In the Sharing, Network and Security section deselect the two checkboxes,
Click Apply and OK.
or
3. (XP Pro) Navigate to the C:\System Volume Information folder, Right click, select Sharing and Security...,
Open the Security tab, Highlight (ONLY) the user (One headed Icon) that was added previously and click
the remove button. Please Do Not remove the SYSTEM or Everyone Groups!
When you are sure click Apply and OK
4. (XP Pro) Click on tools, Click Folder Options, Click the View tab, Scroll to the bottom and make sure
there is a check in the "Use simple file sharing" item
|
