Tip

Running System Restore from the Recovery Console (well, sort of)

One of the most commonly requested features in Windows is the ability to boot to the Recovery Console and perform a System Restore operation. There are times when it's simply not possible to boot Windows in safe mode to run System Restore, and the Recovery Console has no built-in way of running System Restore.

That being said, if you need to run System Restore to revert the system to an earlier version of the SYSTEM or SOFTWARE Registry hive, because of a corrupted Registry, it is possible to do this manually. This method is far from perfect and doesn't take into account any of the other changes that System Restore might track (such as changed .DLLs or other system components), but it will allow you to recover copies of the Registry in the event of a failure—provided they've been saved with System Restore and are available.

Here is the 12-step process:

1. Boot the Recovery Console from the Windows XP installation CD.

2. When you're at the Recovery Console command prompt, change into the root directory of the system drive with the cd command (i.e., cd \).

3. Change into the System Volume Information directory by typing cd system~1 on most machines, or cd "System Volume Information."

(The filenames with ~1 are generated by default to provide backwards compatibility with programs that only recognize 8.3-format filenames. It's possible to disable 8.3 filename generation on NTFS volumes to gain some speed, but the speed gained by doing this is generally pretty small and it can have the unintended consequence of making it impossible to use 8.3 filenames in contexts like this. If you can't use 8.3 filenames to navigate, 8.3 name generation might be disabled. See Microsoft's support  document called How to Disable the 8.3 Name Creation on NTFS Partitions.

4. The System Volume Information directory contains a folder name _restore followed by a GUID in curly braces. Change into it by typing cd _resto~1; if that doesn't work you'll have to type cd "_restore{GUID_STRING}", with the full GUID string in place of GUID_STRING.

5. In the _restore directory are a group of subdirectories starting with the letters RP and followed by a number. These are the different restore points available for that volume.

6. Check the date on each directory and look for one that corresponds to a date before you began experiencing problems.

7. Change into the appropriate directory. If the directory is named RP74, for instance, change into it by typing RP74.

8. Inside that directory will be a subdirectory named snapshot; change into that directory as well (cd snapshot)

9. The snapshot directory holds backup copies of the SOFTWARE and SYSTEM Registry hives, named _REGISTRY_MACHINE_SOFTWARE and _REGISTRY_MACHINE_SYSTEM, respectively.

10. The target directory for these files is \Windows\System32\Config, and the hives there are named SOFTWARE and SYSTEM. Rather than overwrite those files entirely, you can rename them to something else. Typing ren \windows\system32\config\software \windows\system32\config\software.bak and ren \windows\system32\config\system \windows\system32\config\system.bak will rename them to software.bak and system.bak, respectively.

11. Copy in the backup hives: copy _REGISTRY_MACHINE_SOFTWARE \windows\system32\config\software and copy _REGISTRY_MACHINE_SYSTEM \windows\system32\config\system.

12. Type exit to leave the Recovery Console and restart the computer.

If you have an alternate operating system, such as a Linux live-recovery CD or another installation of Windows, that has access to the NTFS file system, you can perform the file copying from there as well, without having to struggle as much with the command line.

 


Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!


More information from SearchWinSystems.com


This was first published in February 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.