I'm in a computer tech class where everyone is working towards CompTIA A+ certification. After discussing troubleshooting problems in Windows, we were turned loose and given the opportunity to break (and ideally fix) one of the designated computers just to see what happens and whether we could find a way to recover or if we have to eventually install a new copy of Windows 7 on top of the old one.
By the way, we are fully encouraged to seek help online and from any resource for everything other than exams, so I'm not cheating here. I'm learning! :)
So my team when into regedit (GUI) and exported the entire registry as a .reg file and saved it on a USB drive. I then deleted an entire hive: HKEY_LOCAL_MACHINE. Not surprisingly, the system froze, so we restarted it manually.
Again, it's Windows 7. We have a clean copy of Windows 7 on a bootable USB, so we are able to access WinRE.
No luck from: Last Known Good Configuration; Startup Repair; there was no Restore Point available; CCleaner portable (it said it repaired 73 things, but the next bootup sent us back to Startup Repair, to no avail).
We have the .reg file (we did not backup any registry files in the config folder), and we are able to use the command prompt in WinRE. Is there a way to use the recovery command prompt to import the .reg file back into regedit?
Or any other method or third-party utility that might recover/rebuild/import the registry?
I feel like we've spent a lot of time looking for solutions, but not much time actually attempting solutions because we don't know what to try next.
Any suggestions or insight (even just tips or explanations on why our approach so far is flawed) is greatly appreciated.
Full disclosure: I don't have access to the machine on the weekend, so I won't have a chance to try any suggestion until class resumes. I will report back in order to help (or amuse) others based on my experience.
If I were doing things to the registry in real life, I would create a full backup, create a restore point, backup the registry files in the config folder as well as export the .reg file. For this exercise, we were intentionally being the unwitting user, so we didn't concern ourselves with finding a safe way to go about it; we wanted to see what would happen if we only made a .reg file. Ta-da! The answer so far is: nothing good.
Thanks all!
UPDATE 1: I thought I deleted the full HKLM, but a teammate recalled we weren't able to do so and instead deleted just the System subkey within HKLM. This bears out, now that we are able to access the regedit on the hard drive. Still, the same issue remains.
Is there a way to extract just part of a .reg file? Maybe if we could get just the HKLM System subkey, we could import that since it wouldn't be trying to overwrite the rest of the registry.
Or is there a third-party tool that can merge a .reg file into the registry? I've been looking, but only find tools to create .reg files and then use the regedit to import, which we've tried but can't accomplish.
UPDATE 2: Today, we attempted the following, to no avail:
-Used a working Windows 7 computer to open the regedit and exported a hive file for the System subkey and saved it on a USB drive.
-Used the recovery command prompt on the broken PC to open a temporary regedit (not the real one for the hard drive), and used Import just to navigate in File Explorer. We copied the hive file (use the name SYSTEMhome just so it would be unique) from a USB drive to the hard drive's Windows/System32/config folder.
-Returned to the temporary regedit, selected HKLM, and loaded SYSTEMhome as a hive.
-Exported the temporary regedit's SYSTEM hive and saved it to the hard drive's Windows/System32/config folder.
-Returned to the temporary regedit, selected the SYSTEMhome hive inside the HKLM key, and Imported the SYSTEM hive from the config folder. This produced a warning that it would overwrite the SYSTEMhome subkey, and we said OK. This resulted in a kind of merger of the information within the temp regedit's SYSTEM subkey with the SYSTEMhome subkey we added, without affecting the SYSTEM subkey still listed in the regedit.
-Unloaded the SYSTEMhome subkey so that the merged hive file saved to the hard drive's config folder, and the temporary regedit was left as we found it.
-Used the Import function to access File Explorer in order to delete the original SYSTEM hive file we exported from the temporary regedit.
-Renamed the newly “merged” SYSTEMhome hive file to SYSTEM, so that Windows would recognize it as a registry file.
-Restarted the computer, hoping the system would see the SYSTEM hive file and be able to boot.
No luck. Any more ideas out there?
Can you load a .reg file into a hive (at the same level as SYSTEM, SOFTWARE, etc.) so that it stands on its own instead of merging into an existing hive (or is there some way to create an empty hive that doesn't involve scripting in Power Shell, so that we could import the .reg file into that)? The native partitioning on the broken PC is different than that of the good Windows 7 PC on which we created the SYSTEM hive file, so we’re wondering if that partition numbering is interfering in the boot efforts. We can edit it as .reg, but then don’t have a way to convert it back to .reg.
regedit(GUI) program from your secondary boot? There are a couple of “Hive” commands in the “File” menu; I suspect that they’ll be useful.