1.11M Members

Location of Win7 Registry

 
0
 

I am quite computer literate, but I don't know what I don't know...

BACKGROUND:
Windows Explorer kept freezing over several days when trying to display a directory, save a file, and other tasks. Several hours of research followed. MalWareBytes (2x); SpyBot (3x); CCleaner (3+ attempts); "sfc /scannow" used multiple times in regular and Safe Mode. Nothing worked. Not even Last Known Good Config or System Restore (4+ attempts). I couldn't even load the sfc log because Explorer kept locking up. Next step was to repair Windows. I did a Custom install - to keep my old files.

CURRENT TASK:
I want to copy the old registry file and overwrite the new registry file with it. (No, I didn't realize I needed it until I was done with the install...) This will keep me from having to re-install all of my programs.

QUESTION:
Where will I find the file that I need? Or is there another way?

Thanks, in advance, for your time!

 
0
 

Type regedit in the search box and press enter. Click file then export and give it a name. You will then have a complete copy of your registry. If your new install is the only bootable one (i.e. you overwrote your original) then your old registry is unrecoverable.

 
0
 

When you click start, type "regedit" in the search textbox, and hit enter. That should direct you to your registry, and your search for the key can start right there ...

 
0
 

Thanks, guys.

I know regedit. I (unfortunately) didn't think about exporting my old one before I did the Custom Install.

Rik from RCE: I didn't overwrite my original. I presume it is in Windows.old with all of my other files. The Custom Install feature saves everything to that directory.

Webville312: The "key" I want is the registry file itself.

If I change the boot.ini to windows.old, it would put the "windows.old" path in the OS-specific keys. That would defeat the purpose of the new install.

There has to be a registry file somewhere...

< Steve >

 
0
 

But, dont you also think that the registry keys of the old installation were infected?? Coz you may restore them, and it takes you back to the times of freezing.

My advice would be for you to simply re-install the programs. It will only take an hour of your time, rather than yu risking your computer freezing again.

 
0
 

The 7 hive files are DEFAULT SAM SECURITY SOFTWARE SYSTEM COMPONENTS BCD-Template
To do the job, boot from your W7 inst disk. Choose the option to Repair your Computer.
Choose a recovery tool : Command Prompt
Then enter these commands...

cd Windows\System32\Config
md Temp
copy BCD-Template Temp
ren BCD-Template BCD-Template.bak
copy COMPONENTS Temp
ren COMPONENTS COMPONENTS.bak
copy DEFAULT Temp
ren DEFAULT DEFAULT.bak
copy SAM Temp
ren SAM SAM.bak
copy SECURITY Temp
ren SECURITY SECURITY.bak
copy SOFTWARE Temp
ren SOFTWARE SOFTWARE.bak
copy SYSTEM Temp
ren SYSTEM SYSTEM.bak

And then copy in the hives from your Windows.old directory so:
copy C:\Windows.old\System32\Config\Regback\BCD-Template C:\Windows\System32\Config\BCD-Template
and so on for the other 6 hives. Exit and restart.
If it doesn't fire up, then go back in with your disk and delete the newly copied files, then delete the .bak extensions to the old files.

 
0
 

I thank all of you for your time.

I booted to a Win7 dvd. Copied c:\windows.old\windows\system32\config\filename to c:\windows\system32\config. It didn't work. I accept all of the "I told you so"s.

Further contemplations on why it didn't work... Where do I find the actual version numbers of the OS installed? I can then find them in the windows.old directory (to ensure I installed the same version). I know - novice mistake... I have four active computers and the disks for three of them (expletive).

Instead of troubling you guys, is there a book that really references items in the registry to the extent I need?

But I do love this challenge! Thanks!

< Steve >

 
0
 

Versions. OS vsn is taken from explorer.exe. Then there is the kernal version, ntoskrnl.exe [in system32].....
cmd > ver will tell you the version family.
What exactly happened when you copied in the old hive files and restarted?

 
0
 

The machine will not boot. It comes up with a white on black "Windows Error Recovery" screen with two options: Launch Startup Repair and Start Windows normally. Neither option works. Booting from the install dvd, the version is 6.1.7601. I got that by selecting Launch startup repair->system recovery tools->command prompt->ver.

 
0
 

That sounds like a bomb. Right. Were you able to recover by reverting to the old hives?

 
0
 

Thanks for asking.

I did a Custom Install; overwrote the newly installed hives with the windows.old hives. That's where she sits. Do you happen to know what registry keys hold the different OS versions and the product key?

Though Webville said it would only take an hour to reload the programs, I am trying to avoid it. For some reason, it takes me HOURS to reload all of my programs.

And it's quite a learning process.

< S >

 
0
 

System hive holds all information relative to basic OS and hardware.
Software is all other system software and 3rd party.
Roughly speaking.
Very.
Product key for 7 is encoded, it's in System; you need a software to extract it. I use Magical Jelly Bean and/or Winkeyfinder.exe.
Something I did not think of until I was abed after posting last.... you likely need to delete all reference to previous disk, partition configurations. Windows knows disks and partitions via signatures or volume identifiers and they may have altered with the custom installation. These lists [which reference them to partition labels and names] are in a key in HKLM which can always be safely deleted; Windows just rebuilds it at next system start. It's HKLM\System\CurrentControlSet\MountedDevices. You delete the whole MountedDevices key [fast] or all the value names [slowwww]. To do it, you need to Load the hive into a working system, name it to something unmistakable, unlosable, like umm... RODENT, work on it, then Unload it. It's what I must do when I work with images [clones] of my system. Easy as.
So use the disk and cmd window again, copy from Temp those 7 files into Config [or rename all the .bak files in config], and try to start the sys as it was as a Custom job. Load, etc, unload the System hive..., and back to copying over the "new" Windows.old hives.
Mighta been easier if I'd used del instead of ren, so:
cd Windows\System32\Config
md Temp
copy BCD-Template Temp
del BCD-Template
copy COMPONENTS Temp
del COMPONENTS
...
Something else.... the Windows\Repair folder holds the custom hives as they were when you completed that installation. They can be used, also, but they blow your installation back to the stone age, of course. They know NOTHING. It is wise to update them occasionally to reflect what your system really is. You do that via a System State backup. No-one does. It's a wise thing.

 
0
 

Thanks, Gerbil.

Clarification:
1. Since I don't actually "have" the old system, how do I get JellyBean or others do provide the old Product code. But...that's software - independent of any functions - so it really shouldn't matter, right?
2. The most important part is the type of OS: Home, Pro, or Ultimate. I really think it was Professional. Do I need to determine that? And, if so, what keys?
3. If the OS rebuilds the HKLM, wht can't I delete the key on the new box and just reboot?
4. I'm lost at the "Load, etc..." sentence. Clarify, please?
5. Thanks for the suggestion on System State backup. Very good point. Is it an OS function?

Thanks, again.
< Steve >

 
0
 
  1. It has to be loaded to be read.
  2. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion is where the version is, at valuename ProductName.
  3. The OS rebuilds the MountedDevice key, NOT the whole HKLM!! It rebuilds MountedDevices by examining all connected storage device volume identifiers. So you could delete it on the new box, but it would rebuild to virtually the same for your purposes, so no gain. You have to delete it from Windows.old.
  4. By "Load, etc, unload the System hive..." I meant to Load Windows.old System hive, name it as RODENT, delete the MountedDevices key, and then Unload the RODENT hive.
  5. Whoops. They pulled that for 7 [it is an advanced XP option; I have 7, but prefer to use XP]. Go with ERUNT.
 
0
 

I'm definitely in foreign territory...

It asks what key I want to load. And the "Load" option is not available if I select the System key (or hive).

If I Load RODENT (copied System to RODENT within windows.old instead of renaming) into HKLM, it displays directly under HKLM as RODENT with keys named CurrentControlSet001, ..2, and ..3. If I Load it as MountedDevices, it displays MountedDevices as an additional hive - with the old drive set. If I try to delete the MountedDevices key, it does not allow me to because it is in use.

If I Load System from windows.old, I can see that the MountedDevices are different compared to the Current system because the X: drive (preinstallation volume) is not present. I cannot Unload it, though, because it is in use.

I'm trying to use my head...if I Load System from windows.old, delete MountedDevices, then export as System, would that do it? Would I need to delete ALL occurences of MountedDevices within System or even within the whole registry?

But, beyond that, I'm lost.

Do appreciate the help!

< Steve >

 
0
 

I'll run through the procedure. It works.
Open registry with regedit. Highlight either HKLM or HKU [the only keys that allow use of Load/Unload]. Select File > Load.
In the window that pops navigate to Windows.old\Win....\config and select system, press Open. In the box that pops, name it RODENT.
And the system hive loads as RODENT [= windows.old HKLM hive]. You expand RODENT, highlight its MountedDevices key, and delete it.
You finally highlight RODENT, choose File > Unload and BAM! it's done.

"If I Load System from windows.old, I can see that the MountedDevices are different compared to the Current system because the X: drive (preinstallation volume) is not present. I cannot Unload it, though, because it is in use."
-I don't understand this, because i can load my current system file, modify it and then unload it with no question about it being in use, because it is not. Even thought it is the same system hive that my machine is running on. I'm not too silly, I saved a copy beforehand. And I have ERUNT.
I can even name it with the name of an existing key, play with it and unload it again, being careful not to confuse it with the real key. No problem with "in use".
Don't use Export on a Loaded key - some trouble can lie there. If you do get stuck, just shut down normally; the key you Loaded is not saved as a part of your registry. A loaded hive is shown with your registry by regedit for editing purposes, but it does not form a part of your registry, and it is not in use.
You cannot Load again a hive which has already been loaded and not yet unloaded: > "in use" error.
Help at all?

 
0
 

Fantastic explanation! Allow me time to delve into this realm.

Thanks!

< Steve >

 
0
 

Sorry for the delay - life and other things have a tendency to reorganize my priorities. I really do appreciate all of the help and suggestions!

I am ready to copy and move the hives into place. Then I had a thought...

As I mentioned originally, Windows Explorer was freezing intermittently. I understand the deletion of the MountedDevices (Thanks, Gerbil!) in order to get the system to boot. But ... If I copy all of the hives to overwrite the new (custom) installation, isn't there a really good chance that Explorer will still freeze?

I found 11 keys that have the word Explorer in them; I'm sure there are many others that are not as noticeable:

HKEY_CURRENT_USER\AppEvents... 1
HKEY_CURRENT_USER\Software... 1
HKEY_LOCAL_MACHINE\SOFTWARE... 4
HKEY_USERS.DEFAULT... 1
HKEY_USERS\S-1-5-18... 1
HKEY_USERS\S-1-5-19... 2
HKEY_USERS\S-1-5-21... 1

Control Panel->Programs and Features->Windows Features does not have an option to uninstall or turn-off Explorer (that I can see).

Where to from here?

Thank you!

< Steve >

 
0
 

Hi, again. Life wins over computers, any day.
I rather doubt that explorer.exe was freezing because of an intrinsic problem, it's rather more likely that something it was acting upon was at fault.
Does that make sense? For example, if explorer was building video thumbnails and one file was corrupted, then you might expect it to freeze while it dealt.
And you cannot uninstall explorer; it's one of Windows' basic shells. [Task Manager & cmd are two more shells]. Turn it off [via Task Manager], yes, because it runs as a process.
Delete it, too, cos it's just an exe file in C:\Windows. But most folks freeze themselves when explorer freezes.
Thing is, you can do much of what it does via iexplore.exe [internet explorer], but don't expect a desktop with icons, task bar.

HKEY_USERS\S-1-5-18 System .......... we tend never to touch these.
HKEY_USERS\S-1-5-19 Local service ..." " "
HKEY_USERS\S-1-5-20 Network service ." " "
The S-1-5-21-long string of numbers ...are the security identifiers of the various users who ever had accounts. They contain, among other settings, various user preferences, usernames, passwords [coded] [slightly].
No intermittent freezes would originate there, or any reg key, really. Unless some malware has created hooks to inject its processes into explorer [some do that]. A thing to consider.
Pretty much, I think the freeze problem originates with a corruption in something it encounters while performing a task. Me, I'd try to spot it with Process Explorer from Winternals [search for it]. Start it, let it run in the background until a freeze occurs and then search for the long time gap in its listing.

 
0
 

Guess I should have gone that route instead of reloading.

I'll let you know what happens.

Thanks!!

You
This article has been dead for over six months: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article