When Last Known Good Configuration fails

Sometimes when things go wrong, booting into Windows becomes difficult. As a tech, I often run into situations where the aftermath of an infection or a severe system file corruption prevents me from reaching the Windows desktop on a troubled PC.

My first step in such situations now is simple. I boot to a remote operating system of my creation, open up the system32\config directory, and copy the registry hive files to a backup folder inside of the config folder. The following files, of course, are the registry hives:

  • SAM
  • SECURITY
  • SOFTWARE
  • SYSTEM
  • DEFAULT

Once these files have been backed up, I navigate to any recent backup of the hives in the config folder (most often the one in the  RegBack subfolder will work) and simply copy those same files from that folder directly into the config folder. This essentially replaces the registry hives with older, working copies of those hives.

On XP machines, it’s a bit more complicated.  You’ll have to actually manually navigate into a restore point folder and copy the backup hives from there.  These are pretty easy to get to, however.  Look for the %SYSTEMDRIVE%\System Volume Information folder, and find a recently-dated _restore{GUID}RP#\snapshot folder inside it (the “RP” indicates it’s a restore point).  In this folder, simply copy the five hive files to the system32\config folder and rename them to match the hive files you removed above.

Generally, once this is complete, the PC is once again bootable. I highly recommend starting in Safe Mode next, however, as some of the drivers (whether filesystem or device) may not be accurately catalogued after this procedure. From there, repairs can be carried out to correct any remaining issues with startup applications or drivers.

It isn’t technically necessary to replace all of the hives to correct boot problems, but it’s good practice.

If you’re looking for computer help in the Louisville area, look no further.  Call me today and get it done right!

Donate to say "Thanks" if this post has helped save you time and money! 🙂

1 thought on “When Last Known Good Configuration fails

  1. Steve, you are THE MAN! With your tips and advice, I was able to recover a laptop (XP-based) for a friend. She had let the tech-support-scam people into the laptop but refused to pay, so they Syskey-ed her machine. Fortunately, they didn’t delete ALL the restore points, so replacing the hives solved the problem. Many thanks!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.