Windows 7: Recovering the registry

Windows 7: Recovering the registry

Alastair Grant | Wednesday 11 April 2012

For some bizarre reason the permissions on my HKLM/Services node got knackered - the result of this was my networking services failed to work.

I attempted to repair by spending time with Process Monitor and starting up the dead services individually and then restoring whatever permissions were required. This had limited success, but things got complicated the further into TCP I dug.

I had already tried a System Restore, to which I was informed that something was corrupt and it wouldn't work. I had a look for a Windows System Image, but it seems I only have one from two years ago (a point I later realised was due to having to image *everything* if you want to use this, and I just don't have the backup space). I thought I'd check for my registry backups, but then I found that Windows Backup doesn't allow you to manually select system directories (helpful).

The Volume Shadow Service saved the day as whilst System Restore didn't work, my registry files had been snapshotted successfully. In order to restore them by hand you need to:

  1. Turn of UAC (otherwise you don't have permission to access the snapshots)
  2. Find your C:/Windows/System32/config directory and take a ganders at the Previous Versions
  3. Select a version and copy it somewhere handy
  4. Reboot into repair mode and start the command prompt
  5. Make a copy of your relevant registry hives from the above directory (in repair mode your C drive will be another letter, you'll just have to search for it).
  6. Replace the relevant registry nodes with the ones from your snapshot
  7. Reboot
  8. Turn UAC back on

I imagine it's not too hard to manually backup the shadow copies with some clever scripts.

