How to Restore the Windows Registry

The most important rule that one needs to know when making a Windows registry edit is to always make Windows registry backups beforehand. In that case, it should be just as important to understand restoring backup of Windows registry. At the time this may be as simple as reverting your computer to a previous system restore point, or can be as difficult as running a series of commands from the command line. Windows registry repair can be difficult and unpredictable, so it’s good to know all of the methods from which you can restore your Windows registry.

Restoring Backup of Windows Registry using System Restore

The easiest way to deal with a corrupt, or suspected corrupt registry is by using the System Restore feature in Windows. Doing so is the first Windows registry recovery tactic to use when experiencing issues after a Windows registry edit. System restore points are created at certain intervals by your computer, however you can also create one manually. If you ever desire to perform Windows registry backups of your entire registry, this is usually the easiest and most effective way to do so. System restore points are also good choices when you are making any changes to your computer that you have doubts about, such as changing settings or installing items that you are unsure of.

To get to the System Restore Wizard, go to your Start Menu and navigate to “Programs”, “Accessories” and then “System Tools”. From this menu select “System Restore”. Before going farther it’s important to note that you must be an administrator, or have administrator permissions, to restore your computer to a previous working version. From here you can choose to either “Create a Restore Point” or “Restore My Computer to an Earlier Time”. Choose “Restore My Computer to an Earlier Time” and click “Next”. You are able to choose a date and time to restore. The only dates you can choose are those which a restore point was made on. If you did not make one manually, you will only be able to use restore points that the computer automatically created.

Once you select a date and confirm your selection, Windows will restore your computer to those previous settings and reboot your computer. If you are unhappy with the system restore, or it does not fix Windows registry, you can navigate back to the System Restore wizard and choose the option “Undo my last restoration”. You can also launch the System Restore wizard with a command, by typing “%SystemRoot%\System32\Restore\Rstrui.exe” in the “Run” dialog in your Start menu.

Windows Registry Recovery When Your Computer Won’t Boot

If you can’t get your computer to boot into Windows, then it’s likely that your registry is corrupted and you are in need of some serious Windows registry repair. If you are seeing one of the errors below, then your registry has somehow become corrupted and will need to be restored before your computer will function properly.

“Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM”

“Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SOFTWARE”

“Stop: c0000218 {Registry File Failure} The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or its log or alternate”

“System error: Lsass.exe”
When trying to update a password the return status indicates that the value provided as the current password is not correct.

How do you fix Windows registry when you can’t even get into Windows? Luckily, restoring backup of Windows registry is possible using the Recovery Console. Follow the Windows registry repair steps below to recover a stable, uncorrupted version of your registry.

  1. Insert your Windows disc into your CD-ROM and restart your computer. If a message comes up asking you if you’d like to “boot from cd”, then choose to do so.
  2. When the setup screen appears, press the “R” button on your keyboard to start the Recovery Console.
  3. The recovery console will present you with a command prompt. Enter the commands below, being sure to press “enter” after each line:

    md tmp
    copy c:\windows\system32\config\system c:\windows\tmp\system.bak
    copy c:\windows\system32\config\software c:\windows\tmp\software.bak
    copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
    copy c:\windows\system32\config\security c:\windows\tmp\security.bak
    copy c:\windows\system32\config\default c:\windows\tmp\default.bak

    delete c:\windows\system32\config\system
    delete c:\windows\system32\config\software
    delete c:\windows\system32\config\sam
    delete c:\windows\system32\config\security
    delete c:\windows\system32\config\default

    copy c:\windows\repair\system c:\windows\system32\config\system
    copy c:\windows\repair\software c:\windows\system32\config\software
    copy c:\windows\repair\sam c:\windows\system32\config\sam
    copy c:\windows\repair\security c:\windows\system32\config\security
    copy c:\windows\repair\default c:\windows\system32\config\default

  4. Type “exit” to leave the Recovery Console and restart your computer.
  5. Once your computer has restarted and your desktop has fully loaded, restart your computer.
  6. When your computer beings to start-up, press the “F8″ key on your keyboard to boot into “Safe Mode”.
  7. Once your desktop has fully loaded, start Windows Explorer (as a shortcut, press the Windows Key and the “E” key on your keyboard simultaneously).
  8. On the “Tools” menu, click “Folder Options” and then go to the “View” tab.
  9. Under “Hidden Files and Folders”, check “Show Hidden Files and Folders” and uncheck “Hide Protected Operating System Files”.
  10. Navigate to the drive where your operating system is installed, commonly “C” and open the “System Volume Information” folder.
  11. You now need to find a restore point folder, which always start with “RP”. Choose one of these folders which was not just recently created. You can see the date each folder was created by going to “View” and clicking “Details”.
  12. Open the “Snapshot” folder and copy the following files to the C:\Windows\Tmp folder and rename them according to the instructions below.
    _REGISTRY_USER_.DEFAULT (rename to DEFAULT)
    _REGISTRY_MACHINE_SECURTY (rename to SECURITY)
    _REGISTRY_MACHINE_SOFTWARE (rename to SOFTWARE)
    _REGISTRY_MACHINE_SYSTEM (rename to SYSTEM)
    _REGISTRY_MACHINE_SAM (rename to SAM)
  13. Restart your computer and start the Recovery Console as you did in the Step 1.
  14. At the command prompt, type the following:
    del c:\windows\system32\config\sam
    del c:\windows\system32\config\security
    del c:\windows\system32\config\software
    del c:\windows\system32\config\default
    del c:\windows\system32\config\system
    copy c:\windows\tmp\software c:\windows\system32\config\software
    copy c:\windows\tmp\system c:\windows\system32\config\system
    copy c:\windows\tmp\sam c:\windows\system32\config\sam
    copy c:\windows\tmp\security c:\windows\system32\config\security
    copy c:\windows\tmp\default c:\windows\system32\config\default
  15. Restart your computer. Once it has loaded, perform a System Restore.

It’s important to learn as many Windows registry recovery and backup tactics as possible. For more information, see some of the resources below.

How to Restore Windows XP to a Previous State

Repairing a Corrupted Registry Hive

In Windows XP, How do I use the Recovery Console?