Reply
Wed 25 Feb, 2004 02:13 pm
When we booted up the home machine last night, we got this:
Stop: C0000218 {registry file failure}
The registry cannot load the hive (file)
\systemroot\system32\config\software
or its log or alternate.
It is corrupt, absent, or not writeable.
Beginning dump of physical memory.
Physical memory dump complete.
Contact your system admin....
Well, that would be me. So, I contacted someone with more Windows XP knowledge (XP Home). We wound up booting off of the XP CD and trying to run a recovery. When it booted, it asked for the admin password. I simply hit enter, and it let me in to the C:\WINDOWS> prompt. The two of us then messed with the files SAM, SECURITY, SOFTWARE, and a couple others, first making backup copies of the existing ones. We copied in replacements from C:\WINDOWS\REPAIR. Now, when the system tries to boot, it is complaining about a mismatched password and simply looping. If I boot from the XP CD, it's also asking for a password and it's no longer just "Enter". What the heck?
I'm not sure about which problem to comment on but heres how to fix the password problem.
First you will need 3 programs:
Knoppix (STD version will work fine) = Knoppix
LC4 = LC4
SAMInside = SAMInside
Once you have all these programs then here is what you will need to do.
1. Boot up knoppix and copy the SAM and SYSTEM file off of remote machine. You will probably have to burn them to a CD.
2. Boot up windows on local machine and run SAMInside. If you have full version of SAMInside you will not need LC4 but LC4 is, well you know.
3. Import the SAM file into SAMInside and it will then tell you to import the SYSTEM file.
5. Now Export the results to a PWDUMP file.
6. Run LC4 and import the PWDUMP file you just created.
7. Begin Restore process.
8. You should now have all passwords to the users on the remote machine.
Now the reason why you have to have the SYSTEM file.
Windows 2000 and XP has what is called SYSKEY which is basically encryption that is used on the passwords hashes. If you were to load up LC4 and import the SAM file you would see the users and it would try to restore the passwords but it would fail. The SYSKEY is stored in the SYSTEM file therefore SAMInside takes the SYSKEY out of the SYSTEM file and uses it to get the corrent hashes from the SAM file.
Sounds like it might just be easier to reinstall from scratch!
much easier way to reset the admin password:
go to
www.pchelplive.com
go to the downloads page
download the NTFS Boot disk for password recovery/reset
if you have trouble using it lemme know
Ya my way is more for doing it rogue style.
Wound up reinstalling. But thanks for the tips, I'll keep them under my hat. Using Windows, it's likely they'll be needed again.