Solved

key recovery from ntuser.dat

Posted on 2002-03-28
7
1,823 Views
Last Modified: 2011-10-03
I corrupted the user hive (ntuser.dat) of
a registry with regedt32 (I don't think I
unloaded it properly). I can no longer log
in as that user (the system creates a new
user when I try).

Does some way exist of repairing that hive
so I can log on as that user again (first
choice), and if not, how do I copy all of
the keys (or as many as possible) so I can
import them into a new user (second choice)?
Regedt32 will only save keys in a long text
format, not an reg file.

Thanks for your help.
0
Comment
Question by:ctbohan
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 6904906
Have you tried to just remove the C:\Documents and Settings\"TheUser"\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat from the profile. I had a similar problem in I couldn't logon as that user anymore unitl I remove the UsrClass.dat.

Also use regedit instead of Regedt32 to import and export keys.


The Crazy One
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 6904913
If that doesn't work try removing the ntuser.dat file and see what happens. By removing I don't mean deleting the files but moving them to some other directory for temporary save keeping.
0
 
LVL 2

Expert Comment

by:omk
ID: 6905171
open regedit, select the hive you prefer to save, under Registry ->Export Registry File.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 14

Accepted Solution

by:
AvonWyss earned 300 total points
ID: 6906135
If a new profile is created, you probably just have "lost" the profile information (renaming the profile folder does this, for instance). To check and fix this, use REGEDIT and check the keys in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList - there is a list with SIDs and in each SID there is information about which path the profile of that user is in.
0
 

Author Comment

by:ctbohan
ID: 6906198
CrazyOne, I will try removing that file on Monday.

I know that regedit and not regedt32 exports hives
to .reg files, but I can't load that hive with
regedit, because I can't log in as that user (it
creates a new profile under "user.DOMAIN", instead
of using the "user" profile).

AvonWyss, I will also try resetting that key to
point to the old profile on Monday. The system
might have not unlocked that file before (thus
forcing the creation of a new profile), but now
(after rebooting) it has become available again.

Thank you for your help.
0
 

Author Comment

by:ctbohan
ID: 6911045
I have recovered the registry for that user, and I
consider resetting the registry key as you described
as THE vital part of that recovery. Without telling
the OS where to look for profile, it never would
have recognized it.

I wish we had a finer system of grading, as I would
have taken off a couple of points for not reminding
me to reboot often. :) I didn't think what you
suggested would work at first (since it still logged
the user in with the new profile), but when I could
not even rename the directory containing the new
profile, the light went on, and a simple reboot
solved that problem (for that matter, if I had
rebooted after forgetting to unload that hive, I
probably would have never encountered the problem
in the first place - I guess I have become too used
to Linux where I only reboot to upgrade the kernel,
or in case of hardware problems). Thanks again.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 6911118
ctbohan, you're welcome! When something fails in Windows, rebooting is practically always suggested as first measure to be taken. This is so "normal" that I indeed forget to tell people to do it. Thanks for reminding me.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question