Solved

key recovery from ntuser.dat

Posted on 2002-03-28
7
1,827 Views
Last Modified: 2011-10-03
I corrupted the user hive (ntuser.dat) of
a registry with regedt32 (I don't think I
unloaded it properly). I can no longer log
in as that user (the system creates a new
user when I try).

Does some way exist of repairing that hive
so I can log on as that user again (first
choice), and if not, how do I copy all of
the keys (or as many as possible) so I can
import them into a new user (second choice)?
Regedt32 will only save keys in a long text
format, not an reg file.

Thanks for your help.
0
Comment
Question by:ctbohan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 6904906
Have you tried to just remove the C:\Documents and Settings\"TheUser"\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat from the profile. I had a similar problem in I couldn't logon as that user anymore unitl I remove the UsrClass.dat.

Also use regedit instead of Regedt32 to import and export keys.


The Crazy One
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 6904913
If that doesn't work try removing the ntuser.dat file and see what happens. By removing I don't mean deleting the files but moving them to some other directory for temporary save keeping.
0
 
LVL 2

Expert Comment

by:omk
ID: 6905171
open regedit, select the hive you prefer to save, under Registry ->Export Registry File.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 14

Accepted Solution

by:
AvonWyss earned 300 total points
ID: 6906135
If a new profile is created, you probably just have "lost" the profile information (renaming the profile folder does this, for instance). To check and fix this, use REGEDIT and check the keys in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList - there is a list with SIDs and in each SID there is information about which path the profile of that user is in.
0
 

Author Comment

by:ctbohan
ID: 6906198
CrazyOne, I will try removing that file on Monday.

I know that regedit and not regedt32 exports hives
to .reg files, but I can't load that hive with
regedit, because I can't log in as that user (it
creates a new profile under "user.DOMAIN", instead
of using the "user" profile).

AvonWyss, I will also try resetting that key to
point to the old profile on Monday. The system
might have not unlocked that file before (thus
forcing the creation of a new profile), but now
(after rebooting) it has become available again.

Thank you for your help.
0
 

Author Comment

by:ctbohan
ID: 6911045
I have recovered the registry for that user, and I
consider resetting the registry key as you described
as THE vital part of that recovery. Without telling
the OS where to look for profile, it never would
have recognized it.

I wish we had a finer system of grading, as I would
have taken off a couple of points for not reminding
me to reboot often. :) I didn't think what you
suggested would work at first (since it still logged
the user in with the new profile), but when I could
not even rename the directory containing the new
profile, the light went on, and a simple reboot
solved that problem (for that matter, if I had
rebooted after forgetting to unload that hive, I
probably would have never encountered the problem
in the first place - I guess I have become too used
to Linux where I only reboot to upgrade the kernel,
or in case of hardware problems). Thanks again.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 6911118
ctbohan, you're welcome! When something fails in Windows, rebooting is practically always suggested as first measure to be taken. This is so "normal" that I indeed forget to tell people to do it. Thanks for reminding me.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
How many times a day do you open, acknowledge, or close an IT incident? What’s your process? Do you have a process depending on the incident, systems involved, and other factors? New Relic Alerts gives you options for how you interact with notifica…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question