[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5224
  • Last Modified:

Replacing a SAM file

Hey guys, first off sorry I don't have many points to give, but I guess when you think about this question you either know it or you don't, so its pretty simple.

Anyway, a family computer of mine (not mine, my family's [thank god]) crashed.  It happened randomly overnight, we have no idea how it happened since no one was even home, the comptuer was on though, but it has tons of firewalls and stuff like that.

Now all I am getting when I turn it on is an error code, a "Windows Stop error code" I guess you could call it.

The thing says:

STOP: c000021a {Fatal System Error}

Then a little irrelevant information.  I have looked up the code and basically it means that I'm fucked (sorry for profanity).  My dad insisted I call Dell since we have a dell, I said it was useless, he didn't listen, so I called.  They said exactly what I suspected and had already read on the internet and that the harddrive and installation of windows was basically shot.  They advised reinstalling Windows, or getting a new harddrive.

I do not want to have to reinstall windows if there is a way around it because I lose everything, and thats what my dad and I exactly don't want to happen, thats why I called dell, maybe they had a way around it, they don't without like mailing them my harddrive.

Now, through my research I have also narrowed down that the file that is corrupt, since its a logon error, is the SAM file.  I got onto the harddrive and accessed it using Knoppix (which I have used a lot in the past in similar situations, and if you don't know what it is, take a minute and look it up, very useful) and go figure the last moment the SAM file was editted was July 15th, 2006 at 3:07am.  Interesting how thats the exact moment I would bet that the computer crashed >_<.

So, instead of reinstalling windows, I first want to try to take my extra SAM file which is in:


and paste it on top of the


SAM file and see if that will work, and then do everything else if it doesn't.

The question is, if I replace a SAM file, how much information will I lose, what will happen to the system.  See I know with an reinstallation of windows its possible to keep your Program Files and a few other things, but since you are making all new users, everything in your Documents and Settings folder is basically deleted, which in this case, sucks.  So I am trying to save that as best I can.

Do any of you know what would happen or have a better plan?

Thanks for the help in advance.

2 Solutions
Easiest way, let windows recreate the sam file. Tell you the history;

When windows boots and it doesn't find a sam file, it recreates one with one user 'Administrator' and a blank password.

In your case what I would do is;

1. Use Knoppix and boot, go there and delete the sam from the location (which you know). Then reboot. Then you'll be able to login as administrator with no password. Once you are on the PC, you can then copy stuff from other's profile under document and setting then recreate the users. You can copy down the stuff you want and you're done.

The SAM file contains all the user accounts on your machine. As rsivanandan noticed, if it is removed, Windows will create a new one with only an Administrator account.
You can try to copy the one in C:\WINDOWS\repair but it is not updated very often. This means that any user account you've created after the repair file will be lost and you will have to re-create it. If you do re-create it, it will actually be a considered a new account, so any special privileges the old account had will not be kept.
So my first recommendation is that you backup your current SAM before you do anything so just in case it is not the cause of the problem, you can undo what you've done.
If the SAM is indeed the problem, there is a way to make the new account use the old account's profile:
1) Re-Create the user account (don't log-in yet)
2) Go to "C:\Documents and Settings". You'll notice that a new folder has been created by the user (suppost the old one was "C:\Documents and Settings\username", the new one will probably be "C:\Documents and Settings\username.computername"). The old folder still exists though.
3) Delete the new folder.
4) Give the new user full control permissions for the old folder.
5) Open the registry editor.
6) Go to: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
7) Inside that there is a subkey for any user on your machine. Search for the one whose ProfileImagePath value is the name of the folder you've just deleted.
8) Modify that value to the old folder.
9) Close the registry editor.
simpsons17371Author Commented:
Hey, thanks for the tip you guys but I seem to have a problem.

I went into the system with Knoppix but I can't delete the SAM file, it just won't let me.  I don't know the command console command either so I can't try it there, but I guess the SAM file is a read only file.

Do you guys have any idea how I can delete it?


Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

have you tried getting the files from the most current system restore backup

windows cannot start the file c:\windows\system32\config\system is missing or is damaged.

*** Below is revised by me (not using old files from the Repair folder) ***
*** if you can't see the "sys vol info" folder then under folder options, select "show hidden/system files" & unchk "hide protected o/s files" *** if you can't access that folder see this>  http://support.microsoft.com/?kbid=308421  ***

boot from an XP cd, & press R to enter the Recovery Console
from c:\windows
md tmp

copy c:\windows\system32\config\system c:\windows\tmp\system.bak
copy c:\windows\system32\config\software c:\windows\tmp\software.bak
copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
copy c:\windows\system32\config\security c:\windows\tmp\security.bak
copy c:\windows\system32\config\default c:\windows\tmp\default.bak

delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default

cd c:\"system volume information"\_restore*\
dir /od  (find a folder "RPxxx" with a date prior to when this occurred)
cd rpXXX\snapshot

From the Snapshot folder, do the below command to copy the files:
 (space after copy & before c:\windows)

copy _registry_user_.default c:\Windows\System32\Config\default
copy _registry_machine_sam c:\Windows\System32\Config\sam
copy _registry_machine_security c:\Windows\System32\Config\security
copy _registry_machine_software c:\Windows\System32\Config\software
copy _registry_machine_system c:\Windows\System32\Config\system

reboot & run system restore to create new restore point
You can't delete the SAM file from Knoppix because the Linux NTFS driver is read only.
To do that you need to use either the Windows Recovery Console (to start it, insert your Windows CD and when setup starts press R for repair then C for console) or (recommended) the 3rd party utility ERD commander.
hey simpsons, plz provide feedback for further assistance.

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now