simpsons17371
asked on
Replacing a SAM file
Hey guys, first off sorry I don't have many points to give, but I guess when you think about this question you either know it or you don't, so its pretty simple.
Anyway, a family computer of mine (not mine, my family's [thank god]) crashed. It happened randomly overnight, we have no idea how it happened since no one was even home, the comptuer was on though, but it has tons of firewalls and stuff like that.
Now all I am getting when I turn it on is an error code, a "Windows Stop error code" I guess you could call it.
The thing says:
STOP: c000021a {Fatal System Error}
Then a little irrelevant information. I have looked up the code and basically it means that I'm fucked (sorry for profanity). My dad insisted I call Dell since we have a dell, I said it was useless, he didn't listen, so I called. They said exactly what I suspected and had already read on the internet and that the harddrive and installation of windows was basically shot. They advised reinstalling Windows, or getting a new harddrive.
I do not want to have to reinstall windows if there is a way around it because I lose everything, and thats what my dad and I exactly don't want to happen, thats why I called dell, maybe they had a way around it, they don't without like mailing them my harddrive.
Now, through my research I have also narrowed down that the file that is corrupt, since its a logon error, is the SAM file. I got onto the harddrive and accessed it using Knoppix (which I have used a lot in the past in similar situations, and if you don't know what it is, take a minute and look it up, very useful) and go figure the last moment the SAM file was editted was July 15th, 2006 at 3:07am. Interesting how thats the exact moment I would bet that the computer crashed >_<.
So, instead of reinstalling windows, I first want to try to take my extra SAM file which is in:
C:\WINDOWS\repair
and paste it on top of the
C:\WINDOWS\System32\config
SAM file and see if that will work, and then do everything else if it doesn't.
The question is, if I replace a SAM file, how much information will I lose, what will happen to the system. See I know with an reinstallation of windows its possible to keep your Program Files and a few other things, but since you are making all new users, everything in your Documents and Settings folder is basically deleted, which in this case, sucks. So I am trying to save that as best I can.
Do any of you know what would happen or have a better plan?
Thanks for the help in advance.
Mark
Anyway, a family computer of mine (not mine, my family's [thank god]) crashed. It happened randomly overnight, we have no idea how it happened since no one was even home, the comptuer was on though, but it has tons of firewalls and stuff like that.
Now all I am getting when I turn it on is an error code, a "Windows Stop error code" I guess you could call it.
The thing says:
STOP: c000021a {Fatal System Error}
Then a little irrelevant information. I have looked up the code and basically it means that I'm fucked (sorry for profanity). My dad insisted I call Dell since we have a dell, I said it was useless, he didn't listen, so I called. They said exactly what I suspected and had already read on the internet and that the harddrive and installation of windows was basically shot. They advised reinstalling Windows, or getting a new harddrive.
I do not want to have to reinstall windows if there is a way around it because I lose everything, and thats what my dad and I exactly don't want to happen, thats why I called dell, maybe they had a way around it, they don't without like mailing them my harddrive.
Now, through my research I have also narrowed down that the file that is corrupt, since its a logon error, is the SAM file. I got onto the harddrive and accessed it using Knoppix (which I have used a lot in the past in similar situations, and if you don't know what it is, take a minute and look it up, very useful) and go figure the last moment the SAM file was editted was July 15th, 2006 at 3:07am. Interesting how thats the exact moment I would bet that the computer crashed >_<.
So, instead of reinstalling windows, I first want to try to take my extra SAM file which is in:
C:\WINDOWS\repair
and paste it on top of the
C:\WINDOWS\System32\config
SAM file and see if that will work, and then do everything else if it doesn't.
The question is, if I replace a SAM file, how much information will I lose, what will happen to the system. See I know with an reinstallation of windows its possible to keep your Program Files and a few other things, but since you are making all new users, everything in your Documents and Settings folder is basically deleted, which in this case, sucks. So I am trying to save that as best I can.
Do any of you know what would happen or have a better plan?
Thanks for the help in advance.
Mark
The SAM file contains all the user accounts on your machine. As rsivanandan noticed, if it is removed, Windows will create a new one with only an Administrator account.
You can try to copy the one in C:\WINDOWS\repair but it is not updated very often. This means that any user account you've created after the repair file will be lost and you will have to re-create it. If you do re-create it, it will actually be a considered a new account, so any special privileges the old account had will not be kept.
So my first recommendation is that you backup your current SAM before you do anything so just in case it is not the cause of the problem, you can undo what you've done.
If the SAM is indeed the problem, there is a way to make the new account use the old account's profile:
1) Re-Create the user account (don't log-in yet)
2) Go to "C:\Documents and Settings". You'll notice that a new folder has been created by the user (suppost the old one was "C:\Documents and Settings\username", the new one will probably be "C:\Documents and Settings\username.computer
3) Delete the new folder.
4) Give the new user full control permissions for the old folder.
5) Open the registry editor.
6) Go to: HKLM\SOFTWARE\Microsoft\Wi
7) Inside that there is a subkey for any user on your machine. Search for the one whose ProfileImagePath value is the name of the folder you've just deleted.
8) Modify that value to the old folder.
9) Close the registry editor.
You can try to copy the one in C:\WINDOWS\repair but it is not updated very often. This means that any user account you've created after the repair file will be lost and you will have to re-create it. If you do re-create it, it will actually be a considered a new account, so any special privileges the old account had will not be kept.
So my first recommendation is that you backup your current SAM before you do anything so just in case it is not the cause of the problem, you can undo what you've done.
If the SAM is indeed the problem, there is a way to make the new account use the old account's profile:
1) Re-Create the user account (don't log-in yet)
2) Go to "C:\Documents and Settings". You'll notice that a new folder has been created by the user (suppost the old one was "C:\Documents and Settings\username", the new one will probably be "C:\Documents and Settings\username.computer
3) Delete the new folder.
4) Give the new user full control permissions for the old folder.
5) Open the registry editor.
6) Go to: HKLM\SOFTWARE\Microsoft\Wi
7) Inside that there is a subkey for any user on your machine. Search for the one whose ProfileImagePath value is the name of the folder you've just deleted.
8) Modify that value to the old folder.
9) Close the registry editor.
ASKER
Hey, thanks for the tip you guys but I seem to have a problem.
I went into the system with Knoppix but I can't delete the SAM file, it just won't let me. I don't know the command console command either so I can't try it there, but I guess the SAM file is a read only file.
Do you guys have any idea how I can delete it?
Thanks.
Mark
I went into the system with Knoppix but I can't delete the SAM file, it just won't let me. I don't know the command console command either so I can't try it there, but I guess the SAM file is a read only file.
Do you guys have any idea how I can delete it?
Thanks.
Mark
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
hey simpsons, plz provide feedback for further assistance.
When windows boots and it doesn't find a sam file, it recreates one with one user 'Administrator' and a blank password.
In your case what I would do is;
1. Use Knoppix and boot, go there and delete the sam from the location (which you know). Then reboot. Then you'll be able to login as administrator with no password. Once you are on the PC, you can then copy stuff from other's profile under document and setting then recreate the users. You can copy down the stuff you want and you're done.
Cheers,
Rajesh