Can I retrieve an old IP address

A PC with a Failed hard  drive arrived into my desk yesetrday. I got the info from the hard drive itself but as my company uses STATIC IP address is there any other way retrieving the IP address from a file. I have heard something that you can retrieve the ip address from the C:\windows\system32\config\system file. How can I open this file if it ppossible at all.
Who is Participating?
QlemoConnect With a Mentor Batchelor and DeveloperCommented:
  • Start regedit
  • In menu, select Load
  • choose that system file
  • enter a arbitrary name for the imported registry
  • browse the new key to System\ControlSet001\Services\Tcpip\Interfaces
There are subkeys for each virtual or physical network interface, just visit them all, and look for the value of IPAdress

Does your company use a DHCP at all??? either in a router or server if so you could look up the pc ip address there
akahanConnect With a Mentor Commented:
That's an interesting problem.  Here's what might work; I've just sort of made it up, though, never tried it.

What you need to do is access the registry from the old machine.  The registry on the old machine was stored in c:\windows\system32\config .   There are several files in that directory, combined, that make up the registry.

Since you've recovered those files, I presume they're in a directory somewhere that you can access.  Perhaps they're on a drive you've attached to your machine as a USB drive?  For purposes of this example, let's call that directory  F:\recovered\config

On your machine, get a command prompt, and type regedit.  The registry editor will come up, but it will be showing your ACTUAL registry, not the recovered registry.

In the registry, Navigate to HKEY_LOCAL_MACHINE , and click on that, so it's highlighted in blue.
Then, choose File (from the menu up top) and "Load Hive".  In the Windows Explorer Box, navigate to the directory f:\recovered\config (or wherever the other drive's c:\windows\system32\config file is), and select the file called "system".  Note that there may also be files in there called system.bak, system.LOG1, etc.  You don't want those; you want system.

This will HOPEFULLY load the registry hive of the other machine for viewing and editing.  Now, navigate to:


Under that key, in the window on the left side, possibly after several .NET related entries, you'll see one or more entries that start with a curly brace ({), have a random-looking series of letter and numbers with a few hyphens, and then a right curly brace.  Each of these corresponds to one of the network interfaces on the old machine.  (There may be just one or two if you're lucky).   Under each of these, there's a subkey labeled Parameters, and under Parameters, there's another one labeled Tcpip.   Under each, click on Tcpip, and, on the right hand side of the screen, look at "IPAddress" to see the ip address that was associated with that network interface.   One of those (the one that looks like a plausible IP address on your network) will be the one you're looking for.

VERY IMPORTANT: When done, go back to the "File" menu, and pick "Unload Hive".

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

QlemoBatchelor and DeveloperCommented:
Sorry? That's what I wrote, in more verbose form.
We were typing at the same time.  The OP might have had trouble with your solution because the registry key provided in it is incorrect.
QlemoBatchelor and DeveloperCommented:
Interesting. Your post is 23 minutes past mine. This is not "at the same time", you just didn't refresh the post after that long time (which you should do after some minutes, somebody could have been posted already).

And there is no "CurrentControlSet" in a loaded hive. It is a virtual branch created by the OS, and only for the HKLM hive in charge, not the loaded one. ControlSetXXX with XXX = 000 ... are the valid ones.
Now, what is wrong with mine?

We were typing at the same time, I just took a lot longer.  :)

Good point re CurrentControlSet.  

At least on my XP system, there's no System\ControlSet001\Services\Tcpip\Interfaces

Rather, it's

...  tcpip\PARAMETERS\interfaces   Is yours different?
QlemoBatchelor and DeveloperCommented:
Yes, I had a look at an XP registry (extracted from restore point snapshot folder), and followed the path I described, and everything was there. A ControlSet001 should always be there, but I have seen registries where it has been purged, maybe by LastKnownGood. Some software relies on ControlSet001 to be here, most for shareware/demo timespan limitations ;-)

QlemoBatchelor and DeveloperCommented:
Sorry, misread your post. Your path is correct. I forgot to insert the Parameters key.
I think between the two of us, he has the information he needs.  I have no objection to splitting credit, or any other disposition deemed appropriate here.  (It takes a long time to type when you're as verbose as I am.)    :-)

QlemoBatchelor and DeveloperCommented:
Agreed. I will request attention to let an admin take care of it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.