Solved

Can I retrieve an old IP address

Posted on 2009-05-19
12
5,275 Views
Last Modified: 2016-07-06
Folks,
A PC with a Failed hard  drive arrived into my desk yesetrday. I got the info from the hard drive itself but as my company uses STATIC IP address is there any other way retrieving the IP address from a file. I have heard something that you can retrieve the ip address from the C:\windows\system32\config\system file. How can I open this file if it ppossible at all.
0
Comment
Question by:Daithi_Mc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
12 Comments
 

Expert Comment

by:martin2123
ID: 24422781
Hi

Does your company use a DHCP at all??? either in a router or server if so you could look up the pc ip address there
1
 
LVL 70

Accepted Solution

by:
Qlemo earned 250 total points
ID: 24422867
  • Start regedit
  • select HKEY_LOCAL_MACHINE
  • In menu, select Load
  • choose that system file
  • enter a arbitrary name for the imported registry
  • browse the new key to System\ControlSet001\Services\Tcpip\Interfaces
There are subkeys for each virtual or physical network interface, just visit them all, and look for the value of IPAdress
1
 
LVL 26

Assisted Solution

by:akahan
akahan earned 250 total points
ID: 24423181
That's an interesting problem.  Here's what might work; I've just sort of made it up, though, never tried it.

What you need to do is access the registry from the old machine.  The registry on the old machine was stored in c:\windows\system32\config .   There are several files in that directory, combined, that make up the registry.

Since you've recovered those files, I presume they're in a directory somewhere that you can access.  Perhaps they're on a drive you've attached to your machine as a USB drive?  For purposes of this example, let's call that directory  F:\recovered\config

On your machine, get a command prompt, and type regedit.  The registry editor will come up, but it will be showing your ACTUAL registry, not the recovered registry.

In the registry, Navigate to HKEY_LOCAL_MACHINE , and click on that, so it's highlighted in blue.
Then, choose File (from the menu up top) and "Load Hive".  In the Windows Explorer Box, navigate to the directory f:\recovered\config (or wherever the other drive's c:\windows\system32\config file is), and select the file called "system".  Note that there may also be files in there called system.bak, system.LOG1, etc.  You don't want those; you want system.

This will HOPEFULLY load the registry hive of the other machine for viewing and editing.  Now, navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Under that key, in the window on the left side, possibly after several .NET related entries, you'll see one or more entries that start with a curly brace ({), have a random-looking series of letter and numbers with a few hyphens, and then a right curly brace.  Each of these corresponds to one of the network interfaces on the old machine.  (There may be just one or two if you're lucky).   Under each of these, there's a subkey labeled Parameters, and under Parameters, there's another one labeled Tcpip.   Under each, click on Tcpip, and, on the right hand side of the screen, look at "IPAddress" to see the ip address that was associated with that network interface.   One of those (the one that looks like a plausible IP address on your network) will be the one you're looking for.

VERY IMPORTANT: When done, go back to the "File" menu, and pick "Unload Hive".



0
Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

 
LVL 70

Expert Comment

by:Qlemo
ID: 24426710
Sorry? That's what I wrote, in more verbose form.
0
 
LVL 26

Expert Comment

by:akahan
ID: 24426805
We were typing at the same time.  The OP might have had trouble with your solution because the registry key provided in it is incorrect.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24427118
Interesting. Your post is 23 minutes past mine. This is not "at the same time", you just didn't refresh the post after that long time (which you should do after some minutes, somebody could have been posted already).

And there is no "CurrentControlSet" in a loaded hive. It is a virtual branch created by the OS, and only for the HKLM hive in charge, not the loaded one. ControlSetXXX with XXX = 000 ... are the valid ones.
Now, what is wrong with mine?

0
 
LVL 26

Expert Comment

by:akahan
ID: 24427446
We were typing at the same time, I just took a lot longer.  :)

Good point re CurrentControlSet.  

At least on my XP system, there's no System\ControlSet001\Services\Tcpip\Interfaces

Rather, it's

...  tcpip\PARAMETERS\interfaces   Is yours different?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24427485
Yes, I had a look at an XP registry (extracted from restore point snapshot folder), and followed the path I described, and everything was there. A ControlSet001 should always be there, but I have seen registries where it has been purged, maybe by LastKnownGood. Some software relies on ControlSet001 to be here, most for shareware/demo timespan limitations ;-)

0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24427506
Sorry, misread your post. Your path is correct. I forgot to insert the Parameters key.
0
 
LVL 26

Expert Comment

by:akahan
ID: 24427568
I think between the two of us, he has the information he needs.  I have no objection to splitting credit, or any other disposition deemed appropriate here.  (It takes a long time to type when you're as verbose as I am.)    :-)


0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24427659
Agreed. I will request attention to let an admin take care of it.
0

Featured Post

Turn Insights into Action

Communication across every corner of your business is essential to increase the velocity of your application delivery and support pipeline. Automate, standardize, and contextualize your communication processes with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question