?
Solved

Can I retrieve an old IP address

Posted on 2009-05-19
12
Medium Priority
?
5,725 Views
Last Modified: 2016-07-06
Folks,
A PC with a Failed hard  drive arrived into my desk yesetrday. I got the info from the hard drive itself but as my company uses STATIC IP address is there any other way retrieving the IP address from a file. I have heard something that you can retrieve the ip address from the C:\windows\system32\config\system file. How can I open this file if it ppossible at all.
0
Comment
Question by:Daithi_Mc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
12 Comments
 

Expert Comment

by:martin2123
ID: 24422781
Hi

Does your company use a DHCP at all??? either in a router or server if so you could look up the pc ip address there
1
 
LVL 70

Accepted Solution

by:
Qlemo earned 1000 total points
ID: 24422867
  • Start regedit
  • select HKEY_LOCAL_MACHINE
  • In menu, select Load
  • choose that system file
  • enter a arbitrary name for the imported registry
  • browse the new key to System\ControlSet001\Services\Tcpip\Interfaces
There are subkeys for each virtual or physical network interface, just visit them all, and look for the value of IPAdress
1
 
LVL 26

Assisted Solution

by:akahan
akahan earned 1000 total points
ID: 24423181
That's an interesting problem.  Here's what might work; I've just sort of made it up, though, never tried it.

What you need to do is access the registry from the old machine.  The registry on the old machine was stored in c:\windows\system32\config .   There are several files in that directory, combined, that make up the registry.

Since you've recovered those files, I presume they're in a directory somewhere that you can access.  Perhaps they're on a drive you've attached to your machine as a USB drive?  For purposes of this example, let's call that directory  F:\recovered\config

On your machine, get a command prompt, and type regedit.  The registry editor will come up, but it will be showing your ACTUAL registry, not the recovered registry.

In the registry, Navigate to HKEY_LOCAL_MACHINE , and click on that, so it's highlighted in blue.
Then, choose File (from the menu up top) and "Load Hive".  In the Windows Explorer Box, navigate to the directory f:\recovered\config (or wherever the other drive's c:\windows\system32\config file is), and select the file called "system".  Note that there may also be files in there called system.bak, system.LOG1, etc.  You don't want those; you want system.

This will HOPEFULLY load the registry hive of the other machine for viewing and editing.  Now, navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Under that key, in the window on the left side, possibly after several .NET related entries, you'll see one or more entries that start with a curly brace ({), have a random-looking series of letter and numbers with a few hyphens, and then a right curly brace.  Each of these corresponds to one of the network interfaces on the old machine.  (There may be just one or two if you're lucky).   Under each of these, there's a subkey labeled Parameters, and under Parameters, there's another one labeled Tcpip.   Under each, click on Tcpip, and, on the right hand side of the screen, look at "IPAddress" to see the ip address that was associated with that network interface.   One of those (the one that looks like a plausible IP address on your network) will be the one you're looking for.

VERY IMPORTANT: When done, go back to the "File" menu, and pick "Unload Hive".



0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 70

Expert Comment

by:Qlemo
ID: 24426710
Sorry? That's what I wrote, in more verbose form.
0
 
LVL 26

Expert Comment

by:akahan
ID: 24426805
We were typing at the same time.  The OP might have had trouble with your solution because the registry key provided in it is incorrect.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24427118
Interesting. Your post is 23 minutes past mine. This is not "at the same time", you just didn't refresh the post after that long time (which you should do after some minutes, somebody could have been posted already).

And there is no "CurrentControlSet" in a loaded hive. It is a virtual branch created by the OS, and only for the HKLM hive in charge, not the loaded one. ControlSetXXX with XXX = 000 ... are the valid ones.
Now, what is wrong with mine?

0
 
LVL 26

Expert Comment

by:akahan
ID: 24427446
We were typing at the same time, I just took a lot longer.  :)

Good point re CurrentControlSet.  

At least on my XP system, there's no System\ControlSet001\Services\Tcpip\Interfaces

Rather, it's

...  tcpip\PARAMETERS\interfaces   Is yours different?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24427485
Yes, I had a look at an XP registry (extracted from restore point snapshot folder), and followed the path I described, and everything was there. A ControlSet001 should always be there, but I have seen registries where it has been purged, maybe by LastKnownGood. Some software relies on ControlSet001 to be here, most for shareware/demo timespan limitations ;-)

0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24427506
Sorry, misread your post. Your path is correct. I forgot to insert the Parameters key.
0
 
LVL 26

Expert Comment

by:akahan
ID: 24427568
I think between the two of us, he has the information he needs.  I have no objection to splitting credit, or any other disposition deemed appropriate here.  (It takes a long time to type when you're as verbose as I am.)    :-)


0
 
LVL 70

Expert Comment

by:Qlemo
ID: 24427659
Agreed. I will request attention to let an admin take care of it.
0

Featured Post

Introducing Priority Question

Increase expert visibility of your issues by participating in Priority Question, our latest feature for Premium and Team Account holders. Adjust the priority of your question to get emergent issues in front of subject-matter experts for help when you need it most.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month15 days, 8 hours left to enroll

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question