Solved

Can I retrieve an old IP address

Posted on 2009-05-19
12
4,605 Views
Last Modified: 2016-07-06
Folks,
A PC with a Failed hard  drive arrived into my desk yesetrday. I got the info from the hard drive itself but as my company uses STATIC IP address is there any other way retrieving the IP address from a file. I have heard something that you can retrieve the ip address from the C:\windows\system32\config\system file. How can I open this file if it ppossible at all.
0
Comment
Question by:Daithi_Mc
  • 6
  • 4
12 Comments
 

Expert Comment

by:martin2123
ID: 24422781
Hi

Does your company use a DHCP at all??? either in a router or server if so you could look up the pc ip address there
1
 
LVL 69

Accepted Solution

by:
Qlemo earned 250 total points
ID: 24422867
  • Start regedit
  • select HKEY_LOCAL_MACHINE
  • In menu, select Load
  • choose that system file
  • enter a arbitrary name for the imported registry
  • browse the new key to System\ControlSet001\Services\Tcpip\Interfaces
There are subkeys for each virtual or physical network interface, just visit them all, and look for the value of IPAdress
0
 
LVL 26

Assisted Solution

by:akahan
akahan earned 250 total points
ID: 24423181
That's an interesting problem.  Here's what might work; I've just sort of made it up, though, never tried it.

What you need to do is access the registry from the old machine.  The registry on the old machine was stored in c:\windows\system32\config .   There are several files in that directory, combined, that make up the registry.

Since you've recovered those files, I presume they're in a directory somewhere that you can access.  Perhaps they're on a drive you've attached to your machine as a USB drive?  For purposes of this example, let's call that directory  F:\recovered\config

On your machine, get a command prompt, and type regedit.  The registry editor will come up, but it will be showing your ACTUAL registry, not the recovered registry.

In the registry, Navigate to HKEY_LOCAL_MACHINE , and click on that, so it's highlighted in blue.
Then, choose File (from the menu up top) and "Load Hive".  In the Windows Explorer Box, navigate to the directory f:\recovered\config (or wherever the other drive's c:\windows\system32\config file is), and select the file called "system".  Note that there may also be files in there called system.bak, system.LOG1, etc.  You don't want those; you want system.

This will HOPEFULLY load the registry hive of the other machine for viewing and editing.  Now, navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Under that key, in the window on the left side, possibly after several .NET related entries, you'll see one or more entries that start with a curly brace ({), have a random-looking series of letter and numbers with a few hyphens, and then a right curly brace.  Each of these corresponds to one of the network interfaces on the old machine.  (There may be just one or two if you're lucky).   Under each of these, there's a subkey labeled Parameters, and under Parameters, there's another one labeled Tcpip.   Under each, click on Tcpip, and, on the right hand side of the screen, look at "IPAddress" to see the ip address that was associated with that network interface.   One of those (the one that looks like a plausible IP address on your network) will be the one you're looking for.

VERY IMPORTANT: When done, go back to the "File" menu, and pick "Unload Hive".



0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 69

Expert Comment

by:Qlemo
ID: 24426710
Sorry? That's what I wrote, in more verbose form.
0
 
LVL 26

Expert Comment

by:akahan
ID: 24426805
We were typing at the same time.  The OP might have had trouble with your solution because the registry key provided in it is incorrect.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24427118
Interesting. Your post is 23 minutes past mine. This is not "at the same time", you just didn't refresh the post after that long time (which you should do after some minutes, somebody could have been posted already).

And there is no "CurrentControlSet" in a loaded hive. It is a virtual branch created by the OS, and only for the HKLM hive in charge, not the loaded one. ControlSetXXX with XXX = 000 ... are the valid ones.
Now, what is wrong with mine?

0
 
LVL 26

Expert Comment

by:akahan
ID: 24427446
We were typing at the same time, I just took a lot longer.  :)

Good point re CurrentControlSet.  

At least on my XP system, there's no System\ControlSet001\Services\Tcpip\Interfaces

Rather, it's

...  tcpip\PARAMETERS\interfaces   Is yours different?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24427485
Yes, I had a look at an XP registry (extracted from restore point snapshot folder), and followed the path I described, and everything was there. A ControlSet001 should always be there, but I have seen registries where it has been purged, maybe by LastKnownGood. Some software relies on ControlSet001 to be here, most for shareware/demo timespan limitations ;-)

0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24427506
Sorry, misread your post. Your path is correct. I forgot to insert the Parameters key.
0
 
LVL 26

Expert Comment

by:akahan
ID: 24427568
I think between the two of us, he has the information he needs.  I have no objection to splitting credit, or any other disposition deemed appropriate here.  (It takes a long time to type when you're as verbose as I am.)    :-)


0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24427659
Agreed. I will request attention to let an admin take care of it.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

827 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question