[SOLVED] Windows 7 x64 Enterprise - SURT 8k payloads

S

SpadeM

Member
Joined
Nov 25, 2014
Posts
56
Hello everyone,

Long story short, someone deleted by "accident" the components registry hive on a relevant client. Unfortunately I cannot reinstall that client since the downtime involved would cost more then to actually have it online and working with a few bugs. Now, to "patch" the issue temporarily (clients get scanned monthly to insure proper patch level) i uploaded and loaded a components hive from a donor machine. Now, the issue is the donor machine was a dutch client and the receiver was a german one. After re-running SURT, the last log that was generated is the one attached.

My question is, if i upload and load a german components hive, would it clear the issue or is there any way to specify the payload path from a different machine without having to give myself rights to each and every folder of those missing 8000?

Thank you.
 

Attachments

Hello and welcome to the forum.

My question is, if i upload and load a german components hive, would it clear the issue or is there any way to specify the payload path from a different machine without having to give myself rights to each and every folder of those missing 8000?
Click to expand...

This is not something that I would recommend. The two systems would have to be absolutely identical in every way, meaning they would of had to be set up at the exact same date and had the exact same updates installed over time, along with the exact same hardware... even then it is still not recommended.

Do you have any system restore points on the system?

Alex
 
Hello,

No system restore sadly since it's been disabled by company policy. While i don't have the exact machine, I do have access to a large number of Virtual Clients that have the same OS and patch level as that client.
 
Ah that is a shame. This is not something I would recommend doing still, as it can cause a lot more issues in the long run. Depending on what types of updates were install on this machine, if there were GDR or LDR can make a big difference to the COMPONENTS hive.

Alex
 
Its still not my recommendation. My suggestion (and I know you have said this is not a possibility) is to do reformat. If you are using SCCM can you schedule a reformat after hours? Assuming that your company deploys images from SCCM. If you do you can set a timer on when to reformat the machine.

Alex
 
We ended up re-imaging the client late at night and finished just before business hours. I guess sometimes you just have to let it go :)

Thank you.
 
That's good to hear. Sorry that it had to come to this, but with this issue it is just to risky to use another hive.

Alex
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top