Share via

Windows server 2016 registry keys were removed suddenly

test17 0 Reputation points
2023-05-10T09:01:04.2766667+00:00

Hello,

I'm facing a problem with windows server 2016, many registry keys are being removed suddenly, this happens in more than one machine and i can't identify the problem of this deletion.

These registry are located in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"

Can anyone help me please.

Windows for business | Windows Server | User experience | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-05-12T04:03:49.7166667+00:00

    Hi.

    Registry keys suddenly disappear, the reasons may be:

    Virus infection: Some viruses will attack the registry, destroy the data in it or directly delete the registry, causing system problems.

    System errors: Certain system errors can cause issues with the registry, such as Windows update failures, hardware damage, etc.

    Have any of the above conditions happened to you recently?

    Please try the following solutions:

    1. Perform System Restore: If you have ever set a system restore point, you can try to use System Restore to restore the registry.
    2. Use registry backup: If you have backed up the registry before, you can try to use the backup to restore the registry.

    Note: Before doing the above, make sure to back up your important data.

    Hope the information is helpful.

    ============================================
    If the Answer is helpful, please click "Accept Answer" and upvote it.

  2. Limitless Technology 44,771 Reputation points
    2023-05-18T13:03:31.4233333+00:00

    Hello there,

    Was there any log in Event Viewer?

    I would suggest you use Process Monitor to monitor when registry keys are modified.

    Process Monitor is an advanced monitoring tool for Windows that shows real-time file

    system, Registry and process/thread activity. You can get the tool from here

    https://docs.microsoft.com/enus/sysinternals/downloads/procmon

    System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log

    system activity to the Windows event log.You can get the tool from here

    https://docs.microsoft.com/enus/sysinternals/downloads/sysmon

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.