On the vital importance of imaging your computer

"Lsass.exe - object not found"
Lsass.exe: (also shown as lsass.exe) Local Security Authentication Server

In most cases a user with this fault needs to press the F8 key when the computer starts Windows. Select the Last Known Good Configuration option.
If this does not fix the logon fault, continue on below...

----------------

The Lsass.exe file is located in c:\windows\System32. if you find it anywhere else on your system, it can be a virus or malware and should be deleted
To scan your drive, you can use such tools as The Ultimate Boot CD,

----------------

The original copy of Lsass.exe can be found on your Windows install disc in the folder i386\lsass.ex_

Start the computer from the Windows CD and boot to the Recovery Console (R, 1, Enter)
On the command line type the following line followed by enter key
extract %cdrom%\i386\lsass.ex_ c:\windows\system32\lsass.exe
Note: %cdrom% must be substituted for your CDrom Drive followed by a colon (ie E: )

Restart your computer, to test if you are now able to logon
If this does not fix the logon fault, continue on below...

----------------

This problem may occur if one or more services that run in the Lsass.exe process or in the Services.exe process are no longer configured to run as shared service processes. By default, services that run in these processes are configured to run as shared service processes.

You can use the Sc.exe tool to determine what service is incorrectly configured. To do this, follow these steps.

• 1. Restart the computer.
• 2. Press the F8 key before the Windows logo page is displayed.
• 3. Press the F8 key to select Advanced Startup Options
• 4. Use the arrow keys to select Safe Mode with Command Prompt, and then press ENTER.

Type the following commands. Press Enter after typing each command:

• Sc query HTTPFilter
• Sc query KDC
• Sc query Netlogon
• Sc query NTLMssp
• Sc query PolicyAgent
• Sc query ProtectedStorage
• Sc query SamSs
• Sc query Eventlog
• Sc query PlugPlay

The TYPE value must be 20 WIN32_SHARE_PROCESS for the services that are listed
Note Services that are configured to run in separate memory processes have a value of 10 WIN32_OWN_PROCESS



Configure what services are individually incorrectly configured
Type: sc config Service Name type= share, and then press ENTER.

Note: Service Name is one of the services that are listed above (ie Netlogon)
Repeat the above for each service that is incorrectly configured
Then Restart
If this does not fix the logon fault, continue on below...

----------------

Start the computer from the Windows CD and boot to the Recovery Console (R, 1, Enter)
On the command line type each of the following lines followed by enter key

md tmp
copy c:\windows\system32\config\system c:\windows\tmp\system.bak
copy c:\windows\system32\config\software c:\windows\tmp\software.bak
copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
copy c:\windows\system32\config\security c:\windows\tmp\security.bak
copy c:\windows\system32\config\default c:\windows\tmp\default.bak

delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default

copy c:\windows\repair\system c:\windows\system32\config\system
copy c:\windows\repair\software c:\windows\system32\config\software
copy c:\windows\repair\sam c:\windows\system32\config\sam
copy c:\windows\repair\security c:\windows\system32\config\security
copy c:\windows\repair\default c:\windows\system32\config\default
Exit

More help here, on this one: https://www.techspot.com/vb/topic98544.html

Then Restart
If this does not fix the logon fault, continue on below...

----------------

System Restore Xp

Microsoft's Windows XP Professional Repair Install step by step

Microsoft's Windows XP Home Repair Install step by step

Vista Repair:
http://www.windowsreinstall.com/winvista/index.htm (index page)
http://vistahomepremium.windowsreinstall.com/repairstartup/repairstartup.htm (guide)

If this does not fix the logon fault, continue on below...

----------------

Using the Ultimate Boot CD (mentioned earlier)
Back up your data, and re-install Windows clean (by removing the partition first)
Or restore your image back to your HardDrive

Sorry Kimsland, I did all that already, what I am asking is - where in the whole setup of Windows are the drivers defined?

Well the above pretty sure would have fixed the original fault
But most starting services (or drivers if you like) are here:
Start->Run-> services.msc
This is not including all the above like Sam; Explorer; PlugPlay... etc etc

Nope, the sevices associated with lsass.exe were checked as in the above post. All were present and 'stopped' which is correct when called up from a command prompt. Did not cure the problem, The replacement of the five hives (as above) was also performed from a known working restore point, again without a solution. The drivers I am talking about I am sure included one which had been deleted by an uninstall of Agfa scanwise software. None show up under services.msc. The drivers I am talking about come from somewhere else, and I am asking you where ?

To see, start the F8 boot prompt and choose safe mode, command prompt. At least 40 hardware drivers scroll up the screen when you do that. It halts for a few moments on a video default driver, before starting a safe mode login prompt followed by a command prompt, but other than that I cannot see where all those drivers are specified. These dozens of drvers, if any were corrupt, would probably prevent even command mode from starting, and I am certain one which was missing and called up by 'safe mode' prevented 'safe mode' from starting.

I do know what you mean

Here is the MS link to which basic drivers load at Windows Safe Mode Startup
http://windowshelp.microsoft.com/Windows/en-us/help/09a45f1f-c30c-4014-ba19-3818bfb2ebd91033.mspx

But this does not include other devices in Sam; or Explorer; or even Viruses!
For instance from Safe Mode a user can allow their addon Video card to load all Drivers if they wish. The only issue is if the Video drivers corrupt at any point

To get Safe Mode Drivers; Services; Networking. Back to default would really require a re-install of Windows

By the way, I'm thinking\suggesting that the "Sc query" or rather "sc config Service Name type= share" would have fixed the "Lsass.exe - object not found" issue. Note you did not say if you had checked this one.

This is my opinion only:

The only CRITICAL thing to ensure is that you back up anything critical routinely. CD, DVD, ZIP, Flash, whatever. Just Back It Up!!

Imaging is a nice touch, but isn't critical.

Imaging is a nice touch, but isn't critical.

Click to expand...

Off the top of my head, one situation when this is NOT true: if you suspect any corruption on your hard drive. In such case, you absolutely want a sector-by-sector disk image copy of your hard drive.

LookinAround said:

Off the top of my head, one situation when this is NOT true: if you suspect any corruption on your hard drive. In such case, you absolutely want a sector-by-sector disk image copy of your hard drive.

Click to expand...

OK - I'll bite!

IF you have routinely copied off all pertinent and critical stuff, then WHY do what you suggest?

I mean, what's the difference other than a complete 'image' versus copied data? And if the 'image' is of a corrupt system, what benefit?

Then again, if you haven't got the 4 hours to spend re-installing, who knows.

Lot's of teeth.. but no bite!

When you do a normal backup (which is fine to do routinely) you backup your files and folders - which, of course, is exactly what you want to do. More specifically, you're only backing up USED disk space (see note below)

If you have disk corruption, you don't know if part of the problem/what you need to do is recover data that might have been:
1) accidently deleted
2) or deleted by a system bug, a virus, etc.

Important underlying point being: when you do data recovery/disk repair you may well need what the disk has marked as UNUSED space (but in fact you really need). So you need to disk sector by sectory type copy to assure you can recover everything and can restore the disk if things get worse as you try recovery/repair

/** EDIT ***/
Ooops. Forgot the note below (i.e. this): Technically smart backup software doesn't actually even backup all USED disk data (unless you tell it) as somethings (e.g. your pagefile) don't need backup for you to restore your system

LoL - anyone that has stuff That important should be using something commercial, but you aren't dealing with the Millions of ordinary people that just want some backup of pictures, etc.

Why would they need that?

I still say - Nah! Just copy your stuff off to other media (and of course verify it did indeed copy off).

LOL back at ya

And how many ordinary people are frantic because they're afraid to lose routine personal data (e.g. financial tracking data) or other information they've stored on their computer? you've certain seen plenty of posts about such simple fact

Even a case of someone spending many hours today working on an important document when the system crashes and even if religous about backups they only backed up last night so there's very real fear of losing lots of time/effort and even recreating what they've done.

Ummm...so spending 40-50 bucks for a commerical ghost/backup product to cover all your potential computer disasters you can lament about later is well worth the investment.

And before thinking these are rare cases of computer problems (they're really not) and poo-pooing the need for disaster recovery for the common indivdual, i'd only state that i also remember when people thought seat belts weren't important as they never needed them

But of course it as all a personal choice.. As well as considering a software package that can do normal backups as well as ghosting is 40-50 bucks. But just having the disk drive ghosting option available when the time comes and you really need it? Priceless

I think the original post dealt with the benefits of imaging the system, and not data. kimsland's solution is fine, but I think a lot of users, including me would screw it up a third of the way down. Restoring an Acronis image of my C:\ drive takes no skill and less than an hour, unattended.
You do not make an image of your system unless you are sure that there are no infections by running anti-virus, anti-spy ware and rootkit finding software. Also get rid of all the junk files.

I have my data on a separate partition and use conventional backup software to copy it to an external HD (where I also store C:\ images).

There are two additions to kimsland's list of imaging software: Paragon Disk Copy and Macrium Reflect. Both are a little faster than Acronis, but not as flexible, particularly if you want to restore single folders.

Title: On the vital importance of imaging your computer

On the debate of backup Vs image
You would think it's contradictory of me, but backup wins hands down
Backup, MSBackup, or just copying (burning) your data to external media, is the industry, and private sector, preferred way of playing it safe. Mainly due to ease of operation.

I would recommend that imaging may even be as delayed as much as yearly, or when a huge change (Service Pack update?) has occurred.
I would presume that member gbhall's image was not created yesterday either.

I suppose the indirect part of this thread, is to create a New Thread at TechSpot, before re-imaging (with any old image!) ie There may be a fix!
But, user preference.

I think debate about imaging or backup is missing the point. It is not either/or it is both. An image is of the entire operating system, it's drivers, it's applications, the history of all MS updates and patches, the entire set-up of every application you have ever loaded, your emails, antivirus updates, everything.

If I had to reinstall Windows, and the (at last count), 208 applications, I would be at it for a fortnight, and still miss a lot. Are you amazed at 208 applications? Don't be, try Belarc Advisor, and surprise yourself instead at what you didn't remember was installed.

Now we professionals know all about backups, but unless you go so far as backing up the registry, the application setting places (can be anywhere), then you will have to reinstall everything. Now a backup including the registry and all the applications and their settings, is of course, what an image does for you. A backup, on the other hand, prevents you from losing any data.. There is a world of difference, and pain between the two.

And Kimsland, no, my image was not created yesterday, it was created 22nd November 2008. I had only 35 minutes work to restore, plus three MS updates and one device (printer) to install. Lucky me? NO, NO, NO. Images once per month, backups every day is my ideal. Ok, I dont always remember to image that often, but I never forget my backups, because they are automated......

And in post #7 I said I had run the SC query commands, then you asked me if I had done in post #8. You appear to be convinced the isass.exe errors can be fixed, I am convinced the one I had could not, because a low-level driver was deleted.

in techspot you can hear them scream....

Come now, anybody who has never had to reinstall Windows from scratch may well hold an opinion about imaging and backups.....that opinion will, I guarantee, be entirely changed after the first such reinstall.

Anybody who follows this site will be aware of vast numbers of people who have no idea of even backup, let alone imaging, and do get extremely stressed when faced with the loss of entire terms work, childs first years in pictures and so on.

That's for backup. Now those same people, entirely innocent of any real computer capability, faced with a reinstall of Windows? You gotta be joking. Thats for imaging.