>I went to visit a client yesterday and somehow the registry of one of the users' machines was completely blown (windows was in the same state it is when just installed)... 640x480, no network drivers whatsoever, no registry entries for any of the software in the computer (all office apps work except Access that complains about no license in machine), in a nutshell, nothing.
>
>Questions:
>
>1. How could this happen? (User of course insists she did nothing. I'm suspecting she tried to install a new screensaver.)
>
>2. Is there any tool that will allow me to take a snapshot of the WHOLE system after I set it up again in order to reset system to a working configuration in case this happens again? I remember a HW solution that did this, but is there anything that's SW based (preferably free)?

Do these systems come with a "restore orginal system configuration" or some such icon or option that she could have run. Other ideas are that the Registry could have detected that it was corrupted that then restored itself to a vanilla state.

Tools:
1) Get the customer to agree to a standard build (install), do that that take a snapshot with Norton Ghost (not cheap). Write this to CD or put it on their server. If anything goes wrong with a PC, copy this onto it, change the IPs address, computer names and then you are back it biz.
http://enterprisesecurity.symantec.com/products/products.cfm?productID=3

2) Get one of those harddrive devices that connects to the parallel port and makes a snapshot of your generic build. I can't find any links for these at the moment.