Preserve Registry do-it-yourself
Recently I suffered from the loss of NTUser.dat and with it all the HKCU for Windows7 and so much that Windows Restore did not help - I had to go up from a month ago backup. As a result, I was very concerned about the issue of registry backup. As it turned out, Win7 / Vista does not offer any backup of the “pure” registry (unlike XP). In this post I will talk about what you can do with your own hands about this with the help of ERUNT and User Profile Hive Cleanup Service (UPHClean) utilities. In conclusion, I give an example of how I did it.
History reference.
The registry, as we know it, first appeared in Win95, and it immediately became clear that it was not worth losing / spoiling it. Fortunately, in the OC family of Win9x, the registry was automatically backed up at system startup. It kept from two (Win95) to five (Win98 / ME) levels of rollback. Manual bakap also not a problem, because it was enough to reboot the computer in DOS mode and copy several files to a safe place. Microsoft also provided the ERU utility, which backed up the registry directly from Windows.
With the advent of Win2000 and its derivatives (WinXP / Vistal / 7), the situation has changed radically. On NT-based systems, the Registry files (C: \ Windows \ System32 \ Config and% userprofile% \ ntuser.dat) are always open and in use. As a result, unpleasant bugs began to appear, some of which still occur today. Almost all of them are consequences of the same scenario: some program opens the key in the Registry and forgets to close it. As a result, a number of interesting side effects can occur:
')
* First, if the key is not closed in HKCU, the logoff \ restart / shutdown of the computer may take oooooochen a lot of time - Windows patiently waits until all programs release HKCU to log off the user (which does not happen if the buggy program is registered as a system service) .
* Secondly, some changes were not “dumped” into the registry, and as a result were not saved after a reboot. Especially, this strained corporate users with Roaming profiles, which often had, for example, to observe the message “Please wait while Windows configures <program>” every time when launching an office application. As a result, in Vista / W7 we have registry transaction files (regtrans-ms), which sometimes take up more space than the registry files themselves :)
* In the worst case, during the reboot, the integrity of the registry was broken and the entire hive could be lost (most often, again, HKCU). This, by the way, continues to this day, quite a lot of noise is raised about the service updating Google Chrome, which likes to open a lot of descriptors and forgets to close some of them.
The problem was so serious that Microsoft released a special service " User Profile Hive Cleanup Service ", which forcibly disconnects everyone from the registry when rebooting (though only for HKCU / ntuser.dat). Highly recommend.
All this showed how the integrity of the registry is critical for systems based on WinNT. However,
There was no other simple way to back up the registry, and I had to think of it. This is how ERUNT (ERU for NT) appeared.
ERUNT.
ERUNT was developed by a German specialist named Lars Hederer , and, in fact, reserves the registry of any WinNT-like OS (NT / 2K / 2K3 / XP / Vistal / 7) into the specified directory “alive” (i.e., not when rebooting , and at any time during the operation of the OS).
Details of the application can be found in the readme file , but I will tell you about how I personally liked it and how I use it.
In conclusion, I attach ERUNT.INI and .XML for Task Scheduler.
ERUNT.INI (to the directory with ERUNT):
ERUNT.XML (imported into Task Scheduler, correct user name and path):
In general, the author of the utility has been dealing with this issue since 2001, and he knows his business - I highly recommend it for use!
History reference.
The registry, as we know it, first appeared in Win95, and it immediately became clear that it was not worth losing / spoiling it. Fortunately, in the OC family of Win9x, the registry was automatically backed up at system startup. It kept from two (Win95) to five (Win98 / ME) levels of rollback. Manual bakap also not a problem, because it was enough to reboot the computer in DOS mode and copy several files to a safe place. Microsoft also provided the ERU utility, which backed up the registry directly from Windows.
With the advent of Win2000 and its derivatives (WinXP / Vistal / 7), the situation has changed radically. On NT-based systems, the Registry files (C: \ Windows \ System32 \ Config and% userprofile% \ ntuser.dat) are always open and in use. As a result, unpleasant bugs began to appear, some of which still occur today. Almost all of them are consequences of the same scenario: some program opens the key in the Registry and forgets to close it. As a result, a number of interesting side effects can occur:
')
* First, if the key is not closed in HKCU, the logoff \ restart / shutdown of the computer may take oooooochen a lot of time - Windows patiently waits until all programs release HKCU to log off the user (which does not happen if the buggy program is registered as a system service) .
* Secondly, some changes were not “dumped” into the registry, and as a result were not saved after a reboot. Especially, this strained corporate users with Roaming profiles, which often had, for example, to observe the message “Please wait while Windows configures <program>” every time when launching an office application. As a result, in Vista / W7 we have registry transaction files (regtrans-ms), which sometimes take up more space than the registry files themselves :)
* In the worst case, during the reboot, the integrity of the registry was broken and the entire hive could be lost (most often, again, HKCU). This, by the way, continues to this day, quite a lot of noise is raised about the service updating Google Chrome, which likes to open a lot of descriptors and forgets to close some of them.
The problem was so serious that Microsoft released a special service " User Profile Hive Cleanup Service ", which forcibly disconnects everyone from the registry when rebooting (though only for HKCU / ntuser.dat). Highly recommend.
All this showed how the integrity of the registry is critical for systems based on WinNT. However,
- In NT / 2000 there is no automatic registry backup at all.
- In WinXP, the registry cache is made only during the general system backup process (if you select Backup System State). At the same time, the OS files (~ 500MB) are put in the user-specified directory, and the registry backup is found in C: \ Windows \ Repair, from where it must be copied with pens (well, or delete 500M junk if you only need to registry). Unfortunately, the Windows GUI does not allow you to select subdirectories in NUL :)
- In Vista / W7, the entire tank is produced in the VHD; System Restore, as it turned out, is not reliable enough, and \ Windows \ Repair is not worth it. ** UPD ** But there is a similar \ Windows \ System32 \ Config \ RegBack, which is updated every 10 days by Task Scheduler. Thanks to the kind people from the comments . True, there is only the registry.
There was no other simple way to back up the registry, and I had to think of it. This is how ERUNT (ERU for NT) appeared.
ERUNT.
ERUNT was developed by a German specialist named Lars Hederer , and, in fact, reserves the registry of any WinNT-like OS (NT / 2K / 2K3 / XP / Vistal / 7) into the specified directory “alive” (i.e., not when rebooting , and at any time during the operation of the OS).
Details of the application can be found in the readme file , but I will tell you about how I personally liked it and how I use it.
- It has GUI and CLI for backup and restore. It is very convenient to use the GUI for testing, and then roll everything into the command line parameters and create a Task (which is discussed below). Similarly, for recovery: for a full recovery, you can make a simple batch file, for some special situations you can run the GUI and choose what you need.
- Allows you to select hive (system and user) - you can backup: system, user profile, profiles of other users, all together. Initially, I had a plan to “backup all once a week, backup a profile every day,” but the program works so fast, and the backups take up so little space that now I just dump everything every day.
- Restores the registry from a special bootloader or Windows Recovery Console. Usually, the console is enough (since, in fact, a banal file overwriting occurs).
- Installed through the installer, but, it seems, does not put any files outside of its directory, so it is suitable for portable-use. The directory stores a .INI file in which you can write default values, which allows you to reduce the number of command line keys that are set each time. In any case, the recovery utility works completely independently.
- A bunch of interesting automated backup options. For myself, I did the following:
- Catalog D: \ Install \ __ Backups \ RegBackup-ERUNT \ creates subdirectories with date-time in the format I need (note RegBackup-ERUNT \ 2012-04-19-17.00.04 \).
- Each such subdirectory contains, in fact, the hive registry and the recovery utility (so as not to strain).
- The history of backups is stored for 30 days (you can adjust by the number of, say, the last 5, or by the time). Old ones are deleted automatically (disabled).
- If today bakap already done - the second (third, etc.) once skipped. (it is useful, because in Task Scheduler there is an option “if the task launch time is missed - run as soon as possible”, thus two backups per day can be launched)
- Standard options like silent mode, etc.
- I was particularly impressed by the fact that in a toga I got rid of most of the command line keys, since the default values ​​set by the author do exactly what I need! :) The rest was set up in the ini file and as a result, the huge command line was reduced to AUTOBACK.EXE <directory name for backups> \ # Date # - # Time #.
In conclusion, I attach ERUNT.INI and .XML for Task Scheduler.
ERUNT.INI (to the directory with ERUNT):
[ERUNT] DefaultDestinationFolder=D:\Install\__Backups DateFormat=yyyy/mm/dd DateSeparator=- TimeFormat=hh:mm:ss TimeSeparator=. ERUNT.XML (imported into Task Scheduler, correct user name and path):
<?xml version="1.0" encoding="UTF-16"?> <Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> <RegistrationInfo> <Date>2012-04-01T21:27:40.026817</Date> <Author>APCNB\apc</Author> </RegistrationInfo> <Triggers> <CalendarTrigger> <StartBoundary>2012-04-01T17:00:00</StartBoundary> <ExecutionTimeLimit>PT1H</ExecutionTimeLimit> <Enabled>true</Enabled> <ScheduleByDay> <DaysInterval>1</DaysInterval> </ScheduleByDay> </CalendarTrigger> </Triggers> <Principals> <Principal id="Author"> <UserId>APCNB\apc</UserId> <LogonType>S4U</LogonType> <RunLevel>HighestAvailable</RunLevel> </Principal> </Principals> <Settings> <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> <StartWhenAvailable>true</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle>false</RunOnlyIfIdle> <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession> <UseUnifiedSchedulingEngine>false</UseUnifiedSchedulingEngine> <WakeToRun>false</WakeToRun> <ExecutionTimeLimit>PT1H</ExecutionTimeLimit> <Priority>7</Priority> <RestartOnFailure> <Interval>PT1H</Interval> <Count>3</Count> </RestartOnFailure> </Settings> <Actions Context="Author"> <Exec> <Command>C:\bin\ERUNT\AUTOBACK.EXE</Command> <Arguments>D:\Install\__Backups\RegBackup-ERUNT\#Date#-#Time#</Arguments> <WorkingDirectory>C:\bin\ERUNT\</WorkingDirectory> </Exec> </Actions> </Task> In general, the author of the utility has been dealing with this issue since 2001, and he knows his business - I highly recommend it for use!
Source: https://habr.com/ru/post/142558/
All Articles