7. Back Up the Registry
In
a way, the Windows Registry is a weak link in the operating system's
stability and robustness. It's remarkably easy to damage, but very
difficult to repair. And unless you go to the trouble of making your own
backup copy, it's not necessarily easy to replace it if it's damaged
(unlike, say, DLLs, which can be pulled right off the Vista CD). A
broken Registry—either due to physical corruption or errant data—might
cause Windows to behave eratically (or more so than usual) or it may
prevent Windows from starting at all.
The System Protection feature is found in Control Panel → System → Advanced system settings → System Protection tab. Windows automatically creates a restore point
once a day, plus each time you install an application, device driver,
or any update from Windows Update. Restore points contain essential
Windows system files and Registry settings, although it's not clear how
much of the Registry is backed up, nor is it possible to restore all or
part of the Registry alone. |
|
So,
what's the big problem? Why not just zip up the Registry files or copy
them to a CD? The files that contain your Registry data (called hives)
are constantly being read from and written to, so Windows locks them to
ensure they can't be modified, deleted, or even read directly.
This
means you have to use a procedure like the following if you want a
backup you can create and restore at will. You may want to do this, for
instance, just before you install a new program or device driver.
Open Registry Editor, and collapse all the branches so only the five main root keys are showing.
Highlight HKEY_CURRENT_USER.
From the File menu, select Export.
From the Save as type list, choose Registry Hive Files (*.*).
Type a filename, and give it the .hive filename extension (e.g., hkey_current_user.hive). RegEdit won't do this for you, nor will Windows recognize the .hive
extension by default, but it will make the files much easier for you to
identify than if they have no extension, which is the default.
Choose a folder to store the backup, and click Save.
Next, highlight HKEY_LOCAL_MACHINE, and repeat steps 3–6. Make sure to choose a different filename for this branch (e.g., hkey_local_machine.hive).
To restore either or both of these backups, and replace the current Registry with the data in your backup hive files, select Import from the Registry Editor's File menu. Select Registry Hive Files (*.*) from the unlabeled listbox next to the File name field, select the .hive file to import, and click Open.
There are two things worth noting about this backup procedure. First, it makes use of Registry hive
files, which are binary files, and the same type of file Windows uses
to store the Registry it uses day-to-day. If you were to instead export
ordinary Registry patch files—which is what you'd get if Registration Files (*.reg)
was selected in step 4—then you'd end up with files that couldn't be
easily restored back into the Registry. This is because the Registry
Editor only merges patch files with existing Registry data, which can leave errant data intact. When the Registry Editor imports hive files,
however, it deletes the existing keys from the Registry before bringing
in the new (backed-up) data.
Registry patches can be handy for backing up individual keys, as explained in the upcoming sidebar, "The Local Backup." |
|
The
easiest type of Registry backup to make is the local backup, akin to
the local anesthetic. Rather than backing up the entire Registry, you
simply back up the portion you'll be working on. If you screw up, you
can quickly and easily restore the affected keys without touching
anything else. Say you want to make some changes to the key, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run,
which happens to be responsible for running programs when Windows
starts. Just open the Registry Editor, navigate to this key, and select File → Export. Type a filename and save the Registry patch file on your Desktop.
Make
a mistake and want to restore the backup? Just delete the key(s) you
changed, and double-click the Registry patch to load it back in. Of
course, Registry patch files can be hard to keep track of, particularly
if you change a setting and only discover two weeks later that it's
caused a problem. In this case, you can make an easy-to-find backup
right in the Registry. Before
you make any changes to the Registry, make a patch file as just
described. Then, rename the key in which you'll be working by adding .backup to the end of the key name. For instance, if you want to make a change to: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Highlight the Run key, press the F2 key (or right-click and select Rename), and change the name to: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.backup
Then, immediately reimport the Registry patch you just made, and delete the .reg patch file. You'll end up with two identical keys right next to each other: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.backup
At this point, you can go ahead and mess with the Run key to your heart's content, and even use the nearby Run.backup key as a handy reference. If you ever need to restore your backup—either today or six months from now—just delete the Run key and then rename Run.backup to Run.
|
Second, notice that only HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE are backed up here, leaving HKEY_CLASSES_ROOT, HKEY_USERS, and HKEY_CURRENT_CONFIG seemingly unprotected. This is done because the data in HKEY_CLASSES_ROOT and HKEY_USERS is duplicated in the first two root keys (HKLM and HKCU, respectively) and HKEY_CURRENT_CONFIG is dynamically generated and not stored on the hard disk at all.
Now,
other than saving time by not exporting more than you have to, why is
it important to know how Windows stores the Registry data? Because if
you use a slightly more advanced approach when you back up the Registry,
you'll have a backup you can restore even if Windows won't start. Here's how you do it:
Open a plain-text editor (e.g., Notepad).
Type the following into a blank document:
if exist C:\Backups\COMPONENTS.OLD del C:\Backups\COMPONENTS.OLD
if exist C:\Backups\SAM.OLD del C:\Backups\SAM.OLD
if exist C:\Backups\SECURITY.OLD del C:\Backups\SECURITY.OLD
if exist C:\Backups\SOFTWARE.OLD del C:\Backups\SOFTWARE.OLD
if exist C:\Backups\SYSTEM.OLD del C:\Backups\SYSTEM.OLD
if exist C:\Backups\NTUSER.OLD del C:\Backups\NTUSER.OLD
ren C:\Backups\COMPONENTS COMPONENTS.OLD
ren C:\Backups\SAM SAM.OLD
ren C:\Backups\SECURITY SECURITY.OLD
ren C:\Backups\SOFTWARE SOFTWARE.OLD
ren C:\Backups\SYSTEM SYSTEM.OLD
ren C:\Backups\NTUSER.DAT NTUSER.OLD
REG SAVE HKLM\COMPONENTS C:\Backups\COMPONENTS
REG SAVE HKLM\SAM C:\Backups\SAM
REG SAVE HKLM\SECURITY C:\Backups\SECURITY
REG SAVE HKLM\SOFTWARE C:\Backups\SOFTWARE
REG SAVE HKLM\SYSTEM C:\Backups\SYSTEM
REG SAVE HKCU C:\Backups\NTUSER.DAT
Save the file somewhere convenient, such as your desktop, and give it the .bat filename extension (e.g., back up registry.bat).
Open Windows Explorer, open the Computer branch, and select drive C:. Create a new folder in C:\ named Backups. If you want to store the backup hive files in a different location, replace all 24 instances of C:\Backups in the listing in step 2 with the full path of your backup folder.
To run the backup, just right-click the back up registry.bat file and select Run as administrator.
To run this backup automatically every time you start Windows, create a shortcut to the back up registry.bat file in your Startup folder in your Start menu. Or, if you typically hibernate your PC instead of shutting down, use the Scheduled Tasks feature to schedule the backup to run at regular intervals, say, once every three days. |
|
At this point, you can be extra compulsive and copy the backed-up hive files to a CD or network drive for safekeeping.
So, what's different about this second procedure? For one, it's automated, using the little-known REG.exe command-line Registry tool instead of the Registry Editor to create the hive files. (To learn more about REG.exe, open a Command Prompt window, type reg /? and press Enter.) Also, it automatically archives the last backup, thus maintaining two sets of backup files at all times, a feat accomplished by some simple batch-file commands.
Most importantly, though, it creates five separate hive files from the HKEY_LOCAL_MACHINE branch—one for each sub-branch except HARDWARE,
which is dynamically generated—instead of just one. As a result, the
backup files you'll end up with are the same as those Windows normally
uses to store the Registry on your hard disk.
Windows stores the active hive files—those for HKEY_LOCAL_MACHINE, at least—in the \Windows\System32\Config folder. The exception is the HKEY_CURRENT_USER branch, stored in the NTUSER.DAT file located in the user's home directory (usually \Users\{username}).
In your snooping, you might discover the \Windows\System32\config\RegBack folder. Check the dates of the files in the RegBack folder, and sure enough, you'll see that they're recent—perhaps with yesterday's or today's date—backups of your HKEY_LOCAL_MACHINE hive files. Although Vista indeed regularly creates these backups, they're neither complete (the HKEY_CURRENT_USER
branch isn't included) nor as useful as a backup you make yourself. For
instance, a problem that prevents Windows from loading is likely to
have made its way to the automatic backups, but not the manual backup
you made three days ago, just before you installed an application. |
|
All of this means that you can restore your Registry from the backup in a variety of ways. Of course, you can always use File → Import in Registry Editor,
as described earlier in this section, but that only works if Windows is
running. If Windows won't start, though, here's how to restore your
Registry from the six hive backups:
Insert your Windows Vista setup disc in your drive, and start your PC.
Click Next on the first Install Windows screen, and then click Repair your computer on the second page.
On the System Recovery Options window, select Microsoft Windows Vista in the list and then click Next.
In the Command Prompt window that appears, type the following commands to rebuild your Registry from your hive files:
REG RESTORE HKLM\COMPONENTS C:\Backups\COMPONENTS
REG RESTORE HKLM\SAM C:\Backups\SAM
REG RESTORE HKLM\SECURITY C:\Backups\SECURITY
REG RESTORE HKLM\SOFTWARE C:\Backups\SOFTWARE
REG RESTORE HKLM\SYSTEM C:\Backups\SYSTEM
REG RESTORE HKCU C:\Backups\NTUSER.DAT
You can omit one or more of these lines if you only want to restore part of the Registry. |
|
When you're done, pop out your Vista setup disc and restart your PC.
With
any luck, Windows should start normally. If it doesn't, either your
most recent backup is defective, or the problem lies elsewhere. If you
suspect that an older backup may work where the newer one failed, add
the .OLD filename extension to each filename in step 5 above, like this:
REG RESTORE HKLM\COMPONENTS C:\Backups\COMPONENTS.OLD
If Windows still won't start at this point, try reinstalling Windows.
Now, there's a chance that the REG.exe tool won't work, which might happen if your Registry is sufficiently corrupted or if the REG.exe file itself is damaged. In this case, try replacing the active hive files with your backups, like this:
Open the Command Prompt as instructed in steps 1–4 above.
Type these commands to copy the files:
copy C:\Backups\COMPONENTS C:\Windows\System32\Config
copy C:\Backups\SAM C:\Windows\System32\Config
copy C:\Backups\SECURITY C:\Windows\System32\Config
copy C:\Backups\SOFTWARE C:\Windows\System32\Config
copy C:\Backups\SYSTEM C:\Windows\System32\Config
copy C:\Backups\NTUSER.DAT C:\Users\your_user_folder
where your_user_folder
(on the last line) is the name of your user folder, which may or may
not be the same as your user name. If you don't know the folder name,
type dir c:\users to list all the user folders on your PC. If your user folder name has spaces in it, add quotation marks, like this:
copy C:\Backups\NTUSER.DAT "C:\Users\Phillip J. Fry"
When you're done, pop out your Vista setup disc and restart your PC.
The aforementioned automatic hive file backups stored in the \Windows\System32\config\RegBack folder represent just one of several fail-safe systems built in to Windows Vista.
There's
also a way to undo a bad hardware driver installation without backing
up or restoring the Registry at all. Just open Device Manager,
right-click the cranky device, select Properties, choose the Driver tab, and click Roll Back Driver. If that doesn't work, right-click the device and select Uninstall.
When prompted, confirm that you want to delete the driver files. Then,
disconnect and reconnect the device, or restart Windows if reconnecting
isn't practical.
You
can remove petulant software with the Programs and Features tool in
Control Panel, but only if the program's uninstaller behaves itself.
Otherwise, search the Web for the program name and the word "uninstall"
to see whether there are any special removal tools or procedures for the
program you're trying to remove.
Of course, neither of these tools will do you much good if Windows won't start. There's also an entry called Last Known Good Configuration in the Vista startup menu , typically shown if Windows didn't shut down properly last time, or if you press the F8
key before Windows starts loading. In theory, this feature starts
Windows with an earlier collection of hardware drivers and settings
taken from the last successful boot. In practice, however, Vista seems
to have a hard time defining "good" (with respect to the Last Known Good
moniker), and is usually unable to find an earlier configuration that
either solves the problem or works at all. It's worth trying if you
don't have a valid Registry backup, but don't expect miracles.