In
tip 2045 and links, I explained how to create an
ERD, that the
ERD does not
provide for a controlled registry restore, how to backup/restore the System State, etc...
When you backup the System State, NTBackup backs up the following hives into the %SystemRoot%\Repair\Regback folder
default NTUSER.DAT (for the logged on user)(Use Regback.exe if your's doesn't.) SAM SECURITY software SYSTEMNOTE: The System State backup in Windows XP and later place the hives in the %SystemRoot%\Repair folder.
You can use the System State backup to restore the system state,
but if you need to restore an older registry only,
it is best to copy the hives, using an alternate install.
By cutting/pasting the .bks path from the System State backup job's Properties,
I have created a batch file that maintains 3 versions of the System State and 1 month of registry versions.
I then delete the System State backup job and schedule my batch.
NOTE: While my laptop is docked, My server also backs up the network.
To use the following batch file, you must change the:
set bkpfldr=D:\ZZZBackup to your folder.
set bks="@C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\System_State_My.bks"
to the path you cut from the System State backup job's Properties.
The batch contains:
@echo off set bkpfldr=D:\ZZZBackup set bks="@C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\System_State_My.bks" REM remove temporary registry files if exist "C:\Documents and Settings\Reg00*" del /q "C:\Documents and Settings\Reg00*" if exist %Systemroot%\System32\reg00* del /q %Systemroot%\System32\reg00* if not exist %bkpfldr%\bkp*.bkf goto BKPREG if exist %bkpfldr%\bkp*.old_bkf del /q %bkpfldr%\bkp*.old_bkf if exist %bkpfldr%\bkp*.prev_bkf rename %bkpfldr%\bkp*.prev_bkf *.old_bkf if exist %bkpfldr%\bkp*.bkf rename %bkpfldr%\bkp*.bkf *.prev_bkf :BKPREG REM date /t returns Day_of_Week, Month, Day and year in my install. Alter the set statements if your install uses a different date format. for /f "tokens=1,2,3,4* delims=/ " %%i in ('date /t') do set TDDAY=%%i&set TDMM=%%j&set TDDD=%%k&set TDYY=%%l for /f "tokens=1,2* delims=: " %%i in ('time /t') do set TDHH=%%i&set TDMIN=%%j REM Cut and modified from a scheduled System State backup C:\WINNT\system32\ntbackup.exe backup %bks% /n "Bkp%TDYY%%TDMM%%TDDD%%TDHH%%TDMIN%" /d "Bkp%TDYY%%TDMM%%TDDD%%TDHH%%TDMIN%" /v:no /r:no /rs:no /hc:off /m normal /j "Bkp%TDYY%%TDMM%%TDDD%%TDHH%%TDMIN%" /l:f /f "%bkpfldr%\Bkp%TDYY%%TDMM%%TDDD%%TDHH%%TDMIN%.bkf" MD %bkpfldr%\REGBKP%TDYY%%TDMM%%TDDD% Copy %SystemRoot%\Repair\regback\*.* %bkpfldr%\REGBKP%TDYY%%TDMM%%TDDD% REM Set old to one month ago set TDMM=!%TDMM% set TDMM=%TDMM:!0=% set TDMM=%TDMM:!=% set /a TDMM=%TDMM% + 100 set /a TDMM=%TDMM% - 1 if %TDMM% EQU 100 SET /a TDMM=112&SET /a TDYY=%TDYY% - 1 set old=%bkpfldr%\REGBKP%TDYY%%TDMM:~1,2%%TDDD% REM Enumerate each Registry backup folder for /f "Tokens=*" %%i in ('dir /B /AD /S %bkpfldr%') do call :parse %%i goto end :parse set folder=%1 if /i not "%folder:~0,19%"=="%bkpfldr%\REGBKP" goto end if /i "%folder%" LSS "%old%" RD /S /Q %folder% :endNOTE: I occassionally manually remove old backup catalogues, using the restore GUI.
NOTE: See tip 3200 » How do I recover Windows 2000?