Skip navigation

JSI Tip 2500. Backup the Registry and system State in batch, without a backup device.


In tip 2045 and links, I explained how to create an ERD, that the ERD does not provide for a controlled registry restore, how to backup/restore the System State, etc...

When you backup the System State, NTBackup backs up the following hives into the %SystemRoot%\Repair\Regback folder

default
NTUSER.DAT    (for the logged on user)(Use Regback.exe if your's doesn't.)
SAM
SECURITY
software
SYSTEM
NOTE: The System State backup in Windows XP and later place the hives in the %SystemRoot%\Repair folder.

You can use the System State backup to restore the system state,
but if you need to restore an older registry only,
it is best to copy the hives, using an alternate install.

By cutting/pasting the .bks path from the System State backup job's Properties,
I have created a batch file that maintains 3 versions of the System State and 1 month of registry versions.
I then delete the System State backup job and schedule my batch.

NOTE: While my laptop is docked, My server also backs up the network.

To use the following batch file, you must change the:

set bkpfldr=D:\ZZZBackup to your folder.

set bks="@C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\System_State_My.bks"
to the path you cut from the System State backup job's Properties.

The batch contains:

@echo off
set bkpfldr=D:\ZZZBackup
set bks="@C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\System_State_My.bks"
REM remove temporary registry files
if exist "C:\Documents and Settings\Reg00*" del /q "C:\Documents and Settings\Reg00*"
if exist %Systemroot%\System32\reg00* del /q %Systemroot%\System32\reg00* 
if not exist %bkpfldr%\bkp*.bkf goto BKPREG
if exist %bkpfldr%\bkp*.old_bkf del /q %bkpfldr%\bkp*.old_bkf
if exist %bkpfldr%\bkp*.prev_bkf rename %bkpfldr%\bkp*.prev_bkf *.old_bkf
if exist %bkpfldr%\bkp*.bkf rename %bkpfldr%\bkp*.bkf *.prev_bkf
:BKPREG
REM date /t returns Day_of_Week, Month, Day and year in my install. Alter the set statements if your install uses a different date format.
for /f "tokens=1,2,3,4* delims=/ " %%i in ('date /t') do set TDDAY=%%i&set TDMM=%%j&set TDDD=%%k&set TDYY=%%l
for /f "tokens=1,2* delims=: " %%i in ('time /t') do set TDHH=%%i&set TDMIN=%%j
REM Cut and modified from a scheduled System State backup
C:\WINNT\system32\ntbackup.exe backup %bks% /n "Bkp%TDYY%%TDMM%%TDDD%%TDHH%%TDMIN%" /d "Bkp%TDYY%%TDMM%%TDDD%%TDHH%%TDMIN%"
 /v:no /r:no /rs:no /hc:off /m normal /j "Bkp%TDYY%%TDMM%%TDDD%%TDHH%%TDMIN%" /l:f /f "%bkpfldr%\Bkp%TDYY%%TDMM%%TDDD%%TDHH%%TDMIN%.bkf"
MD %bkpfldr%\REGBKP%TDYY%%TDMM%%TDDD%
Copy %SystemRoot%\Repair\regback\*.* %bkpfldr%\REGBKP%TDYY%%TDMM%%TDDD%
REM Set old to one month ago
set TDMM=!%TDMM%
set TDMM=%TDMM:!0=%
set TDMM=%TDMM:!=%
set /a TDMM=%TDMM% + 100
set /a TDMM=%TDMM% - 1
if %TDMM% EQU 100 SET /a TDMM=112&SET /a TDYY=%TDYY% - 1
set old=%bkpfldr%\REGBKP%TDYY%%TDMM:~1,2%%TDDD%
REM Enumerate each Registry backup folder
for /f "Tokens=*" %%i in ('dir /B /AD /S %bkpfldr%') do call :parse %%i
goto end
:parse
set folder=%1
if /i not "%folder:~0,19%"=="%bkpfldr%\REGBKP" goto end
if /i "%folder%" LSS "%old%" RD /S /Q %folder%
:end
NOTE: I occassionally manually remove old backup catalogues, using the restore GUI.

NOTE: See tip 3200 » How do I recover Windows 2000?


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish