Backing Up and Restoring the Registry
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
It is important to back up your registry regularly, and it is also important to back up your current, working registry before you edit it. The greatest challenge to using a backup to restore a severely damaged registry is that Windows requires the registry to operate. The system constantly reads and writes to the registry, so without a functional registry to run Windows, you cannot easily start the registry restore tools. Saving a backup of the registry on removable media, a compatible disk partition, or a secure network share, can make it much easier to restore a computer to operation if an error prevents you from accessing files on your hard disk.
Maintain the highest possible security for the backup copy of your registry, especially if you are backing up the registry for a server. The registry contains sensitive security and user information that an attacker can use to circumvent your network security or to damage your system. Use the same physical security that you use on your servers to make sure that no one can access this information. If you are saving a backup to of the registry a network share, make sure that the share is secure. Also, make sure that the backup cannot be infected by a virus, so that you can restore your system if the entire network becomes infected.
Improve Security by Using Runas
Running your computer as a member of the Administrators group makes the system more vulnerable to security threats. It is a best practice to log on by using an account in the Users group and then to provide administrative credentials only to use administrative tools that require them. When backing up or editing the registry, consider using Runas, a command-line tool that allows you to issue commands as if they were issued by an account that is different from that of your current logon session.
For Runas syntax and examples, see Runas in Help and Support Center for Windows Server 2003.
Test Your Backup Methods
Before relying on any method for backing up or restoring the registry, be sure to test the method thoroughly on a non-critical system. It is important to verify that your restoration method will work with your particular system configuration. Practicing backing up and restoring the registry will allow you to identify any problems or limitations of your backup methods before you need to repair a non-working registry. For example, network policy settings might prevent you from using registry backup and restore tools on the affected system.
When to Back up Your Registry
Back up your registry regularly. It is a best practice to back up your system on a regular schedule. Make sure that you back up the entire registry as a part of this regular system backup.
Back up your registry before you edit it. Using the registry editors bypasses standard safeguards, and it is possible for you to make changes to the registry that degrade performance or cause system failure. Before you edit the registry, save a copy of each of the subkeys in which you plan to make changes. Backing up only a portion of the registry is typically faster than backing up the entire registry, and uses less storage space. However, backing up the entire registry can provide more complete recovery in the event of system failure. If you chose to create a partial backup, it should be in addition to the complete backup that you make on a regular schedule.
Back up your registry before you install or remove hardware or software. To avoid losing configuration information, back up the registry immediately before you intend to make hardware or software changes. This way, you can restore the system to its previous configuration if the changes conflict or degrade performance. Back up the registry again after you have made the changes and determined that they are successful.
How to Back Up Your Registry
Before restoring the registry from a backup of the working registry, be sure to create a second backup of the current non-working registry. In the event that you find that the settings of the registry files that you are about to restore are less functional than the current non-working registry settings, you might want to restore from the second backup.
The following are descriptions of several methods for backing up and restoring your registry. Choose the method or methods that best meet your backup requirements.
Backup is a utility included with Windows Server 2003 that you can use to back up and restore the entire registry. If you already use Backup to regularly back up your hard disk, you can easily include the registry in these backups.
Backup can create backup files on many kinds of media, including local and networked disk resources. Backup can create backups of files that are open and in use, in addition to closed files, so it is your best choice for creating a complete backup copy without disturbing active users or processes.
To back up the registry by using Backup, when you select the drives, files, and folders that you want to include in a backup set, also select System State. System State is a collection of system-specific data maintained by the operating system, which includes the registry. When you choose to back up or restore System State data, all of the data that is relevant to your system configuration is backed up or restored. Because it must be backed up and restored as a unit, the file size of this backup can be hundreds of megabytes. To restore the registry by using Backup, restore System State.
Ntbackup.exe is a command-line tool that allows you to create backup files of your registry. Ntbackup.exe cannot be used to restore your registry, but Ntbackup.exe files can be used with Backup to perform the restoration.
For more information about using Ntbackup.exe to backup your registry, see Ntbackup in Help and Support Center for Windows Server 2003.
Manually Copying Files
You can back up the registry by manually copying the registry files from their storage location in the file system to another location. However, to make use of these files in the event of registry failure, you need to be able to start the computer by using an operating system that can read both the file system of the backup media and of the partition in which the non-working operating system is installed. Because you cannot copy files while they are open and in use, and the files that constitute the registry are always open and in use while the operating system is running, you cannot simply copy them as you would a typical file. To copy these files, you must shutdown the operating system and use another installed operating system or utility that can access and read the file system.
To back up the registry by manually copying files, copy all files in Systemroot\System32\Config to removable media, a network share, or a compatible partition. Be sure to note the actual path to these files, because Systemroot resolves differently when your computer is running a different operating system.
To restore the registry by manually copying files, copy the backed up registry files from their backup location to their original location (the location indicated by Systemroot\System32\Config when the associated operating system was running). This overwrites all registry settings with those in the backed up registry files. Restart the computer by using the repaired operating system.
Regedit.exe and Reg.exe
The registry editor Regedit.exe and the command-line tool Reg.exe allow you to back up and restore individual subkeys, keys, or whole subtrees by saving parts of your registry as files on your computer, removable media, or network shares.
Reg.exe can only be used to modify local registries, but Regedit.exe can be used to modify both local and remote registries. If a problem prevents users from logging in but does not stop the system from starting up, you might be able to connect to that system remotely from another computer by using Regedit.exe.
For more information about using Regedit.exe to backup and restore your registry, see Registry Editor overview in Help and Support Center for Windows Server 2003, or see Help in Regedit.exe. For more information about using Reg.exe to backup and restore your registry, see Reg in Help and Support Center for Windows Server 2003.
RegBack.exe, RegRest.exe, and Regedt32.exe
The functionality of the Windows 2000 Resource Kit Tools RegBack.exe and RegRest.exe is now integrated into Reg.exe. The functionality of the Windows 2000 registry editor Regedt32.exe is now integrated into Regedit.exe.
Other Recovery Methods
If your system cannot be restored from an available backup, consider the following recovery methods.
Last Known Good Configuration
Do not rely on Last Known Good Configuration as your only method of restoring the registry. It is a limited restoration that only restores information in HKLM\SYSTEM\CurrentControlSet. For this reason, Last Known Good Configuration is a convenient way to restore your hardware configuration, but is only effective when your problem is the result of hardware-related registry settings.
For more information about recovering a system that does not start, including startup options, Recovery Console, and Automated System Recovery (ASR), see "Disaster Recovery" in Help and Support Center for Windows Server 2003.