



 |
Troubleshooting and Configuring the Windows NT/95 Registry
-4-
Protecting the NT Registry
The Registry is a precious and important part of the Windows NT system. Because
so many things can go wrong with the Registry, and because such dire consequences
are associated with its failure, it's imperative that you protect the Registry as
much as possible. To protect against a failure of the Registry, there needs to be
an additional copy to replace the corrupted one.
TIP: Motto: planning before prevention,
prevention before anticipation, and anticipation before crisis. Dealing with the
Registry is a perfect example of this motto in action. Mistakes with the Registry
can turn into crises, so you must plan, prevent, and anticipate problems to avoid
crises.
When discussing Registry protection, you might wonder whether you can copy and
save the files to another disk, or whether you can copy the files from another system.
The answer to both is a resounding no! Registry files are locked when NT is
running, and only a special program can copy them to another location. This chapter
presents four ways to protect the Registry:
- The Repair Disk Utility
- Using NT Backup to protect the Registry
- Third-party applications to back up the Registry
- Special options for multiboot systems and FAT volumes
Each Registry-protection strategy has its benefits and limitations. But whatever
method you choose, back it up! Decreases in productivity because of Registry
losses are shameful. It's no fun at all to get your system running after a disaster
without a good backup. After you read this chapter, you'll know how to keep that
from happening to you.
The Repair Disk Utility
The Repair Disk Utility, RDISK.EXE, is the first step in protecting your
Registry. It will create a partial copy of the Registry. Having that copy on the
local computer's hard disk is a fast and easy way to recover from minor errors. This
cannot be a regular copy from Explorer or File Manager, but must be created with
RDISK.EXE. You can also create a disk copy of the information with it. Then,
even if the system's hard disk is unusable, and the hard disk cannot read the repair
data, there is still a way to recover the Registry. (This will be explained in detail
in Chapter 5, "Recovering from an NT Registry Failure.")
When you installed Windows NT, you were prompted to create an Emergency Repair
Disk, or ERD. You were also given an option to do it later. By the time you
got to that point in the installation, you were probably tired of sitting there and
chose not to create the disk. Unfortunately, that decision may come back to haunt
you.
TIP: You should create an Emergency
Repair Disk when you are prompted for it during installation.
However, you must do more than simply create an ERD. You must also maintain a
current copy. The ERD holds the system section of the Registry. It includes the pointers
to the drivers that are used to control the hardware and the settings for each of
those drivers. Imagine the problems you would face if, after you changed or added
a device (like a disk-drive controller), the Registry failed. If you repaired the
current Registry with a Registry that has other settings or devices, the system might
not work. Unfortunately, that has led to many a reinstallation of NT. So, you should
update your Emergency Repair Disk every time you make a significant hardware or software
change to the system.
Creating a Safe Copy of the Registry
and an Emergency Repair Disk
To update the safe copy of the Registry, create a new ERD. To update your current
safe copy, run RDISK.EXE from the command prompt. That safe copy of the
Registry is saved in a different location, and is not changed by editing or application
installation. It is a snapshot copy of part of the Registry taken for later use.
Running RDISK.EXE will bring up the dialog box shown in Figure 4.1. Select
the Update Repair Info button to copy the Registry to a safe place on the hard disk
drive, and the Create Repair Disk button to copy it onto a floppy disk.
Figure
4.1. Opening dialog
box for the Repair Disk Utility, RDISK.EXE.
Click the Update Repair Info button to change the system information in the \WINNT\REPAIR
directory (shown in Figure 4.2).
RDISK.EXE replaces selected files that are saved in the \REPAIR
directory with new files that contain updated information about the system configuration.
As Figure 4.2 illustrates, not all Registry files are saved, so running the Repair
Disk Utility is not all that you should do to protect your systems. The files are
saved in a compressed format, so they can fit on a high-density disk.
To copy the files to the disk, choose Create Repair Disk from the options shown
in Figure 4.1. The Repair Disk Utility will format the disk before saving the configuration
files, so any data currently on the disk will be lost.
Figure
4.2. Files in the
\WINNT\REPAIR directory.
TIP: Label the disk with the
computer name (the one it uses in NT) and date it. For example, if you make a new
ERD for the system called SALES1 on January 12, 1997, create a label that
includes that information, plus your name, so others can talk with you if there are
problems. That will make it easier to select the correct disk for repairs, and help
the user get back up and running sooner.
NOTE: Running RDISK.EXE
-S will automatically save the repair information to the hard disk. After that
information is saved, you will be prompted to create a repair disk, which will be
an additional safety net. The information saved to the hard disk is actually the
data used to restore the Registry with Last Known Good, as described in Chapter 5.
The ERD is used in conjunction with the installation program to repair the system.
It will also be explained in Chapter 5.
Last Known Good relies on the information stored on the hard disk for its repair
functions. If you don't save the information to the hard disk, Last Known Good restores
old information, possibly causing the system to fail. Run RDISK.EXE regularly
to ensure that your Registry is protected, both on the hard disk and on the Emergency
Repair Disk.
Using NT Backup to Protect the Registry
Microsoft includes a utility to back up files, including Registry files, called
NT Backup. It requires a supported tape drive, and can back up and restore files
from any drives on the local system, as well as from any network-connected drives.
It can back up those drives whether they use the Windows NT file system (NTFS) or
the file allocation table (FAT) file system. It is powerful, very fast, and fully
integrated into Windows NT.
To launch NT Backup, select Start | Programs | Administrative Tools and click
Backup. The opening window (shown in Figure 4.3) shows the available drives on the
system, plus any that are mapped from other systems on the network. It's possible
to back up and restore local and remote files on any NTFS or FAT volumes from your
own computer using an attached tape drive.
Figure
4.3. Select the
drives to back up with NT Backup.
Choosing a drive automatically selects all the directories and files on the drive.
Double-click the drive letter, and the files that are in the directory are shown.
Figure 4.4 shows the list of the files. Deselect any that you do not want to back
up. Most of the time, the only reason not to back up information is if there is a
limited amount of space on the tape. Then you could choose not to back up something
that you already had a good copy of.
WARNING: Some people mistakenly believe
that if they have the software on disk, they don't need to back it up. If you don't
back up the software as well as the data, it may take days to get all the software
correctly installed again.
Figure
4.4. NT Backup offers
an easy way to back up the Registry.
TIP: Deselect the paging file
(in the \WINNT directory) so it will not be backed up. There is no need
to back it up because NT will recreate it if it is missing. Deselecting it will save
a lot of tape space and boost your backup performance.
The files can be backed up by individual files (including hidden files), directories,
whole volumes, or multiple volumes. Verification is available to ensure reliable
backups or restorations, and access can be limited to the owner or administrator.
However, the Registry is not automatically backed up. Without a backup of the Registry,
even if the files are restored to a new system, the applications won't work. On the
other hand, restoring a Registry over a new system with different hardware could
make the hardware inaccessible.
TIP: If you are backing up
your system for protection against disaster, make sure the Registry is fully backed
up. If you are going to move the data to another system, use the advanced features
in Chapter 10, "Making Manual Changes to the Registry Using REGEDIT.EXE,"
to copy only portions of the HKEY_LOCAL_MACHINE/Software keys to the new
system.
To add a copy of your registry to the backup set, choose Operations | Backup and
select the local drive where the Registry is stored. Then select the Backup Local
Registry check box, as shown in Figure 4.5.
There is no option to include the Registries of the other computers, however.
That must be done from the local machine only, and is one of the major limitations
of NT Backup. For an alternative choice of programs, see the "Professional Backup
Programs for Windows NT" section near the end of this chapter.
Figure
4.5. Choosing to
include the local Registry in the backup.
After the drives are selected and you choose to continue to back up the drive, NT
Backup prompts you for information about the tape. If you are using a new tape, you
will be asked to supply a name for it. If you have inserted a tape that has been
used previously, you will be given the choice to retain the name or to rename the
tape, as shown in Figure 4.6.
Figure
4.6. Tape information
is critical for later backup.
When the backup is completed, a notice similar to the one shown in Figure 4.7 appears
on-screen. It is then okay to remove and secure the tape in a safe place for use
in case of disaster.
Figure
4.7. The Verify
Status screen, shown after a successful backup.
WARNING: Never remove
the tape until NT Backup indicates that it is safe to do so. The only times it will
tell you to do that is when the backup is finished, another tape is required to finish
the backup, or if the tape is defective. To get all of the data back into the system,
you need to restore it using NT Backup. Windows NT must be running with a supported
tape drive installed. The restoration process is discussed in greater detail in Chapter
5. Just as a note, though, you can restore the Registry files by selecting Operations
| Restore and checking the Restore Local Registry check box. You will also be given
the opportunity to restore file permissions, which is critical. Figure 4.8 shows
the screen that gives you that option.
Figure
4.8. Dont forget
to restore the Registry if necessary.
Using Options with NT Backup for
More Versatility
NT Backup can also be run from the command line, which allows any desired options
to be activated with a single command. When NT Backup is then launched, no additional
user input is required. Choosing the /b command-line option backs up the
local Registry.
Other options that can be used on the command line are shown in Table 4.1.
Table 4.1. Command-line backup options.
Option |
Description |
backup |
Sets the system to back up the drives. |
restore |
Sets the system to restore the data. |
/t (type) |
Specifies the type of backup (normal backs up all files; incremental
only backs up files that changed since the last backup). |
/a |
Appends the new backup at the end of the current data on the tape. If this option
is not selected, the data currently on the tape will be overwritten. |
/v |
Verifies the backup operation to ensure it went as planned. |
/r |
Restricts file access to the owner or administrator. The Backup operators can still
back up and restore, but they cannot read the files. |
/d text |
Sets a description of the backup contents. |
/hc:on or /hc:off |
Turns on or off hardware compression. |
With these options, you can create a batch file to automate repeated backups of drives.
These are the most commonly used options, but there are other options available.
Those options and more details are shown in the help file for NT Backup.
WARNING: Just because you chose
the Verify option and it finished with no errors doesn't mean that your backup is
error-free. The only way to ensure that your data will be available is to use multiple
tapes, rotating them daily. Use a Monday tape set, a separate set for Tuesday, and
so on. Then make an extra set for the weekend. Also, keep them off-site for protection
against damage and theft.
TIP: Backup tapes will not last forever.
Replace them annually to ensure correct backups.
Examples of NT Backup Command Lines
If you wanted to back up all the files on your local drives (C: and D:),
back up the Registry, verify the operation, and name the backup "Full Monthly
Backup", the command line
would be
ntbackup backup C: D: /t normal /v /d "Full Monthly Backup"
If you wanted to back up only the files that have changed on drives M: and
N: (mapped from other systems on the network), verify the backup, and name
it "3/12/97 Changes", the command line would be
ntbackup backup M: N: /t incremental /v /d "3/12/97 Changes"
Whatever your choices, it would be very easy to add that line to a batch file,
making it simpler to activate the backup process.
Limitations of NT Backup
The three most pressing limitations of NT Backup are
- NT Backup will not back up files (including hidden files) or directories that
you do not own or whose access has been restricted. To ensure a full backup, make
sure you are a member of the Backup Operators group. Members of this group can back
up items even if they do not have direct ownership or the other specific permissions.
They cannot read the files, but they can back them up.
- The best and most important example of this is home directories for users on
the network. Access to those directories is restricted to every user (including the
network administrator) except the owner of the directory. Unless the user who is
logged on is a member of the Backup Operators group, only the directories will be
backed up, not the files inside.
- Ensure that the user who will be backing up the files is added (by the network
administrator) to the Backup Operators group in User Manager for Domains.
- NT Backup cannot be used to back up registries on remote computers.
- NT Backup has no scheduling capabilities of its own. It has to be run from the
command prompt unless an outside scheduler is used. With an outside scheduler, it
only launches the application or batch file. Even if there is a problem or failure
during the backup, the schedule has already been completed just by the launch of
the application. With an internal scheduler, the schedule is reset only when the
application completes its task. Imagine your chagrin if you assumed the backup went
as planned, but it had failed. You might get a message in the Event Viewer, but you
might not.
Using the NT Schedule Service and
the AT Command to Automate Backups
The AT command sets up a schedule to run programs at a specified time
and date. It can run on your own computer, or you can schedule it to run on another.
The Schedule service must be running for the AT command to work. To activate
the Schedule service, select Services in the Control Panel. Scroll to find Schedule
and change the Startup options. If you will be using the AT command, you
must set the Schedule service startup option to Automatic.
After the AT command puts the command into the Schedule service, the
service takes over and launches the application at the appointed time.
NOTE: Because scheduled commands
are stored in the Registry, scheduled tasks are not lost if you have to restart the
Schedule service or your computer.
To back up all the files on the C: drive and in the Registry on the server
called BACKSERV every night at 10:00 p.m., use the following command:
AT \\BACKSERV 22:00 /every: M,T,W,Th,F "ntbackup.exe backup c:\ /b"
TIP: Without any parameters
listed, AT lists currently scheduled commands in the queue. After you queue
your command, run AT without any parameters to see if it's actually listed
in the schedule.
NOTE: To use the AT
command, you must be a member of the local administrators group. If you are not a
member, you will receive an error, and the command will not be put in the Schedule
queue.
Unfortunately, the AT command is not particularly reliable. Sometimes
it works, and sometimes it doesn't. The Schedule service does its job very well,
and as long as the command is queued correctly, it will work. Unfortunately, the
reliability of the AT command to get the command queued is questionable.
Even if the command is used correctly with no syntax errors, it will not always
work. In fact, there are times when a batch file will work, and other times when
the same file will not. Because of this, it is not recommended.
Using Third-Party Applications
Microsoft, by its own admission, does not offer the best in system utilities.
It focuses on the core operating system, and depends on third-party companies to
fill in when NT utilities need extra help. In many cases, shareware applications
can adequately meet the needs of most users. Unfortunately, no shareware backup programs
are currently available. The amount of effort involved to create and maintain a top-quality
program requires it to be a commercial product. Third-party backup programs can even
be quite expensive. However, for the money, the programs listed here do an outstanding
job of maintaining a backup for nearly any size organization. For that reason, most
system administrators go to a professional-level backup program and use one of the
following programs.
Professional Backup Programs for
Windows NT
Table 4.2 lists the programs that are currently considered to be the best professional
backup programs for Windows NT. Each has its benefits and shortcomings, and some
are better at certain tasks than others. You can find reviews of these products in
computer magazines and at Internet sites (such as www.winntmag.com).
Table 4.2. Professional backup programs for Windows NT.
Product |
Company |
Phone Number |
ARCServe |
Cheyenne Software |
800-243-9462 |
NetWorker |
Legato |
415-812-6000 |
Backup Exec |
Seagate Software |
800-327-2232 |
Storage Manager |
Seagate Software |
800-327-2232 |
Backup Director |
Seagate Software |
800-327-2232 |
UltraBac |
Barratt Edwards Intl |
206-644-6000 |
Whichever program you choose, make sure you back up regularly, rotate your tapes,
and store tapes off-site for optimum protection.
TIP: Cheyenne ARCServe, version 6,
allows you to restore a full Windows NT system to a completely bare drive. It comes
with a DOS command-line utility that allows the restoration without NT already running.
As of this writing, it is the only product on the market that allows that. However,
other products will soon catch up and include that feature. If at all possible, get
software with that feature. Not only will it save you time, but it will also ensure
that your entire system gets restored. In the Advanced Registry Editing section of
Chapter 7, "Recovering from a Windows 95 Registry Failure," you'll find
a tip urging you to restore shares to an existing Windows NT system because a restore
from tape will not do it. By using ARCServe version 6, or others that have the same
feature, you will eliminate that requirement.
Types of Backups
No matter what type of program you use, you can make different types of backups
depending on the type of data to be backed up, tape capacity, and personal preference.
The type of backup you perform also affects your restoration process (as shown in
Chapter 5). The two most common types are full backups and incremental (or differential)
backups.
Full Backup
As the name implies, a full backup backs up everything on the hard drives. Full
backups offer the best protection and the easiest restoration; they also require
the most tape capacity. Without sufficient capacity, you might have to use additional
tapes, which eliminates the possibility of performing unattended backups in the middle
of the night. However, full backups make the most sense for a data server, where
most of the files change every day anyway.
Incremental Backups
By reducing the backup to only the files that have changed, the tape capacity
can be significantly reduced. The tape backup program examines the attributes of
the files on the hard drive to determine whether they have changed. If they have
changed, they are backed up.
An effective backup strategy is to perform a full backup once a week or once a
month. In between the full backups, simply back up any files that have changed. Every
backup program mentioned in Table 4.2 is capable of performing both types of backups.
NOTE: Microsoft recommends
that you create a 300-500MB boot and system volume so that you can easily recover
from a Registry or disk-drive disaster. By having that volume and booting to a DOS-based
operating system, the Registry files are no longer locked and can be copied without
limitation. Applications and data files can be put on an NTFS volume using RAID 5
(striping with parity), ensuring their availability (even in the case of a disk-drive
failure). The only problem with this is that FAT volumes offer none of the protection
or fault tolerance offered by NTFS volumes. In essence, you must choose between easy
copying and restoration versus fault tolerance and security. One solution to this
dilemma is to use hardware RAID instead of the software RAID included in Windows
NT. Then, you would get optimum protection and still have the ability to boot to
DOS and copy or restore the Registry easily.
The disadvantage of an incremental backup strategy is in its restoration after
a crash. The restoration process requires that you go back to the full backup and
restore it, then restore every incremental backup in order (without skipping any).
Skipping is dangerous because the skipped backup may contain a file that was never
changed (and hence, was never backed up) on any of the other tapes.
Special Options for Dual-Boot Systems
Hives are only locked from use when NT is running. If you boot to another system,
DOS, Windows 95, or even another copy of Windows NT, you can easily copy all the
files in the \WINNT\SYSTEM32\CONFIG directory to another drive (even to
a removable media drive like the ZIP or JAZ drives from Iomega). It's a fast and
easy way to copy files, and it's also very easy to restore them. Simply highlight
the files in File Manager (Windows 3.x) or Explorer (Windows 95) and copy them to
another location.
If the system volume (where NT is stored) is a FAT volume, any other operating
system can see and copy the files. If the system volume is NTFS, only NT, Linux,
and utilities such as NTFSDOS.EXE can read and copy them.
NOTE: Beware of the potential
security problems associated with Linux and NTFSDOS.EXE. If you can copy
the files, so can others. The only real protection you have for your files is physical
security: locking them behind closed doors, forcing others to access them through
the network.
Summary
No matter how you decide to back up the Registry, it's crucial that you do it.
It's recommended that you perform more than one backup, using the RDISK.EXE
utility for immediate help, and using a backup program as a part of your everyday
routine as insurance against other crashes.
Protect your backups and your repair disks, and be diligent about maintaining
your Last Known Good information. Maybe you will be one of the rare people who never
need it, but at least you will sleep better knowing you are well protected.
|