Using ERUNT to make Automatic Backups,
and Recovery of the Windows XP/2000/NT Registry

By Mike Boesen

The following article will be of interest to people who have Windows XP, NT or 2000 operating systems. The application ERUNT is applicable to all three systems. However, for the sake of conciseness, I have used the term XP throughout.

If you have installed some application on your PC and it has stuffed up your Registry, or done something else to achieve the same unhappy result, it is worth trying the System Restore function. Sometimes that will get your Registry back to the way you want. However, System Restore has not always worked for me, especially when I really needed it. I decided that I needed a failsafe, foolproof way of restoring my registry. This article describes the way I do that using an excellent freeware application named ERUNT (Emergency Recovery Utility NT).

My registry backup and recovery strategy reflects the following assumptions:

THE ERUNT REGISTRY BACKUP APPLICATION

Fortunately all that is possible. A key utility that I use in ensuring I can do all that is the registry backup application ERUNT, which was created by Lars Hederer. If you download and install ERUNT it will create a full registry backup automatically at the time you first boot your PC on each day. The backups are saved to folders on your hard drive, with each day's backup in a separate folder. It is recommended that the backup folders be located in a folder under the C:\WINDOWS\ folder to ensure that you can access the backups in the event that you cannot boot normally. The default settings used by ERDNT save the registry backups in daily folders created under this folder: C:\WINDOWS\ERDNT\AUTOBACKUP\ The daily folders have a name format of dd-mm-yyyy.

Installing ERUNT is straightforward - run the ERUNT-SETUP.EXE file that can be downloaded from the site above. I highly advise you to read the very informative README.TXT file that the installation creates.

During installation, ERUNT will modify your Startup process so that it will function to create a full registry backup automatically at the time of first boot of every day. In addition, I suggest you accept the setup option of having a shortcut to the ERUNT.EXE executable placed on your desktop or in some other easy to find location. This will enable you to easily create additional backups whenever you feel like it - for instance, before installing some application that might stuff up your registry! For example, in addition to the normal daily backup created at first boot on 2005-06-28, you could create a backup in a folder named

C:\WINDOWS\ERDNT\2005-06-28A\ or C:\WINDOWS\ERDNT\2005-06-28BEFORETEST\ or whatever.

The default settings created during the installation of the currently available version (1.1h) generate a setup with the following characteristics.

The default folder under which the backup folders are located is %systemroot%\ERDNT\Autobackup\ For most folk %systemroot% is C:\WINDOWS\, so the backup folders will be under C:\WINDOWS\ERDNT\AUTOBACKUP\ I have changed my setup so that the backup folders are located under C:\WINDOWS\ERDNT\ because the \AUTOBACKUP\ folder is redundant and puts the backups one level further down in the folder structure. (Note: ERDNT is not a typo.)

The folder created for each day is in the format dd-mm-yyyy (e.g. 28-06-2005). I have changed my system so that the folders created are in the format yyyy-mm-dd because I want the folders to always be in chronological order. Hence, on my PC the folder for today's saved registry would be C:\WINDOWS\ERDNT\2005-06-28\

When the backup is created at the first boot of the day, the backing up proceeds invisibly. I have changed my setup so that the process is visible and I can see what's going on. However, it proceeds automatically, so I don't need to be around when it happens.

ERUNT saves up to 30 day's worth of registry backups in the folders it creates. After 30 folders are there, ERUNT automatically deletes the most aged folder so that the maximum is kept at 30. For my registry it takes about 46 Mb per folder, so 30 days worth plus some ad hoc saves takes up a significant amount of space on the hard drive. However, it is very easy to delete saved registry folders that are excess to requirements. Every now and then, simply get into Windows Explorer or your favourite substitute explorer (I use PowerDesk) and delete aged backup folders which you feel you will not need (or can't afford space for). The only problem with this is that you may forget to do such housekeeping, so the space occupied with backups may stay at the full 30 day's worth. So I have changed my setup so that only 7 days' of folders are saved automatically, plus my ad hoc backups.

Overall, the automatic saving of backups of the registry works extremely well. Most users will be happy to let the number of backups increase to the maximum of 30 (if they have enough space), or else will be relaxed about deleting aged backups from time to time. If you want to set up an automated system in which the number of days of backups is limited to a figure less than 30, then read appendix 1 to this article. That appendix also explains how I modified the default setup to suit my requirements..

RESTORING A REGISTRY -- NORMAL SITUATION

If you want to replace your existing registry with a backed up registry, and your PC is already booted into Windows XP or you can reboot into Windows XP, the recovery process is very simple. In each backup folder is a copy of the executable ERDNT.EXE (not ERUNT.EXE) plus all else that is needed to make the restoration. So in Windows Explorer or your normal Explorer go to the folder that has the backup in it that you want to restore. Then double-click on the copy of ERDNT.EXE which you will find in that folder. Bingo - that backed up registry will be restored!! It's that easy.

RESTORING A REGISTRY -- AFTER BOOTING INTO SAFE MODE

Most times you will probably be able to restore the registry that "normal" way. However, in a few cases you will be unable to boot your PC into Windows XP the normal way. (As they say in the shiny hair ads"may not happen overnight, but it WILL happen".) If you are in such a situation, then there are a number of recovery scenarios which are described in ERUNT's readme.txt file. For instance, if you can boot your PC in Safe Mode, then you can get into Windows Explorer and do the restoration as described in the previous paragraph. Read the README.TXT file to learn how to boot in Safe mode. Of course, this is more involved than the situation where you are able to boot in Windows XP, but still relatively easy.

RESTORING A REGISTRY - CAN'T GET INTO XP NORMALLY AND CAN'T BOOT INTO SAFE MODE

If you cannot boot into either the normal XP mode or Safe Mode, then the process of restoring a backup of the registry gets more complicated, but can be done. You may be able to get into the DOS-equivalent command-line mode by using your original XP CD to get into its recovery process. Note that in order for your PC to boot from the XP CD the BIOS on your PC's motherboard needs to be configured so that your PC will boot from one of your optical drives (CD drive or DVD drive) BEFORE it tries to boot from the hard drive. This will already be the case if whomever configured your hardware initially did it properly. Test it by closing down, then see if you can boot your PC by putting the Windows XP CD in your optical drive just after you turn the power on. If it will boot from the XP CD then your BIOS is probably configured OK. If it will not boot from any optical drive, I suggest that you configure your BIOS now so that the device boot order is either: floppy drive, optical drive, hard drive, OR optical drive, floppy drive, hard drive.

If you can boot using the original XP CD and can get into its recovery function, you will end up with the old DOS-type command-line environment. Yuk!! Then use the CD (Change Directory) command to go to the folder on your hard drive under which the daily backup folders are located. If that folder is C:\WINDOWS\ERDNT\AUTOBACKUP\ then type CD C:\WINDOWS\ERDNT\AUTOBACKUP and hit Return. For me it would be CD C:\WINDOWS\ERDNT\ and hit Return. Then list the daily backup folders using the DIR (DIRectory) command. So type DIR and hit Return. Note that the names of the daily backup folders will be listed to the RIGHT of the colunn with the text <DIR> in it. Then go to the appropriate daily backup folder using the CD command (e.g. type CD \28-06-2005 and hit return). On my system it would be CD \2005-06-28 and hit Return. Check that you are inside the backup folder by typing DIR then hitting Return. Included in the file listing shown will be a file named ERDNT.EXE. (There is one of those files in EVERY daily backup folder.) Then restore the registry by typing ERDNT.EXE then hitting return.

Then remove the CD from your optical drive, turn your PC off, and then do a normal reboot. If the problem that was preventing your PC from booting normally was a corrupt registry, hopefully this process will have fixed the problem.

Read ERUNT's readme.txt file to learn more about how to get to the command line mode using the XP CD recovery method.

RESTORING A REGISTRY - AFTER BOOTING BY USING A BART PE CD

Recovery using the XP CD's recovery process is a basic technique involving the use of a few command line terms. There is a more elegant way of restoring the registry from one of your backups if you cannot boot into either normal XP mode or Safe Mode. But this is definitely not for the uninitiated as it requires you to make a bootable CD to be used instead of the XP CD. In the ERUNT README.TXT file there is reference to making such a CD - a Bart PE CD. Such a CD can be used to boot your computer into a Windows XP-equivalent graphical user interface so no command line skills are required to use its functions. Once your PC has booted to the Bart PE interface, you can run the A43 File Management System utility that is a Windows Explorer substitute. You can then go to the appropriate daily backup folder and restore the registry by double-clicking on the file ERDNT.EXE. There are also a few other open source utilities that can be run and some could be useful.

However, creating a Bart PE CD requires geek skills, especially if your XP CD does not have the SP2 update included in it. In that case, you would need to create an ISO image of the XP CD with the SP2 updates applied. That can be done using the very nice application Autostreamer.

RESTORING A REGISTRY - AFTER BOOTING BY USING A UBCD4WIN CD

There is another excellent bootable CD creator that is based on the Bart PE engine, but which has more open source applications available to the user. It's UBCD4WIN (Ultimate Boot CD for Windows). This CD is created in much the same way as the Bart PE CD, but with the Bart PE applications ("plugins") being replaced by another larger set. For instance there are a number of File Management explorers, a registry editor, and a number of hard drive tools including a very thorough hard drive testing utility named DiskCheck.

A very detailed step by step list of instructions for making the UBCD4WIN CD are here. Once made, the CD can be used to boot your computer into a Windows XP equivalent mode and it can be used in the same way as the Bart PE CD to restore any of the registry backups that are on your hard drive.

CLOSING COMMENTS

I hope that this article is of some use to you. Some day in the future you will need to restore a backup of the registry, and it may not be possible to do it through System Restore. I recommend that at minimum, you install and use ERUNT in its default configuration and on occasions, manually delete any aged registry backups that are excess to your needs. If you have advanced skills, I recommend that you modify the startup system so that the number of registry backups is limited to a number of your choice (see Appendix 1), and to create a Bart PE CD or a UBCD4Win CD and put it with your security blankets for that day when stuff happens.

Mike Boesen

28 June 2005


APPENDIX 1
LIMITING THE NUMBER OF REGISTRY BACKUPS SAVED BY ERUNT AND MAKING OTHER CHANGES TO THE DEFAULT SETUP

During the ERUNT installation procedure an application named AUTOBACK.EXE is installed automatically. This executable is the one that does the automatic saving during first bootup for each day. This can be configured through so-called "command line" options to do things differently to the default settings. For instance you can make the automatic saving operation visible and save, say, only 7 (or more or less) days of backups instead of the 30.

In addition, you can create a file named ERUNT.INI and set options in it to implement things a little differently - for instance, having a date format of yyyy-mm-dd instead of the default dd-mm-yyy

All the command line options and ini file options are explained in the file README.TXT that can be found in the folder into which you installed ERUNT. However, some of the content in that file was unclear to me.

This is what I have done in setting up my system:

I installed ERUNT in the folder c:\program files\erunt\ (which I recommend as the preferred location)

The user name I am using in XP is Mike. The installation automatically creates a Startup shortcut labelled "ERUNT Autobackup" in this folder:

C:\Documents and Settings\Mike\Start Menu\Programs\Startup\

You can locate that shortcut using Windows Explorer. (But a much simpler way of getting quickly to the shortcut in the right Startup folder is through a very nice freeware application named Autoruns. If you install Autoruns, then execute it, you will be able to scroll to the Startup item labelled ERUNT Autobackup.lnk If you double-click that item it will take you to the shortcut in the right Startup folder. Real easy.)

Having found the shortcut right-click it. Select Properties and on the Shortcut tab, change the Target to the following, with a space before the first %, sysreg, curuser, otheruser and the two slashes:

"C:\Program Files\ERUNT\AUTOBACK.EXE" %SystemRoot%\ERDNT\#Date# sysreg curuser otherusers /alwayscreate /days:7

Then hit Apply and OK and exit from Explorer (and from Autoruns, if you are using it).

All the stuff after "C:\Program Files\ERUNT\AUTOBACK.EXE" are command-line options. The location for the backups is indicated by the path %SystemRoot%\ERDNT\#Date# Because the term %SystemRoot% would be interpreted as C:\WINDOWS\ in my system, the path translates to C:\WINDOWS\ERDNT\#Date#. The #Date# term leads to the creation of a folder with a name in the format of \yyyy-mm-dd\ because in the ERUNT.INI file explained below, I defined that as my preferred date format. The terms sysreg, curuser, otheruser refer to the system registry, current user registry and other users registries. The term /alwayscreate means that if there is an existing folder for the day, you will be presented with the option to overwrite it, rather than nothing happening at all. The term /days:7 means that backup folders will be limited to the 7 most recent days worth. Change 7 to a figure that suits you.

I created a plain vanilla text file named ERUNT.INI using Notepad and put it in the folder C:\PROGRAM FILES\ERUNT\ It has these lines:

[ERUNT]
AppendDateToFolderEditField=1
DefaultDestinationFolder=c:\windows\ERDNT\
DateFormat=yyyy/mm/dd
DateSeparator=-

Note that the Date Separator character is a hyphen. The DateFormat must have slashes, not hyphens (but the name of the folder created will include hyphens, not slashes).

When the PC boots the following events occur. The example used is for a day with the date of 2005-06-28

The Startup entry labelled ERUNT Autobackup runs AUTOBACK.EXE using the command line options specified.

AUTOBACK.EXE checks to see if there is a folder c:\windows\erdnt\2005-06-28\

If no such folder exists, it does two things:

It generates a backup of the current registry in a folder that it creates, with the name c:\windows\erdnt\2005-06-28\ The process will be visible on the screen

If after creating that backup there would be more than 7 folders under the folder c:\windows\erdnt\ having a 10-character format of
yyyy-mm-dd then the oldest of those folders is deleted. However, note that folders, which have an embedded date earlier than 2005-06-28 and at the same time have MORE that 10 characters (e.g. 2005-06-21A) will NOT be deleted. In other words, deletes seem to be limited to folders that have only 10 character names in the yyyy-mm-dd format

However, if there IS a folder under c:\windows\erdnt\ having \2005-06-28\ as its name then you will be presented with the options of overwriting it or of doing nothing.

INDEX