By Mike Boesen
The following article will be of
interest to people who have Windows XP, NT or 2000 operating systems. The
application ERUNT is applicable to all three systems. However, for the sake of
conciseness, I have used the term XP throughout.
If you have installed some
application on your PC and it has stuffed up your Registry, or done something
else to achieve the same unhappy result, it is worth trying the System Restore
function. Sometimes that will get your Registry back to the way you want.
However, System Restore has not always worked for me, especially when I really
needed it. I decided that I needed a failsafe, foolproof way of restoring my
registry. This article describes the way I do that using an excellent freeware
application named ERUNT (Emergency
Recovery Utility NT).
My registry backup and recovery
strategy reflects the following assumptions:
Fortunately all that is possible. A key utility that
I use in ensuring I can do all that is the registry backup application ERUNT,
which was created by Lars Hederer.
If you download and install ERUNT it will create a
full registry backup automatically at the time you first boot your PC on each
day. The backups are saved to folders on your hard
drive, with each day's backup in a separate folder. It is
recommended that the backup folders be located in a folder under the
C:\WINDOWS\ folder to ensure that you can access the backups in the event that
you cannot boot normally. The default settings used by ERDNT save the registry
backups in daily folders created under this folder:
C:\WINDOWS\ERDNT\AUTOBACKUP\ The daily folders have a
name format of dd-mm-yyyy.
Installing ERUNT is
straightforward - run the ERUNT-SETUP.EXE file that can be
downloaded from the site above. I highly advise you to read the very
informative README.TXT file that the installation creates.
During installation, ERUNT will
modify your Startup process so that it will function to create a full registry
backup automatically at the time of first boot of every day. In addition, I
suggest you accept the setup option of having a shortcut to the ERUNT.EXE
executable placed on your desktop or in some other easy to find location. This
will enable you to easily create additional backups
whenever you feel like it - for instance, before installing some application
that might stuff up your registry! For example, in addition to the normal daily
backup created at first boot on 2005-06-28, you could create a backup in a
folder named
C:\WINDOWS\ERDNT\2005-06-28A\
or C:\WINDOWS\ERDNT\2005-06-28BEFORETEST\ or whatever.
The default settings created
during the installation of the currently available version (1.1h) generate a
setup with the following characteristics.
The default
folder under which the backup folders are located is %systemroot%\ERDNT\Autobackup\
For most folk %systemroot% is C:\WINDOWS\, so the
backup folders will be under C:\WINDOWS\ERDNT\AUTOBACKUP\ I have changed my
setup so that the backup folders are located under C:\WINDOWS\ERDNT\ because
the \AUTOBACKUP\ folder is redundant and puts the backups one level further
down in the folder structure. (Note: ERDNT is not a typo.)
The folder created for each day
is in the format dd-mm-yyyy (e.g. 28-06-2005). I have
changed my system so that the folders created are in the format yyyy-mm-dd because I want the folders to
always be in chronological order. Hence, on my PC the folder for today's
saved registry would be C:\WINDOWS\ERDNT\2005-06-28\
When the backup is created at the first boot of the day, the backing up
proceeds invisibly. I have changed my setup so that the process is visible and
I can see what's going on. However, it proceeds
automatically, so I don't need to be around when it
happens.
ERUNT saves up to 30 day's worth
of registry backups in the folders it creates. After 30 folders are there,
ERUNT automatically deletes the most aged folder so that the maximum is kept at 30. For my registry it
takes about 46 Mb per folder, so 30 days worth plus some ad hoc saves takes up
a significant amount of space on the hard drive. However, it is very easy to
delete saved registry folders that are excess to requirements. Every now and
then, simply get into Windows Explorer or your favourite
substitute explorer (I use PowerDesk) and delete aged
backup folders which you feel you will not need (or can't
afford space for). The only problem with this is that you may forget to do such
housekeeping, so the space occupied with backups may stay at the full 30 day's worth. So I have changed
my setup so that only 7 days' of folders are saved automatically, plus my ad
hoc backups.
Overall, the automatic saving of
backups of the registry works extremely well. Most users will be happy to let
the number of backups increase to the maximum of 30 (if they have enough
space), or else will be relaxed about deleting aged backups from time to time.
If you want to set up an automated system in which the number of days of
backups is limited to a figure less than 30, then read appendix 1 to this
article. That appendix also explains how I modified the default setup to suit my
requirements..
If you want to replace your
existing registry with a backed up registry, and your PC is
already booted into Windows XP or you can reboot into Windows XP, the
recovery process is very simple. In each backup folder is a copy of the
executable ERDNT.EXE (not ERUNT.EXE) plus all else that is needed to make the
restoration. So in Windows Explorer or your normal Explorer go to the folder
that has the backup in it that you want to restore. Then double-click on the
copy of ERDNT.EXE which you will find in that folder.
Bingo - that backed up registry will be restored!! It's that easy.
Most times
you will probably be able to restore the registry that "normal" way.
However, in a few cases you will be unable to boot your PC into Windows XP the
normal way. (As they say in the shiny hair ads"may
not happen overnight, but it WILL happen".) If you are in such a
situation, then there are a number of recovery scenarios
which are described in ERUNT's readme.txt
file. For instance, if you can boot your PC in Safe Mode, then you can get into
Windows Explorer and do the restoration as described in the previous paragraph.
Read the README.TXT file to learn how to boot in Safe mode. Of course, this is
more involved than the situation where you are able to boot in Windows XP, but still relatively easy.
If you cannot boot into either
the normal XP mode or Safe Mode, then the process of restoring a backup of the
registry gets more complicated, but can be done. You
may be able to get into the DOS-equivalent command-line mode by using your
original XP CD to get into its recovery process. Note that in order for your PC
to boot from the XP CD the BIOS on your PC's motherboard needs to be configured
so that your PC will boot from one of your optical drives (CD drive or DVD
drive) BEFORE it tries to boot from the hard drive. This will already be the
case if whomever configured your hardware initially
did it properly. Test it by closing down, then see if
you can boot your PC by putting the Windows XP CD in your optical drive just
after you turn the power on. If it will boot from the XP CD then your BIOS is probably configured OK. If it will not boot from any
optical drive, I suggest that you configure your BIOS now so that the device
boot order is either: floppy drive, optical drive, hard drive, OR optical
drive, floppy drive, hard drive.
If you can boot using the
original XP CD and can get into its recovery function, you will end up with the
old DOS-type command-line environment. Yuk!! Then use
the CD (Change Directory) command to go to the folder on your hard drive under
which the daily backup folders are located. If that folder is
C:\WINDOWS\ERDNT\AUTOBACKUP\ then type CD
C:\WINDOWS\ERDNT\AUTOBACKUP and hit Return. For me it would be CD
C:\WINDOWS\ERDNT\ and hit Return. Then list the daily backup folders using the
DIR (DIRectory) command. So type DIR and hit Return.
Note that the names of the daily backup folders will be
listed to the RIGHT of the colunn with the
text <DIR> in it. Then go to the appropriate daily backup folder using
the CD command (e.g. type CD \28-06-2005 and hit return). On my system it would be CD \2005-06-28 and hit Return. Check that
you are inside the backup folder by typing DIR then hitting Return. Included in
the file listing shown will be a file named ERDNT.EXE.
(There is one of those files in EVERY daily backup folder.) Then restore the
registry by typing ERDNT.EXE then hitting return.
Then remove the CD from your
optical drive, turn your PC off, and then do a normal reboot. If the problem
that was preventing your PC from booting normally was a corrupt registry, hopefully this process will have fixed the problem.
Read ERUNT's
readme.txt file to learn more about how to get to the
command line mode using the XP CD recovery method.
Recovery using the XP CD's
recovery process is a basic technique involving the use of a few command line
terms. There is a more elegant way of restoring the registry from one of your
backups if you cannot boot into either normal XP mode or Safe Mode. But this is definitely not for the uninitiated as it
requires you to make a bootable CD to be used instead of the XP CD. In the
ERUNT README.TXT file there is reference to making
such a CD - a Bart PE CD. Such a CD can be used to
boot your computer into a Windows XP-equivalent graphical user interface so no
command line skills are required to use its functions. Once your PC has booted
to the Bart PE interface, you can run the A43 File Management System utility
that is a Windows Explorer substitute. You can then go to the appropriate daily
backup folder and restore the registry by double-clicking on the file
ERDNT.EXE. There are also a few other open source utilities that can be run and some could be useful.
However, creating a Bart PE CD
requires geek skills, especially if your XP CD does not have the SP2 update
included in it. In that case, you would need to create an ISO image of the XP
CD with the SP2 updates applied. That can be done
using the very nice application Autostreamer.
There is another excellent
bootable CD creator that is based on the Bart PE
engine, but which has more open source applications available to the user. It's UBCD4WIN (Ultimate Boot CD for Windows). This CD is
created in much the same way as the Bart PE CD, but with the Bart PE
applications ("plugins") being replaced by
another larger set. For instance there are a number of
File Management explorers, a registry editor, and a number of hard drive tools
including a very thorough hard drive testing utility named DiskCheck.
A very detailed step by step list of instructions for making the UBCD4WIN CD
are here. Once made, the CD can be used to boot your
computer into a Windows XP equivalent mode and it can be used in the same way as
the Bart PE CD to restore any of the registry backups that are on your hard
drive.
I hope that this article is of
some use to you. Some day in the future you will need
to restore a backup of the registry, and it may not be possible to do it
through System Restore. I recommend that at minimum, you install and use ERUNT
in its default configuration and on occasions, manually delete any aged
registry backups that are excess to your needs. If you have advanced skills, I
recommend that you modify the startup system so that the number of registry
backups is limited to a number of your choice (see Appendix 1), and to create a
Bart PE CD or a UBCD4Win CD and put it with your
security blankets for that day when stuff happens.
Mike Boesen
28 June 2005
During the ERUNT installation procedure an application named AUTOBACK.EXE is
installed automatically. This executable is the one that does the automatic
saving during first bootup for each day. This can be configured through so-called "command line"
options to do things differently to the default settings. For instance you can make the automatic saving operation visible
and save, say, only 7 (or more or less) days of backups instead of the 30.
In addition, you can create a
file named ERUNT.INI and set options in it to implement things a little
differently - for instance, having a date format of yyyy-mm-dd
instead of the default dd-mm-yyy
All the command line options and
ini file options are explained
in the file README.TXT that can be found in the folder into which you installed
ERUNT. However, some of the content in that file was unclear to me.
This is what I have done in
setting up my system:
I installed ERUNT in the folder
c:\program files\erunt\ (which I recommend as the
preferred location)
The user name I am using in XP
is Mike. The installation automatically creates a Startup shortcut labelled "ERUNT Autobackup"
in this folder:
C:\Documents and
Settings\Mike\Start Menu\Programs\Startup\
You can locate that shortcut
using Windows Explorer. (But a much simpler way of
getting quickly to the shortcut in the right Startup folder is through a very
nice freeware application named Autoruns. If you
install Autoruns, then execute it, you will be able
to scroll to the Startup item labelled ERUNT Autobackup.lnk If you double-click that item it will take
you to the shortcut in the right Startup folder. Real
easy.)
Having found
the shortcut right-click it. Select Properties and on the Shortcut tab, change the Target to
the following, with a space before the first %, sysreg,
curuser, otheruser and the
two slashes:
"C:\Program
Files\ERUNT\AUTOBACK.EXE" %SystemRoot%\ERDNT\#Date#
sysreg curuser otherusers /alwayscreate /days:7
Then hit Apply and OK and exit
from Explorer (and from Autoruns, if you are using
it).
All the stuff after
"C:\Program Files\ERUNT\AUTOBACK.EXE" are command-line options. The
location for the backups is indicated by the path %SystemRoot%\ERDNT\#Date# Because the term %SystemRoot% would be interpreted as C:\WINDOWS\ in my
system, the path translates to C:\WINDOWS\ERDNT\#Date#. The #Date# term leads
to the creation of a folder with a name in the format of \yyyy-mm-dd\
because in the ERUNT.INI file explained below, I defined that as my preferred
date format. The terms sysreg, curuser,
otheruser refer to the system registry, current user
registry and other users registries. The term /alwayscreate
means that if there is an existing folder for the day,
you will be presented with the option to overwrite it, rather than nothing
happening at all. The term /days:7 means that backup
folders will be limited to the 7 most recent days worth. Change 7 to a figure that suits you.
I created a plain vanilla text
file named ERUNT.INI using Notepad and put it in the folder C:\PROGRAM
FILES\ERUNT\ It has these lines:
[ERUNT]
AppendDateToFolderEditField=1
DefaultDestinationFolder=c:\windows\ERDNT\
DateFormat=yyyy/mm/dd
DateSeparator=-
Note that the Date Separator
character is a hyphen. The DateFormat must have
slashes, not hyphens (but the name of the folder created will include hyphens,
not slashes).
When the PC boots the following events occur. The example used is for a day with
the date of 2005-06-28
The Startup entry labelled ERUNT Autobackup runs
AUTOBACK.EXE using the command line options specified.
AUTOBACK.EXE checks to see if
there is a folder c:\windows\erdnt\2005-06-28\
If no such folder exists, it
does two things:
It generates a backup of the
current registry in a folder that it creates, with the
name c:\windows\erdnt\2005-06-28\ The process will be visible on the screen
If after creating that backup
there would be more than 7 folders under the folder
c:\windows\erdnt\ having a 10-character format of
yyyy-mm-dd then the oldest of those folders is
deleted. However, note that folders, which have an embedded date earlier than
2005-06-28 and at the same time have MORE that 10 characters (e.g. 2005-06-21A) will NOT be deleted. In other words, deletes
seem to be limited to folders that have only 10 character names in the yyyy-mm-dd format
However, if there IS a folder
under c:\windows\erdnt\ having \2005-06-28\ as its name then you will be presented with the options of overwriting it or of
doing nothing.