Windows 95
Previous sections of this chapter discussed the SYSTEM.DAT and USER.DAT files. Typically, Windows 95 creates a backup copy of the Registry each time the operating system is started, successfully or not. It copies SYSTEM.DAT to SYSTEM.DA0 and USER.DAT to USER.DA0. If Windows 95 has not replaced either backup file with a corrupt Registry, these files can be restored. This could be true if Windows 95 has not been restarted since the Registry became corrupt. Copy SYSTEM.DA0 to SYSTEM.DAT and USER.DA0 to USER.DAT to recover the last copy of the uncorrupted registry files.

Windows 98/ME
Windows 98 does not copy the Registry to .DA0 files when the operating system starts. Instead, it provides a program called Registry Checker. Once each day, Registry Checker, SCANREGW, backs up the Registry to a .CAB file that it puts in C:\Windows\Sysbckup, which is a hidden folder. The first backup is named RB000.cab, the second backup is RB001.cab, and so on. The file with the most recent date is the latest backup. Registry Checker can also be forced to make additional backup copies of the Registry even if it has already made its daily. Find SCANREGW.EXE in C:\Windows or start it quickly by choosing Run on the Start menu, type SCANREGW.EXE, and press Enter. After scanning the Registry for errors, it will ask whether to make another backup of the Registry. Click Yes, and then Windows Registry Checker will back up the Registry to another .CAB file and display a dialog box stating that it is finished. Click OK to close the Windows Registry Checker.

Windows NT
Windows NT 4.0 offers several ways to back up and recover the Registry or the individual hives in the Registry. A hive is a discrete body of Registry keys, subkeys, and values stored in a file. The easiest way to backup is to use the Emergency Repair Disk (ERD). The ERD simply copies local hive files found in %systemroot%\system32\config to %systemroot%\repair. There is an option to copy them to a floppy as well. Use The Windows NT Resource Kit backup utilities or a third-party backup program to copy the hive files to tape.

Windows 2000 has done away with RDISK.EXE and the ERD, as it is known in NT 4.0. There is still an option to create an ERD in the Win2K backup utility. However, it backs up only three files: AUTOEXEC.NT, CONFIG.NT, and SETUP.LOG. SETUP.LOG is a list of the system files on the machine and it includes a checksum value that indicates the correct version of the file. Use SETUP.LOG to restore corrupt system files when booting from a Win2K CD and choose the repair option. When running the ERD process from the NT Backup utility, there is an option to back up current Registry hives to the repair directory on the system hard drive prior to creating the ERD floppy. If this option is chosen, all Registry hives are copied to a directory called regback in %systemroot%\repair. This option also copies the current user's NTUSER.DAT file to this folder, as well as the user-specific COM Classes portion of the user profile (to a file called USRCLASS.DAT). This is the equivalent to NT 4.0 running rdisk with the option to not create a floppy. If required, these saved registry hives can be used during a system repair process.

Windows 2000
The Registry backup is included as part of something called "System State" backup, which also includes critical boot files and, on domain controllers, the Active Directory database. To use this backup feature, start the Win2K Backup utility by selecting Start menu > Programs > Accessories > System Tools > Backup, or type NTBACKUP.EXE at the Start menu, Run dialog box. When Win2K Backup starts, the Welcome Page will display, with wizards for automating the backup and restoration processes.

To back up the Registry using Win2K Backup, choose the Backup Wizard or select the Backup tab. If the Wizard is used, the next step prompt asks what to back up. If Win2K Backup is running on a Win2K Domain Controller, back up the AD as well as the Registry and data by selecting the option to back up System State data.

After choosing to back up the System State, select the media. Choose a disk, file, or tape. The Win2K Registry backup utility backs up all of the hives of interest in %systemroot%\system32\config, including Default, Software, System, SAM, and Security. However, it also backs up system files, user profiles, and any part of the system that is required to do a complete system restoration. This can potentially mean a lot of data, depending on how large the user profiles and Registry hive files are that are stored on your machine. To perform selected backup of Registry hive files only, use a tool from the Resource Kit, such as Regback.

Lab Activity  (PDF, 16 KB)   In this lab, students will learn how to back up and perform a recovery of the registry. These files are also referred to as the "System State" files.