Automated Registry Backups With Volume Shadow Copy
by Peter A. Bromberg, Ph.D.

Peter Bromberg

“What I came back to is that jazz is a music to be played and not to be intellectualized on.” --Gerry Mulligan

Not long ago I posted an article here about Practicing Safe Computer with regular automated registry backups.

Rather than go over the litany of reasons, I suggest that if you haven't read this, take a look at it now. This uses the ERUNT utility. There may be situations where one does not want to use the ERUNT utility, or even, in the case of X64 system, where it will not run, since there is no 64 bit edition. This follow up article focuses on a second technique using the VSS Service and a batch file for automated Registry backups.

In Windows XP and Server 2003 64 bit editions, the NTBackup utility can be scheduled. However, it is quite clunky and with efforts to back up System State it may prove unwieldy.

In addition, it creates file-based backups with the BKF extension and if one is recovering a broken box with a Recovery Console Command Prompt, that may not be very useful. Further, you cannot use NTBACKUP to restore files with a batch file. How thoughtful!

"What", you say, "is a Recovery Console Command Prompt?". Glad you asked. Let's take a quick detour to explain:

Install Recovery Console

Although you can run the Recovery Console by booting directly from the Windows XP or Server CD, it's much more convenient to set it up as a startup option on your boot menu.

To install the Recovery Console, perform the following steps:

  1. Insert the Windows XP CD into the CD-ROM drive.

  2. Click Start, and then click Run.

  3. In the Open box, type

d:\i386\winnt32.exe /cmdcons

where d is the drive letter for the CD-ROM drive.

  1. A Windows Setup Dialog Box appears, which describes the Recovery Console option.

  2. The system prompts you to confirm installation. Click Yes to start the installation procedure.

  3. Restart the computer. The next time you start your computer, you will see a "Microsoft Windows Recovery Console" entry on the boot menu.

Note: Alternatively, you can use a UNC to install the Recovery Console from a network share point.

Running Recovery Console without installing it

If you cannot start your computer, you can run the Recovery Console from the Microsoft Windows XP/2000/Server 2003 startup disks or the Windows XP/2000/Server 2003 CD-ROM.

To run the Recovery Console from the Windows startup disks or the Windows CD-ROM, use the following steps:

  1. Insert the Windows startup disk into the floppy disk drive, or insert the Windows CD-ROM into the CD-ROM drive, and then restart the computer.

  2. Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted to do so.

  3. When you're prompted to press F6 for mass storage devices - press F10 instead. This will automatically start the Recovery Console.

  4. Alternatively, when the "Welcome to Setup" screen appears, press R to start the Recovery Console.

  5. If you have a dual-boot or multiple-boot computer, choose the installation that you need to access from the Recovery Console.

  6. When you are prompted to do so, type the Administrator password. If the administrator password is blank, just press ENTER.

  7. At the command prompt, type the appropriate commands to diagnose and repair your Windows XP installation.

For a list of commands that are available in Recovery Console, type recovery console commands or help at the command prompt, and then press ENTER.

For information about a specific command, type help commandname at the command prompt, and then press ENTER.

To exit the Recovery Console and restart the computer, type exit at the command prompt, and then press ENTER.

Now that you know what Recovery Console is and how to use it, what I'll focus on here is using the VSHADOW.EXE utlity that comes with the VSS SDK, along with a modified approach to Adi Oltean's VSS copy script, to enable you to make scheduled backups of the major Registry hives. These can be placed in the folder of your choice, and they will be uncompressed, individual files, meaning that if you need to copy them back to their original location over corrupt Registry hives using a Recovery Console prompt, it will be very easy.

First, for those who are interested, Adi's script can be found here (don't worry, everything you need is already included in the zip file download below). Adi's blog entry details everything about the script if you are one of those Techno-Geeks who "has to understand everything"!

The other part of the equation is the use of the VSHADOW.EXE utility that comes with the VSS SDK here. I've included a copy of this in the zip file if you choose not to download the SDK. What I do is place a copy of this right in the same folder that serves as the target of my backed-up Registry files, along with the helper batch files I'll show you next.

The syntax for Adi's script is very simple:

CopyWithVss source_file destination file

With this in mind, I created 4 separate "helper" batch files, each designed to copy one of the system, software, sam, and security Registry hives. This is necessary because Adi's script does a lot of temporary stuff behind the scenes, and I haven't found a way to run all four copy operations from a single batch file.

The last step is simply to create a scheduled job for each of these batch files, and you are done. All you need to do is unzip the download below into a C:\REGBAK folder and you are ready to set up your scheduled jobs in the Control Panel "Scheduled Tasks" applet for whatever schedule you want. Weekly would be OK, I actually have mine scheduled for every other day.

In the VSS SDK, there are several sample C++ projects with source code, a number of additional diagnostic tools in addition to the VSHADOW.EXE utility, and some batch file examples for backup-restore and other useful items such as for databases. NOTE: On some OS types if SQL Server is running at the time of a backup, it may fail. So if necessary, add a line at the beginning your batch file such as "net stop mssqlserver" and again at the end, "net start mssqlserver".

Practice safe computer. I quote Murphy, 1.3, section IV: "The longer you go without a corrupted registry, the greater your chances become of experiencing one". I believe Confucius also had a commentary to the I-Ching (Book of Changes) to that effect also.

Download the Zip file that accompanies this article

Peter Bromberg is a C# MVP, MCP, and .NET consultant who has worked in the banking and financial industry for 20 years. He has architected and developed web - based corporate distributed application solutions since 1995, and focuses exclusively on the .NET Platform.
Article Discussion: