System Administration: System State Backup and Recovery Script

This set of scripts will perform a system state backup after adding additional software or hardware, providing a significant value to the responding analyst and client.
Author: John Sharpe
Platform: Windows XP, Windows 2000, Windows NT
Type: startup/shutdown

This set of scripts will perform a system state backup after adding additional software or hardware, providing a significant value to the responding analyst and client. We currently are testing a methodology which allows a complete system state restore from the Recovery Console. If a client then adds an additional configuration to their system and it will not boot, we have a process that allows for a 3-5 minute turnaround.

This batch job performs a system state backup and then deletes the system state backup file leaving an updated directory to restore the registry and security information from a later point in time.

When you install Windows 2000, the Windows 2000 Repair directory structure looks like this:

06/28/2000 02:55p 438 autoexec.nt
06/28/2000 04:31p 2,577 config.nt
06/28/2000 04:35p 118,784 default
04/03/2002 01:24p 20,480 DS_SAM
04/03/2002 01:24p 20,480 DS_SECURITY
04/03/2002 01:24p 5,844,992 DS_SOFTWARE
04/03/2002 01:24p 20,480 sam
06/28/2000 04:32p 522,914 secsetup.inf
04/03/2002 01:24p 20,480 security
06/28/2000 04:30p 141,118 setup.log
04/03/2002 01:24p 5,844,992 software
06/04/2001 02:59p 2,392,064 system.bak

Once youve performed a system state backup, a directory Regback is created. The directory structure for a possible recovery point is located now at: c:\winnt\repair\regback. The directory structure for c:\winnt\repair\regback looks like this:

05/09/2002 10:26a 143,360 default
03/27/2002 02:56p 626,688 NTUSER.DAT
05/09/2002 10:26a 20,480 SAM
05/09/2002 10:26a 32,768 SECURITY
05/09/2002 10:26a 12,009,472 software
05/09/2002 10:27a 2,433,024 system
03/27/2002 02:56p 8,192 UsrClass.dat

Ive created a system recovery file that can be used via the command line from the WIN-PE disk or the Windows 2000 Recovery Console. The batch job performs a backup of the current files in c:\winnt\system32\config\ to the c:\winnt\options\registrybackup directory.

:: Create a directory for backup of suspected defective registry.
mkdir c:\winnt\options\registrybackup

:: Backup suspected defective registry.
copy c:\winnt\system32\config\software c:\winnt\options\registrybackup
copy c:\winnt\system32\config\default c:\winnt\options\registrybackup
copy c:\winnt\system32\config\sam c:\winnt\options\registrybackup
copy c:\winnt\system32\config\security c:\winnt\options\registrybackup
copy c:\winnt\system32\config\system c:\winnt\options\registrybackup

Next, the batch job restores files from the c:\winnt\repair\regback directory to c:\winnt\system32\config\.

:: Restore registry and security information from system state backup.
copy c:\winnt\repair\regback\software c:\winnt\system32\config\software
copy c:\winnt\repair\regback\software
c:\winnt\system32\config\software.sav
copy c:\winnt\repair\regback\default c:\winnt\system32\config\default
copy c:\winnt\repair\regback\default c:\winnt\system32\config\default.sav
copy c:\winnt\repair\regback\sam c:\winnt\system32\config\sam
copy c:\winnt\repair\regback\sam c:\winnt\system32\config\sam.sav
copy c:\winnt\repair\regback\security c:\winnt\system32\config\security
copy c:\winnt\repair\regback\security
c:\winnt\system32\config\security.sav
copy c:\winnt\repair\regback\system c:\winnt\system32\config\system
copy c:\winnt\repair\regback\system c:\winnt\system32\config\system.alt
copy c:\winnt\repair\regback\system c:\winnt\system32\config\system.sav

Youll also notice that we save an additional copy of each file from c:\winnt\repair\regback to c:\winnt\system32\config.

I have intentionally blue screened my machine with 3 versions of pcAnywhere and recovered using this procedure described above. This procedure when implemented is a huge lifesaver and add value for the client and support analyst.
These ideas were founded on material from the book: Mastering the Windows 2000 Registry by Peter D. Hipson (Sybex, 2000)

Download the script.
Scroll down to view the script.


: BackupSystemState.bat


TITLE Update System State and Registry Files Stored @ c:\winnt\repair\regback\
COLOR F

@ECHO OFF 

cls

:: Purpose: Backup batch file used to perform backup of 
::          system state prior to troubleshooting anything.
:: 
::  Author: John Sharpe
::  Title:  Desktop Support Analyst
::  Date:   March 12th, 2002
:: 
::  Intent: Provide better customer service in less
:: 	    time.

:: Recover Your Operating System By Restoring Registry and Security Files
:: If you cannot recover your Operating System via the Last Known Good Option
:: Boot to the Recovery Console or WinPE Boot Disk.  
:: Execute the RecoverOS.bat file from the Recovery Console via c:\winnt\BATCH RecoverOS.bat.  
:: Execute the RecoverOS.bat file from the WinPE Boot Disk c:\winnt\RecoverOS.bat

%systemdrive%

TITLE Map B: to a share where scripts reside so scripts have the correct path.

::	\\jsharpw2\win2k$\MapDriveB.bat

cls


cd\

cls

TITLE Erase temp files prior to backing up user profile.

cls

erase *.tmp /s


mkdir c:winnt\options\backup\

cls

TITLE Update System State and Registry Files Stored @ c:\winnt\repair\regback\


ntbackup backup systemstate /j "Command Line System State Backup" /f "c:winnt\options\backup\%Username%SysState.bkf" /a

cls

del "c:winnt\options\backup\%Username%SysState.bkf"

TITLE Copy operating system recovery file to c:\winnt.

	xcopy /s /h /r b:\RecoverOS.bat c:\winnt






:: RecoverOS.bat

TITLE Recover Your Operating System By Restoring Registry and Security Files
COLOR F

@ECHO OFF

:: Purpose:  Recover Your Operating System By Restoring Registry and Security Files
::	     If you cannot recover your Operating System via the Last Known Good Option
::           Boot to the Recovery Console or WinPE Boot Disk.  
::
::           Execute this file from the Recovery Console via c:\winnt\BATCH RecoverOS.bat.  
::	     Execute this file from the WinPE Boot Disk c:\winnt\RecoverOS.bat
:: 	
:: Courtesy: Jerold Schulman
:: Modifier: John Sharpe
:: Title:    Desktop Support Analyst
:: Date:     May 2nd, 2002
:: Intent:   Provide better customer service in less time.
::

:: Create a directory for backup of suspected defective registry.
mkdir c:\winnt\options\registrybackup

:: Backup suspected defective registry.
copy c:\winnt\system32\config\software c:\winnt\options\registrybackup
copy c:\winnt\system32\config\default c:\winnt\options\registrybackup
copy c:\winnt\system32\config\sam c:\winnt\options\registrybackup
copy c:\winnt\system32\config\security c:\winnt\options\registrybackup
copy c:\winnt\system32\config\system c:\winnt\options\registrybackup

:: Restore registry and security information from system state backup.
copy c:\winnt\repair\regback\software c:\winnt\system32\config\software 
copy c:\winnt\repair\regback\software c:\winnt\system32\config\software.sav
copy c:\winnt\repair\regback\default c:\winnt\system32\config\default
copy c:\winnt\repair\regback\default c:\winnt\system32\config\default.sav
copy c:\winnt\repair\regback\sam c:\winnt\system32\config\sam
copy c:\winnt\repair\regback\sam c:\winnt\system32\config\sam.sav
copy c:\winnt\repair\regback\security c:\winnt\system32\config\security
copy c:\winnt\repair\regback\security c:\winnt\system32\config\security.sav
copy c:\winnt\repair\regback\system c:\winnt\system32\config\system
copy c:\winnt\repair\regback\system c:\winnt\system32\config\system.alt
copy c:\winnt\repair\regback\system c:\winnt\system32\config\system.sav

Disclaimer: We hope that the information in these pages is valuable to you. Your use of the information contained in these pages, however, is at your sole risk. All information on these pages is provided "as -is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by me. I shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.





0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.