Author: John Sharpe
Platform: Windows XP, Windows 2000, Windows NT
Type: startup/shutdown
This set of scripts will perform a system state backup after adding additional software or hardware, providing a significant
value to the responding analyst and client. We currently are testing a
methodology which allows a complete system state restore from the Recovery
Console. If a client then adds an additional configuration to their system
and it will not boot, we have a process that allows for a 3-5 minute turnaround.
This batch job performs a system state backup and then deletes the system state backup file leaving an updated directory to
restore the registry and security information from a later point in
time.
When you install Windows 2000, the Windows 2000 Repair directory structure
looks like this:
06/28/2000 02:55p 438 autoexec.nt
06/28/2000 04:31p 2,577 config.nt
06/28/2000 04:35p 118,784 default
04/03/2002 01:24p 20,480 DS_SAM
04/03/2002 01:24p 20,480 DS_SECURITY
04/03/2002 01:24p 5,844,992 DS_SOFTWARE
04/03/2002 01:24p 20,480 sam
06/28/2000 04:32p 522,914 secsetup.inf
04/03/2002 01:24p 20,480 security
06/28/2000 04:30p 141,118 setup.log
04/03/2002 01:24p 5,844,992 software
06/04/2001 02:59p 2,392,064 system.bak
Once youve performed a system state backup, a directory Regback is
created. The directory structure for a possible recovery point is located
now at: c:winntrepairregback. The directory structure for
c:winntrepairregback looks like this:
05/09/2002 10:26a 143,360 default
03/27/2002 02:56p 626,688 NTUSER.DAT
05/09/2002 10:26a 20,480 SAM
05/09/2002 10:26a 32,768 SECURITY
05/09/2002 10:26a 12,009,472 software
05/09/2002 10:27a 2,433,024 system
03/27/2002 02:56p 8,192 UsrClass.dat
Ive created a system recovery file that can be used via the command line
from the WIN-PE disk or the Windows 2000 Recovery Console. The batch job
performs a backup of the current files in c:winntsystem32config to the
c:winntoptionsregistrybackup directory.
:: Create a directory for backup of suspected defective registry.
mkdir c:winntoptionsregistrybackup
:: Backup suspected defective registry.
copy c:winntsystem32configsoftware c:winntoptionsregistrybackup
copy c:winntsystem32configdefault c:winntoptionsregistrybackup
copy c:winntsystem32configsam c:winntoptionsregistrybackup
copy c:winntsystem32configsecurity c:winntoptionsregistrybackup
copy c:winntsystem32configsystem c:winntoptionsregistrybackup
Next, the batch job restores files from the c:winntrepairregback
directory to c:winntsystem32config.
:: Restore registry and security information from system state backup.
copy c:winntrepairregbacksoftware c:winntsystem32configsoftware
copy c:winntrepairregbacksoftware
c:winntsystem32configsoftware.sav
copy c:winntrepairregbackdefault c:winntsystem32configdefault
copy c:winntrepairregbackdefault c:winntsystem32configdefault.sav
copy c:winntrepairregbacksam c:winntsystem32configsam
copy c:winntrepairregbacksam c:winntsystem32configsam.sav
copy c:winntrepairregbacksecurity c:winntsystem32configsecurity
copy c:winntrepairregbacksecurity
c:winntsystem32configsecurity.sav
copy c:winntrepairregbacksystem c:winntsystem32configsystem
copy c:winntrepairregbacksystem c:winntsystem32configsystem.alt
copy c:winntrepairregbacksystem c:winntsystem32configsystem.sav
Youll also notice that we save an additional copy of each file from
c:winntrepairregback to c:winntsystem32config.
I have intentionally blue screened my machine with 3 versions of
pcAnywhere and recovered using this procedure described above. This
procedure when implemented is a huge lifesaver and add value for the
client and support analyst.
These ideas were founded on material from the book:
Mastering the Windows 2000 Registry by Peter D. Hipson (Sybex, 2000)
Download the script.
Scroll down to view the script.
: BackupSystemState.bat TITLE Update System State and Registry Files Stored @ c:winntrepairregback COLOR F @ECHO OFF cls :: Purpose: Backup batch file used to perform backup of :: system state prior to troubleshooting anything. :: :: Author: John Sharpe :: Title: Desktop Support Analyst :: Date:March 12th, 2002 :: :: Intent: Provide better customer service in less :: time. :: Recover Your Operating System By Restoring Registry and Security Files :: If you cannot recover your Operating System via the Last Known Good Option :: Boot to the Recovery Console or WinPE Boot Disk. :: Execute the RecoverOS.bat file from the Recovery Console via c:winntBATCH RecoverOS.bat. :: Execute the RecoverOS.bat file from the WinPE Boot Disk c:winntRecoverOS.bat %systemdrive% TITLE Map B: to a share where scripts reside so scripts have the correct path. :: jsharpw2win2k$MapDriveB.bat cls cd cls TITLE Erase temp files prior to backing up user profile. cls erase *.tmp /s mkdir c:winntoptionsbackup cls TITLE Update System State and Registry Files Stored @ c:winntrepairregback ntbackup backup systemstate /j "Command Line System State Backup" /f "c:winntoptionsbackup%Username%SysState.bkf" /a cls del "c:winntoptionsbackup%Username%SysState.bkf" TITLE Copy operating system recovery file to c:winnt. xcopy /s /h /r b:RecoverOS.bat c:winnt :: RecoverOS.bat TITLE Recover Your Operating System By Restoring Registry and Security Files COLOR F @ECHO OFF :: Purpose: Recover Your Operating System By Restoring Registry and Security Files :: If you cannot recover your Operating System via the Last Known Good Option ::Boot to the Recovery Console or WinPE Boot Disk. :: ::Execute this file from the Recovery Console via c:winntBATCH RecoverOS.bat. :: Execute this file from the WinPE Boot Disk c:winntRecoverOS.bat :: :: Courtesy: Jerold Schulman :: Modifier: John Sharpe :: Title:Desktop Support Analyst :: Date: May 2nd, 2002 :: Intent:Provide better customer service in less time. :: :: Create a directory for backup of suspected defective registry. mkdir c:winntoptionsregistrybackup :: Backup suspected defective registry. copy c:winntsystem32configsoftware c:winntoptionsregistrybackup copy c:winntsystem32configdefault c:winntoptionsregistrybackup copy c:winntsystem32configsam c:winntoptionsregistrybackup copy c:winntsystem32configsecurity c:winntoptionsregistrybackup copy c:winntsystem32configsystem c:winntoptionsregistrybackup :: Restore registry and security information from system state backup. copy c:winntrepairregbacksoftware c:winntsystem32configsoftware copy c:winntrepairregbacksoftware c:winntsystem32configsoftware.sav copy c:winntrepairregbackdefault c:winntsystem32configdefault copy c:winntrepairregbackdefault c:winntsystem32configdefault.sav copy c:winntrepairregbacksam c:winntsystem32configsam copy c:winntrepairregbacksam c:winntsystem32configsam.sav copy c:winntrepairregbacksecurity c:winntsystem32configsecurity copy c:winntrepairregbacksecurity c:winntsystem32configsecurity.sav copy c:winntrepairregbacksystem c:winntsystem32configsystem copy c:winntrepairregbacksystem c:winntsystem32configsystem.alt copy c:winntrepairregbacksystem c:winntsystem32configsystem.sav
Disclaimer: We hope that the information in these pages is valuable to you. Your use of the information contained in these pages, however, is at your sole risk. All information on these pages is provided “as -is”, without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by me. I shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.
