complete registry backup from the command line with 'reg save'

B

bill

Hello,


do the commands (all together)

reg save HKLM\SOFTWARE c:\test
reg save HKLM\default c:\test
reg save HKLM\SAM c:\test
reg save HKLM\Sytem c:\test
reg save HKLM\System.alt c:\test


really save the whole regirstry and why is "HKLM" needed?



Thank's a lot for any feedback!

Bill
 
O

Olof Lagerkvist

bill said:
Hello,


do the commands (all together)

reg save HKLM\SOFTWARE c:\test
reg save HKLM\default c:\test
reg save HKLM\SAM c:\test
reg save HKLM\Sytem c:\test
reg save HKLM\System.alt c:\test


No, you need to specify filenames too. Example:

reg save HKLM\SOFTWARE c:\test\SOFTWARE
reg save HKLM\SAM c:\test\SAM

etc.

Then you need to change the command for the "default":

reg save HKU\.default c:\test\default
really save the whole regirstry and why is "HKLM" needed?


If you look at the registry with 'regedit' you will see why. The so
called "hives" can be under HKEY_LOCAL_MACHINE or HKEY_USERS and you
need to specify either of these to 'reg save', or the shortened HKLM or HKU.
 
M

Mark V

Hello,


do the commands (all together)

reg save HKLM\SOFTWARE c:\test
reg save HKLM\default c:\test
reg save HKLM\SAM c:\test
reg save HKLM\Sytem c:\test
reg save HKLM\System.alt c:\test


really save the whole regirstry and why is "HKLM" needed?

Not your topic but you should, if not familiar already, investigate
ERUNT
http://www.larshederer.homepage.t-online.de/erunt/

There is also a set of tools in some Windows Resource Kits (NT4
ResKit for certain): REGBACK.EXE, REGREST.EXE
 
B

bill

Not your topic but you should, if not familiar already, investigate
ERUNT
http://www.larshederer.homepage.t-online.de/erunt/

There is also a set of tools in some Windows Resource Kits (NT4
ResKit for certain): REGBACK.EXE, REGREST.EXE


Thank's for the feedback! Browsing in the registry gives me the
impression, there
are the following "main keys".. Therefore I tried to backup:


reg save HKLM\Config c:\regbackup\%date%-Config
reg save HKLM\Driver c:\regbackup\%date%-Driver
reg save HKLM\Enum c:\regbackup\%date%-Enum
reg save HKLM\Hardware c:\regbackup\%date%-Hardware
reg save HKLM\Network c:\regbackup\%date%-Network
reg save HKLM\Security c:\regbackup\%date%-security
reg save HKLM\SOFTWARE c:\regbackup\%date%-software
reg save HKLM\System c:\regbackup\%date%-system

reg save HKU\.Default c:\regbackup\%date%-Default
reg save HKU\Software c:\regbackup\%date%-Software


But only the following keys could be saved:
reg save HKLM\Hardware c:\regbackup\%date%-Hardware
reg save HKLM\SOFTWARE c:\regbackup\%date%-software
reg save HKLM\System c:\regbackup\%date%-system
reg save HKU\.Default c:\regbackup\%date%-Default

The rest of the listed keys were locked(?) and could not be
accessed...

Are those files not needed for a complete registry backup?
If they are needed, how can they be saved from the command line?


Thank's a lot for any additional help! Bill
 
M

Mark V

Thank's for the feedback! Browsing in the registry gives me the
impression, there
are the following "main keys".. Therefore I tried to backup:

< http://www.microsoft.com/technet/archive/winntas/tips/winntmag/in
reg.mspx?mfr=true > (written for NT4)
reg save HKLM\Config c:\regbackup\%date%-Config
reg save HKLM\Driver c:\regbackup\%date%-Driver
reg save HKLM\Enum c:\regbackup\%date%-Enum
reg save HKLM\Hardware c:\regbackup\%date%-Hardware
reg save HKLM\Network c:\regbackup\%date%-Network
reg save HKLM\Security c:\regbackup\%date%-security
reg save HKLM\SOFTWARE c:\regbackup\%date%-software
reg save HKLM\System c:\regbackup\%date%-system

reg save HKU\.Default c:\regbackup\%date%-Default
reg save HKU\Software c:\regbackup\%date%-Software


But only the following keys could be saved:
reg save HKLM\Hardware c:\regbackup\%date%-Hardware
reg save HKLM\SOFTWARE c:\regbackup\%date%-software
reg save HKLM\System c:\regbackup\%date%-system
reg save HKU\.Default c:\regbackup\%date%-Default

The rest of the listed keys were locked(?) and could not be
accessed...

Are those files not needed for a complete registry backup?
If they are needed, how can they be saved from the command line?

You have not mentioned your OS and all comments here based on W2K.

A Full Registry Backup means securing a copy of the active hives to
files on disk. Equivalent to:

HKEY_LOCAL_MACHINE \SYSTEM
\winnt\system32\config\system

HKEY_LOCAL_MACHINE \SAM
\winnt\system32\config\sam

HKEY_LOCAL_MACHINE \SECURITY
\winnt\system32\config\security

HKEY_LOCAL_MACHINE \SOFTWARE
\winnt\system32\config\software

HKEY_USERS \.DEFAULT
\winnt\system32\config\default


HKEY_USERS \UserProfile
Profile; usually under <Documents and Settings>\USERNAME\
NTUSER.DAT (and UsrClass.dat)


This is done via Win32 API functions. This is exactly what ERUNT
does and ERUNT can be run from a CLI. NTBACKUP.EXE can also do
this via the GUI ("ERD", "Also backup the registry to the repair
directory. ...") Regback.exe (if available) does the same.


While it may be possible to use REG.EXE SAVE, I would not know and
would not use that tool. For me, REG SAVE is the CLI equivalent to
regedt32.exe "Save key..." (binary) function and intended to save
the binary copy (with permissions) of a limited sub-key, not an
entire hive. I would use REG SAVE only for the limited purpose of
saving a sub-key in binary form from the command line, similar to
"exporting" a sub-key as text using regedit.exe /e (or /a).


I suggest you utilize tried and true tools designed and intended
for the purpose of making Full Registry Backups.
 
B

bill

<http://www.microsoft.com/technet/archive/winntas/tips/winntmag/in
reg.mspx?mfr=true > (written for NT4)








You have not mentioned your OS and all comments here based on W2K.

A Full Registry Backup means securing a copy of the active hives to
files on disk. Equivalent to:

HKEY_LOCAL_MACHINE \SYSTEM
\winnt\system32\config\system

HKEY_LOCAL_MACHINE \SAM
\winnt\system32\config\sam

HKEY_LOCAL_MACHINE \SECURITY
\winnt\system32\config\security

HKEY_LOCAL_MACHINE \SOFTWARE
\winnt\system32\config\software

HKEY_USERS \.DEFAULT
\winnt\system32\config\default

HKEY_USERS \UserProfile
Profile; usually under <Documents and Settings>\USERNAME\
NTUSER.DAT (and UsrClass.dat)

This is done via Win32 API functions. This is exactly what ERUNT
does and ERUNT can be run from a CLI. NTBACKUP.EXE can also do
this via the GUI ("ERD", "Also backup the registry to the repair
directory. ...") Regback.exe (if available) does the same.

While it may be possible to use REG.EXE SAVE, I would not know and
would not use that tool. For me, REG SAVE is the CLI equivalent to
regedt32.exe "Save key..." (binary) function and intended to save
the binary copy (with permissions) of a limited sub-key, not an
entire hive. I would use REG SAVE only for the limited purpose of
saving a sub-key in binary form from the command line, similar to
"exporting" a sub-key as text using regedit.exe /e (or /a).

I suggest you utilize tried and true tools designed and intended
for the purpose of making Full Registry Backups.


Thank's a lot for the important tips. I learned a lot! Bill
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top