In Chapter 35 you learned how to use the Windows 2000 Backup application to back up and restore the overall state of your system. This is somewhat different from Windows NT, where you can easily back up the registry by making an emergency repair disk (ERD) or running Ntbackup and selecting the Include Local Registry check box.
The reason for these differences revolves around Active Directory. In Windows NT, a registry backup contains a copy of the SAM database for the local machine (as well as the domain SAM, when you back up a domain controller). In a network using Active Directory, the directory contains most of the information that was formerly in the SAM, which is why you have to perform a two-step recovery process for domain controllers. (See the section entitled Restoring the System State in Chapter 35 for more details on how the process works.) First you restore the local machine's SAM registry hive so you can log on, and then you restore the Active Directory store.
As a side effect of the way these changes are implemented, the emergency repair disk no longer contains registry information—the only backup copy on the computer itself is in the %SystemRoot%\Repair folder. With no ERD to fall back on, it's especially important to make regular and usable backups.
Because the registry is more than an ordinary file, it makes sense that you have to give your backup and restore procedures more than the ordinary amount of thought. You can back up and restore your registry in other ways besides making a complete backup of the entire system state. Of course, you should still perform regular backups of your data and the system state for each computer you administer. It is still useful to back up the registry by itself, because the registry is where most applications and system components store their preferences and settings.
When you use the Windows 2000 Backup utility to back up the system state, it includes a complete copy of that machine's registry. It also includes copies of the system volume (on domain controllers), certificate data, COM+ class registration information, and other information that is unrelated to what is in the registry. On the other hand, Windows 2000 Backup automates the process of backing up the registry, so it's easy to use and understand. In addition, keeping your registry data with the rest of your server data ensures that you'll be able to recover everything without having to hunt for third-party CDs, drivers, and the like.
You can use Windows 2000 Backup's Emergency Repair Disk feature to back up the registry, too; most Windows NT administrators use this as their first line of defense against a failure, because the repair tools included on the Windows NT 4 CD can restore registry data from an ERD. Windows 2000 uses ERDs too, but they don't include registry information. When you use Windows 2000 Backup to create an ERD, you must manually specify that you want registry information backed up, and it doesn't get stored on the ERD floppy disk itself—you have to manually save a copy and then replace registry files during recovery by copying them using the recovery console.
Many Windows NT and Windows 2000 sites use third-party backup tools like Computer Associates' ARCServe or St. Bernard Software's OpenFile Manager. In general, these tools provide more sophisticated backup capabilities than the tools that Microsoft ships; for example, ARCServe can use tape autoloaders and optical media, and it can back up machines running several operating systems. If you're using a third-party backup product, you might want it to back up your registry, too. Be sure that you have everything on hand that you would need to restore data backed up with a third-party tool, and double-check to make sure that your vendor's software is fully compatible with the version of Windows 2000 that you're running.
Because Regedt32 allows you to load and unload hive files and keys, you might think that you can approximate what Windows 2000 Backup does by manually saving to a hive file the keys you're most interested in, copying the resulting files someplace safe, and reloading them if you need them. This approach works fine, but it's labor-intensive, because there's no way to automate the process of telling Regedt32 which keys to save. (At that point, you might as well use the Win32 registry programming interfaces to write your own backup program!)
When you're ready to make a backup, you'll be happy to see how simple the process is—it's a great improvement over Windows NT 4.
Chapter 35 covered the mechanics of backing up and restoring your system state, of which the registry is a small but critical part. If you're comfortable with the process of making and restoring a system state backup with Windows 2000 Backup, you're in good shape. However, a quick review might be in order:
When you create an ERD, Windows 2000 Backup offers to save a copy of the registry for you (Figure 37-8). When you select the check box, an extra copy of your registry hive files is stored in the %SystemRoot%\Repair\REGBACK folder. Besides the standard hive files (SECURITY, SAM, SYSTEM, SOFTWARE, DEFAULT, Ntuser.dat, and Usrclass.dat), you'll also see files representing any hives you have manually loaded into your registry.
Figure 37-8. Saving a copy of the registry.
Once Windows 2000 Backup has finished copying these files, they're all yours—you can move them, copy them, back them up, or do whatever you want to. In particular, you can compress them and store them on a floppy, or you can move them to any kind of removable media that you have on hand.
If you store your backup files in compressed format or on any medium that requires a special device, make sure you will be able to access the files when you're restoring the machine.
The process of restoring the registry from a system state backup is discussed at length in Chapter 35, so we won't go into it here. However, just be aware that if you have a backup of the %SystemRoot%\Repair\REGBACK folder, you can use the system's Recovery Console to restore the backup of the registry. Once you start the Recovery Console, you can copy the registry files you need to restore back to their normal locations on disk, and then restart the machine. Remember that by doing so, you'll wipe out any changes you've made since the time the files were backed up.