Preventing Disaster!

Overview

Preventing disaster is an important thing to do. No one wants a system failure or to have to reinstall Windows XP. Not the least of your problems will be the issues with product authorization, in that Windows XP, when reinstalled, must be reauthorized! You are reading this tutorial for your own particular reason. Perhaps, as I am recommending, you are here because you want to do everything possible to prevent a disaster with your Windows XP installation. Or maybe you really, really want to recover from an existing disaster. If you are recovering from a problem, you may want to skip to the section later in this tutorial titled "Restoring the Registry." For those of you who never do anything wrong, read on.

What's the Deal with the Registry, Anyway?

The registry has always been the one part of Windows that virtually every user neither understands nor trusts. Just when things go well, the registry gets corrupted, and it is time to reinstall everything. Note Office XP (a.k.a. Office 10) saves its registration information in a file. See tutorial 14 for a bit of information about the registration data file. The Windows XP operating system is very robust. However, many things can cause problems. For example, a hard drive failure (even a small soft error on the system drive in the registry files), a controller failure, or a more complex memory bit that sometimes doesn't set correctly all can cause many problems with Windows XP and the registry. Warning Windows XP is robust, but our hardware is not. Most Pentium systems do not have memory parity. Though earlier PC systems used memory parity, this feature disappeared quietly a few years back when memory prices skyrocketed and there was a serious effort to keep computer prices to a minimum. Most of the newest computers now do support parity for their memory (though this support may well not be in use); many of the systems still in use do not support parity, and as a result, routine memory errors won't be detected until it is much too late. One of the biggest problems with the registry is that Windows uses it constantly. The entire process of backing up and restoring the operating system is much more difficult because Windows must have the registry files open as a restore is being done. There are several ways to solve this problem: One solution is to use the backup program supplied with Windows XP. Another is to use an after-market backup program. Such a backup program has to contain the code necessary to do registry backups and restores. Tip Oh, joy! The backup program that is included with Windows XP (and Windows 2000) allows backing up to media other than tape drives. Now it is possible to back up to other hard drives (a technique that I use), Zip drives, and other storage media. However, these backup and restore techniques may not work well under your circumstances. You may already have had a registry failure, and there may be no registry backup to rely on for recovery. Backing up and recovering the registry without a tape backup was excruciatingly difficult using previous versions of the backup program. Using the ASR (Automated System Recovery) disk is easy, but you cannot simply stick in a diskette, type restore registry, and expect it to work! Windows XP does not store any registry information on the ASR disk (Microsoft recognized that the registry was becoming too large to store on a typical diskette). The Windows XP ASR disk contains only three files: autoexec.nt, config.nt, and setup.log. The directory %SystemRoot%\Repair (the same location in which they've been stored since Windows NT 4) holds all the registry files that are backed up. In fact, restoring the registry from the %SystemRoot%\Repair directory requires the Windows XP installation program. It's not that bad; you don't have to reinstall Windows, but the installation program will restore the registry from the backup, if necessary. The menu that is presented when you boot up Windows XP also allows you to restore parts of the registry based on copies of the registry saved from previous sessions. Warning Always, always make sure that you back up the registry whenever you install new software or hardware or remove anything from your computer. If you do not back up the registry, and you restore a previous copy from an old backup, the system will not work as expected!

Where Exactly Is the Registry?

In order to back it up, you need to know where the registry is located. Sometimes you get to the registry as if by magic the standard registry editors don't tell you where the registry is; they simply load it automatically. However, many times you need to know where to find the registry files. They're not too difficult to find; the registry's files are in the directory %SystemRoot%\System32\Config.

Side Trip: Restoring Windows XP

Restoring a copy of Windows XP from a backup can be a difficult process. First, without a working copy of Windows XP, you can't run the backup and restore programs. This means you have to install a new copy of the operating system to be able to run the restore program. You'd then use this copy of Windows XP to restore the original system from the backup. Some users will reformat the drive, reinstall Windows XP into the same directory that the original installation was made to, and restore on top of this new installation. There's nothing wrong with doing this, as long as you remember one critical point: If you installed any Windows XP service packs on your original installation, these service packs must also be installed on the new installation being used to run the restoration program. If you don't install the service packs, Windows XP restores system files from the original installation (with the service pack) on top of the new files (without the service pack); the files will be out of version sync with the existing operating system files and the registry. This will usually cause the restore to crash without much of a warning as to what happened. To perform a full restore of Windows XP (and everything else on the drive), do the following:

1. Reformat the drive. Remember that you're doing a full restore here, and nothing that was on the drive is considered valuable at this point.

2. Install Windows XP, using your original distribution CD-ROM.

3. Install the service packs that were installed with the version of Windows that is being restored. Remember that the service packs are cumulative, so you need only reinstall the last service pack. For example, if Service Pack 3 was installed, it will not be necessary to install Service Packs 1 and 2. You only need to reinstall Service Pack 3.

4. Reinstall your backup/restore program, if necessary, and begin your restoration process. The files in the %SystemRoot%\System32\Config directory that have the extensions .log or .sav contain a history that may be viewed with the Event Viewer program. For example, files with the extension .sav are saved using the Last Known Good booting process. Files with the .log extension are records of changes made to the registry when registry auditing is turned on. Though the .log and .sav files are not strictly necessary to have a working Windows XP installation, it is best to consider each of these files a member of a complete set.

Warning Be careful not to replace one file in the registry without replacing all the others. It is simply too easy to get one file out of sync with the remaining registry files, and this would spell disaster.

Are Two Copies Better Than One?

Generally, two of anything is better than one. It's easier to ride a bicycle than a unicycle. However, it is even easier to drive a car you don't even have to keep your balance. Where the registry is concerned, keeping at least two copies of it is a good idea. I'd recommend that you keep at least four:

• The copy created by the Windows XP backup program, which is stored in %SystemRoot%\Repair. The Windows XP Setup program is able to use this copy to restore the registry.

• A backup copy of the registry files found in %SystemRoot%\Repair, saved in a safe and convenient location. Consider a Zip drive or some other type of removable storage media for this copy.

• One (or more) backup copies, created using a backup technique on a type of media that is compatible with the backup and restore program of your choice. (I'll discuss backup methods to use in the next section.)

• A copy of the registry files contained in %SystemRoot%\System32\Config stored on separate media, such as a different drive, diskettes, a Zip drive, CD-RW, or some other easily accessible, writeable media. Try to avoid media requiring special drivers and such, because these drivers may not work when you need to restore that pesky registry. This copy may only be made by dual-booting into another copy of Windows XP (or Windows 95/98/Me if the drive is FAT compatible). Note In Windows NT 4, keep the special copy created by the RDisk utility that is stored in the Windows NT directory %SystemRoot%\Repair. This copy of the registry can only be used by the Windows NT Setup program to repair an existing copy of Windows NT. Also keep the copy created by the RDisk utility that is stored on the Windows NT ERD. Again, this copy of the registry can only be used by the Windows NT Setup program to repair an existing copy of Windows NT. Windows XP doesn't support RDisk. Instead, the registry backup and ASR disk-creation functionality is incorporated into the finallyuseful- for-everyone Backup program. Be absolutely sure you keep these copies secure. Lock 'em up, stash 'em away. Oh, and by the way, that lock on your desk drawer is not good enough; use a good fireproof safe or strong box.

Danger, Will Robinson, Danger!

Throughout this tutorial and this tutorial we talk about backing up the registry to diskettes, other drives, and tapes. That's all well and good. However, you must remember that the registry contains sensitive information, especially if it is for a Windows XP server. The registry is the heart and soul of the Windows XP operating system. It contains information critical to both the operation and security of Windows XP. There are many ways that someone could use your backup registry files to breach your system's security, perhaps costing you money or (gasp!) your job. Be absolutely sure you maintain the highest levels of security for any copies of the registry that you make. If saved to external media (diskettes, tapes, or Zip drives, for example), make sure these copies are securely locked up. Why? Someone could, with little effort, completely subvert system security and then use the backup copies of the registry to hide their actions. I recommend you use a quality fireproof safe or a strong box for storing your registry backup copies. Me, I use a fireproof, locked strong box inside a federal government–rated Mosler safe and I don't think I'm being overly protective, either.