Icon

Recovery

< Operation
The command line >


Recovery of lost documents

Recovery of lost documents is reduced to picking the documents you want from from the mirror. You'll find previous versions of documents by searching the Lazy Mirror archive. Take an Explorer and have a look at a destination created by Lazy Mirror.

Recovery of failing drives

Loosing a non-system disk is reduced to installing a new disk and creating a new copy from the Lazy Mirror backup. Even loosing your system disk can, if you setup your mirror carefully, be covered by switching disks.

In case you try to protect your system drive and you don't get your destination booting after a crash and the sys command on Windows 9x, or the fixboot and fixmbr commands on Windows NTx, did not work out for you, or when they are beyond the scope of your knowledge, then you might want the run Windows setup and select repair. Be sure though, to only repair the boot files and nothing else.

If you cannot afford down-time then test booting from the backup drive before the crash occurs, so you know it works or that you can make it work.

Recovery of the registry

These paragraphs review ways to restore the windows registry. It is only helpful if you know how to handle a command shell. This is not required knowledge for operating Lazy Mirror, but merely a time saver in case disaster strikes your Windows registry.

If you don't plan to backup the Windows registry or you already have a favorite way of handling the Windows registry, then you can skip to the command line section or in case you are not in the mood for technical detail, to the Comments section.

With a system crash and Windows refusing to boot due to a corrupted Windows registry, it can suffice to restore the Windows registry to a previous known stable state to get things rolling again, so you do not have to revert to switching disks.

If trouble on a machine is registry related you can start the machine with the recovery console on Windows NTx or in DOS mode on Windows 9x, to copy a trusted version of the Windows registry to the registry under suspicion. Documentation for the Recovery console on NTx and DOS mode for Windows 9x can be found in Windows Help and at the Microsoft site. Recovery of the registry for Windows 98 and ME and for Windows 95.


Recovery of the registry on Windows NTx

On Windows NTx the system registry typically resides in the directory C:\WINNT\system32\config or C:\Windows\system32\config and the user registry will be stored in the users profile directory. For the build-in administrator account this profile directory might be C:\Documents and Settings\Administrator, depending on your setup.

The NTx user registry

Restoring the user registry is done by restoring the files NTUSER.DAT and UsrClass.dat located in the profile directory of that user. If you want to restore your own profile, use an existing, or create a new account, with administrator rights, as long as it's not your own. When you logon with this account, you can restore your own user registry without the access denied errors you normally get due to the system having these files opened in exclusive mode.

If you did backup the registry with Lazy Mirror, then you can search the Lazy Mirror archive for files with USER in their name, to get a list of available user registries or for the latest backup, look at the backup directory specified in the registry tab of the configuration dialog.

Copy the Registry backup dir\HKEY_USERS_SID file, with SID identifying the user, replacing the NTUSER.DAT in the profile directory of the user. Copy the HKEY_USERS_SID_Classes or a version from the mirror to the User profile dir\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat file.

The next time you log in, this restored version of your user registry will be loaded. It is not possible to restore a user registry if Windows won't boot. If Windows refusal to boot is registry related you might decide to restore the system registry.

The NTx system registry

The NTx system registry can be restored with the Windows Recovery Console. The following example shows how to revert to the latest backup of the system registry created by Lazy Mirror and stored in the directory C:\WINNT\backup_registry.

(Re)start Windows and start the recovery console instead of your normal Windows installation. How to install the Recovery Console as a startup option is explained in the Windows Help if you run the professional or server editions of Window and on the Microsoft site. If your machine can boot from CD, then you can choose to run the recovery console from the Windows CD. Choose the installation of Windows you want to repair and log on with your administrator password.

C:\WINNT> cd system32\config[enter]
Will bring you to the directory containing the registry files
C:\WINNT\system32\config> dir C:\winnt\backup_registry[enter]
Lists the backup of the registry. The listing shown here ran on a Dutch machine and hence does not use English.

De volumenaam van station C is System
Het volumenummer is B72A-DEAF

Map van C:\WINNT\backup_registry

18-01-200311:00<DIR>.
18-01-200311:00<DIR>..
18-01-200311:0020.480HKEY_LOCAL_MACHINE_HARDWARE
18-01-200311:0024.576HKEY_LOCAL_MACHINE_SAM
18-01-200311:0028.672HKEY_LOCAL_MACHINE_SECURITY
18-01-200311:0017.235.968HKEY_LOCAL_MACHINE_SOFTWARE
18-01-200311:004.947.968HKEY_LOCAL_MACHINE_SYSTEM
18-01-200311:00167.936HKEY_USERS_DEFAULT
18-01-200311:007.864.320HKEY_USERS_S-1-5-21-1292428093-
1580818891-1708537768-500
18-01-200311:008.192HKEY_USERS_S-1-5-21-1292428093-
1580818891-1708537768-500_Classes
10 bestand(en)30.298.172 bytes
2 map(pen)1.198.327.296 bytes beschikbaar

The following sequence of commands creates a backup of the current registry and replaces the software, system and default user hives with the backup stored in the directory C:\winnt\backup_registry.

C:\WINNT\system32\config> ren SOFTWARE SOFTWARE.bak[Enter]
Backup the current software hive.
C:\WINNT\system32\config> copy c:\winnt\backup_registry\HKEY_LOCAL_MACHINE_SOFTWARE SOFTWARE[Enter]
Restores the software hive.
C:\WINNT\system32\config> ren SYSTEM SYSTEM.bak[Enter]
Backup the system hive.
C:\WINNT\system32\config> copy c:\winnt\backup_registry\HKEY_LOCAL_MACHINE_SYSTEM SYSTEM[Enter]
Restores the system hive.
C:\WINNT\system32\config> ren DEFAULT DEFAULT.bak[Enter]
Backup the default user.
C:\WINNT\system32\config> copy c:\winnt\backup_registry\HKEY_USERS_DEFAULT DEFAULT[Enter]
Restores the default user.

If this won't fix your registry then you can decide to restore the SAM and SECURITY hives or try a registry from the mirror.


Recovery of the registry on Windows 98 and ME

On Windows 98 and ME the backups made of the registry by regchecker after every successfull boot is located in the hidden directory C:\Windows\Sysbckup. If you open the cabinet files in this directory by double clicking on a .cab file you'll find the backups of the registry, system.dat and user.dat, inside the cabinet file. If you extract system.dat and user.dat from the cabinet file to a temporary location then you can restore this registry the same way as described in the recovery of the registry on Windows 95. Instead of using the system.da0 and user.da0 from the Windows directory, use the backup extracted from the cabinet file created by regchecker.

Recovery of the registry on Windows 95

For Windows 95 recovering the registry comes down to starting the machine in DOS mode, CD to the Windows directory and copy the SYSTEM.DA0 and USER.DA0 files to SYSTEM.DAT and USER.DAT. The two .DA0 files are backups of the registry made by Windows 95 after every successful boot. If needed, you can revert to the backups of the registry stored in the Lazy Mirror archive by searching for *.DA0 in the archive. To be able to overwrite the registry you need to remove the system and hidden file attributes of the files. Here follows an example DOS shell session, illustrating how such an action might look like.

c:\> cd windows[enter] Will bring you to the Windows directory
c:\windows> attrib -h -s system.dat[enter] Removes the hidden and system file attributes of system.dat
c:\windows> attrib -h -s user.dat[enter] Removes the hidden and system file attributes of user.dat
c:\windows> attrib -h -s *.da0[enter] Remove them from system.da0 en user.da0 files too
c:\windows> ren system.dat system.bak[enter] Backup the old system registry
c:\windows> ren system.dat system.bak[enter] Backup thr old user registry
c:\windows> copy system.da0 SYSTEM.DAT[enter] Copy the backup system registry to the system registry
c:\windows> copy user.da0 USER.DAT[enter] Restore the backup of the user registry

This example is on a single user machine, on a multi user machine you can find the USER.DAT file in the root of the users profile directory.


<<< Operation The command line >>>