April 22, 2012 at 14:59Do-it-yourself Registry Security
Recently suffered from the loss of NTUser.dat and with it all HKCU under Windows7 and so that Windows Restore did not help - I had to get up from a month ago back-up. As a result, he was very concerned about the issue of register reservation. As it turned out, Win7 / Vista does not offer any “pure” registry redundancy (unlike XP). In this post I’ll talk about what you can do with your own hands on this subject using the ERUNT utility and User Profile Hive Cleanup Service (UPHClean). In conclusion, I give an example of how I did this.
Historical reference.
The registry, as we know it, first appeared in Win95, and immediately it became clear that it was not worth losing / spoiling it. Fortunately, in the Win9x family of OCs, the registry was automatically backed up at system startup. At the same time, from two (Win95) to five (Win98 / ME) rollback levels were held. The manual buck was also not a problem, because it was enough to reboot the computer in DOS mode and copy several files to a safe place. Microsoft also provided an ERU utility that downloaded the registry directly from Windows.
With the advent of Win2000 and its derivatives (WinXP / Vistal / 7), the situation has changed radically. On NT-based systems, Registry files (C: \ Windows \ System32 \ Config and% userprofile% \ ntuser.dat) are always open and used. As a result, unpleasant bugs began to appear, some of which are found to this day. Almost all of them are consequences of one scenario: some program opens a key in the Registry and forgets to close it. As a result, a number of interesting side effects can occur:
* Firstly, if the key is not closed in HKCU, logoff \ rebooting / shutting down the computer can take a very long time - Windows patiently waits until all programs release HKCU in order to log out the user (which doesn’t occurs if a buggy program is registered as a system service).
* Secondly, some changes were not "dumped" into the registry, and as a result were not saved after reboot. This was especially annoying for corporate users with Roaming profiles, who often had to, for example, watch the message “Please wait while Windows configures <program>” every time when launching some office application. As a result, in Vista / W7 we have registry transaction files (regtrans-ms), which sometimes take up more space than the registry files themselves :)
* In the worst case, the integrity of the registry was violated during a reboot and you could lose the entire hive (most often, again , HKCU). This, by the way, continues to this day, quite a lot of noise rises about the service updating Google Chrome, which likes to open many descriptors and forgets to close some of them.
The problem was so serious that Microsoft released a special service called “ User Profile Hive Cleanup Service ”, which forcibly disconnects everyone from the registry upon reboot (though only for HKCU / ntuser.dat). Highly recommend.
All this showed how critical registry integrity is for WinNT-based systems. Nonetheless,
There was no other easy way to get the registry, and I had to come up with it. So there was ERUNT (ERU for NT).
ERUNT.
ERUNT was developed by a German specialist by the name of Lars Hederer , and, in fact , backs up the registry of any WinNT-like OS (NT / 2K / 2K3 / XP / Vistal / 7) to the specified directory "in real life" (that is, not when rebooting , and at any time during the operation of the OS).
You can read the details of the application in the readme file , but I’ll tell you how I personally liked it and how I use it.
In conclusion, I am attaching ERUNT.INI and .XML for the Task Scheduler.
ERUNT.INI (to the directory with ERUNT):
ERUNT.XML (imported into the Task Scheduler, correct the user name and path):
In general, the author of the utility has been dealing with this issue since 2001 and knows his business - I highly recommend it for use!
Historical reference.
The registry, as we know it, first appeared in Win95, and immediately it became clear that it was not worth losing / spoiling it. Fortunately, in the Win9x family of OCs, the registry was automatically backed up at system startup. At the same time, from two (Win95) to five (Win98 / ME) rollback levels were held. The manual buck was also not a problem, because it was enough to reboot the computer in DOS mode and copy several files to a safe place. Microsoft also provided an ERU utility that downloaded the registry directly from Windows.
With the advent of Win2000 and its derivatives (WinXP / Vistal / 7), the situation has changed radically. On NT-based systems, Registry files (C: \ Windows \ System32 \ Config and% userprofile% \ ntuser.dat) are always open and used. As a result, unpleasant bugs began to appear, some of which are found to this day. Almost all of them are consequences of one scenario: some program opens a key in the Registry and forgets to close it. As a result, a number of interesting side effects can occur:
* Firstly, if the key is not closed in HKCU, logoff \ rebooting / shutting down the computer can take a very long time - Windows patiently waits until all programs release HKCU in order to log out the user (which doesn’t occurs if a buggy program is registered as a system service).
* Secondly, some changes were not "dumped" into the registry, and as a result were not saved after reboot. This was especially annoying for corporate users with Roaming profiles, who often had to, for example, watch the message “Please wait while Windows configures <program>” every time when launching some office application. As a result, in Vista / W7 we have registry transaction files (regtrans-ms), which sometimes take up more space than the registry files themselves :)
* In the worst case, the integrity of the registry was violated during a reboot and you could lose the entire hive (most often, again , HKCU). This, by the way, continues to this day, quite a lot of noise rises about the service updating Google Chrome, which likes to open many descriptors and forgets to close some of them.
The problem was so serious that Microsoft released a special service called “ User Profile Hive Cleanup Service ”, which forcibly disconnects everyone from the registry upon reboot (though only for HKCU / ntuser.dat). Highly recommend.
All this showed how critical registry integrity is for WinNT-based systems. Nonetheless,
- In NT / 2000, there is no automatic registry boot.
- In WinXP, the registry backup is performed only during the general system backup (if you select Backup System State). In this case, the OS files (~ 500MB) are placed in the directory specified by the user, and the registry backup is in C: \ Windows \ Repair, from where it must be copied with handles (well, or remove 500M of junk if you only needed to backup the registry). Unfortunately, the Windows GUI does not allow you to select subdirectories in NUL :)
- In Vista / W7, bakup is produced entirely in VHD; System Restore, as it turned out, is not reliable enough, and \ Windows \ Repair is not in sight. ** UPD ** But there is a similar to it \ Windows \ System32 \ Config \ RegBack, which is updated every 10 days by the Task Scheduler. Thanks to the kind people from the comments . True, there is only a system registry.
There was no other easy way to get the registry, and I had to come up with it. So there was ERUNT (ERU for NT).
ERUNT.
ERUNT was developed by a German specialist by the name of Lars Hederer , and, in fact , backs up the registry of any WinNT-like OS (NT / 2K / 2K3 / XP / Vistal / 7) to the specified directory "in real life" (that is, not when rebooting , and at any time during the operation of the OS).
You can read the details of the application in the readme file , but I’ll tell you how I personally liked it and how I use it.
- It has a GUI and CLI for backup and recovery. It is very convenient to use the GUI for testing, and then roll everything into the command line parameters and create a Task (about which below). Similarly for recovery: for full recovery, you can make a simple batch file, for some special situations you can run the GUI and select what you need.
- Allows you to select highways (system and user) - you can bakapit: system, user profile, profiles of other users, all together. Initially, I had a plan to "bakap all once a week, bakapit profile every day", but the program works so fast, and bakapy take up so little space that now I just bakapu every day.
- Restores the registry from a special bootloader or Windows Recovery Console. Usually, a console is enough (because, in fact, a banal rewriting of files occurs).
- It is installed through the installer, but it seems that it does not put any files outside its directory, so it is suitable for portable use. The .INI file is stored in the directory, into which you can write the default values, which allows you to reduce the number of command line keys specified each time. In any case, the recovery utility works completely independently.
- A bunch of interesting options automated bakapa. For myself, I did the following:
- In the directory D: \ Install \ __ Backups \ RegBackup-ERUNT \ subdirectories are created with the date-time in the format I need (approx. RegBackup-ERUNT \ 2012-04-19-17.00.04 \).
- Each such subdirectory contains, in fact, registry highs and a recovery utility (so as not to strain).
- The history of the bucks is stored for 30 days (you can configure by the number, say, the last 5, or by time). Old ones are deleted automatically (disabled).
- If you have already done bakap today, the second (third, etc.) time is skipped. (useful, because in the Task Scheduler there is an option "if the time for launching the task is missed - run as soon as possible", in this way two buckups per day can be launched).
- Standard options like silent mode, etc.
- What impressed me most was that in the toga I got rid of most of the command line switches, because the default values set by the author do exactly what I need! :) The rest was set in the INI file and as a result the huge command line was reduced to AUTOBACK.EXE <directory name for back-ups> \ # Date # - # Time #.
In conclusion, I am attaching ERUNT.INI and .XML for the Task Scheduler.
ERUNT.INI (to the directory with ERUNT):
[ERUNT]
DefaultDestinationFolder=D:\Install\__Backups
DateFormat=yyyy/mm/dd
DateSeparator=-
TimeFormat=hh:mm:ss
TimeSeparator=.
ERUNT.XML (imported into the Task Scheduler, correct the user name and path):
2012-04-01T21:27:40.026817 APCNB\apc 2012-04-01T17:00:00 PT1H true 1 APCNB\apc S4U HighestAvailable IgnoreNew false true true true false true false true true false false false false false PT1H 7 PT1H 3 D:\Install\__Backups\RegBackup-ERUNT\#Date#-#Time# C:\bin\ERUNT\ In general, the author of the utility has been dealing with this issue since 2001 and knows his business - I highly recommend it for use!