The worst has happened: The Registry has crashed, and you can't get into your computer. Work still has to get done, and deadlines are looming. Don't you wish you could just press Ctrl+Z and make it all come back?
Unfortunately, there isn't an Undo for Registry changes, whether they are made manually or generated by the installation of hardware, drivers, or software. But having a good backup and a good plan for restoration is the next best thing. If you wait until the crisis hits to decide what to do, it may make you feel old way too early.
If your Registry is gone, it's gone. But this chapter shows you how to get your system going again.
Most Registry crashes occur because of something you do: You make a Registry change, you add a driver for hardware, you add software, and so on. The fastest way to recover from a change-induced crash is to return to the last Registry that worked. Every time you boot Windows NT, you are presented with the option of selecting the Last Known Good menu by pressing the spacebar. (See Figure 5.1.)
Figure 5.1. The OS 4.0 Loader screen.
The Last Known Good menu (shown in Figure
5.2) gives you two options for recovery
in addition to choosing a hardware profile. You can choose the Last Known Good settings
(created the last time NT started correctly), or you can return to the last configuration
you saved.
Some people have asked whether there is a way to eliminate the Last Known Good menu at startup. Though it may seem like a hassle today, imagine the repercussions of its demise. If you couldn't get to the last saved or last correctly configured Registry, you would have to go to much greater lengths to fix the Registry.
Figure 5.2. The Last Known Good menu.
If you switch
to the Last Known Good configuration, you are given the option of returning
to the default configuration by pressing the D key.
There is an important difference between choosing the default configuration and choosing Last Known Good. If you choose the default configuration, you are returned to the last saved Registry and given options for the hardware profiles. If you choose Last Known Good, you get the Registry that was copied during the last startup for each of the profiles that was used. Your original configuration profile might be from yesterday, but your other Last Known Good profiles might be from some time ago!
WARNING: The Last Known Good may not be as good as you think. Just because the Registry worked for startup doesn't mean it will work for everything. Data is saved at startup, but the error(s) that caused the system crash might not have taken effect until after the system started and wrote new data to the disk.
TIP: Save your Registry often to prevent problems.
Generally, Last Known Good takes care of your problem. You can run your system again, fix the problem, and save the configuration in the \REPAIR directory with RDISK.EXE.
If Last Known Good doesn't work, the next line of defense is to use the Emergency Repair Disk (ERD) that you created at installation or with RDISK.EXE. It is critical that an ERD is created for every system in the organization, and that it is updated regularly.
TIP: I update the ERD every time I make significant changes to the system, be they hardware or software. I install the new item, test it to make sure it works correctly, then I update the ERD. I even include a line on my installation checklist to make sure everyone else does, too. (I include software installations as well, because the software installation may change hardware settings.)
Using the ERD is simple, but it requires the three Windows NT installation floppies.
TIP: If you don't have the installation floppies, create them from the Windows NT CD-ROM using the command WINNT32 /OX or WINNT /OX. This will create floppies, but will not actually perform the installation. WINNT.EXE can be executed from any system, but WINNT32.EXE requires Windows NT.
Reboot the system with disk 1 in the floppy drive. It will load many drivers and prompt you for disk 2. Disk 2 reads the hard disk drives for any currently installed instance of Windows NT. If it finds your installation, it prompts you to reinstall, upgrade, or repair the NT version it found.
NOTE: Because the installation routine used drivers from the Windows NT CD-ROM that were copied to the floppies, even if your drive controller driver was corrupted, you could still run this repair routine.
If you choose to repair the NT version, you must decide which sections of the system to test. Testing options include
You might as well test all of these and fully check your system. Sometimes, the problem is not what you assumed. After you choose to continue, the system detects any mass storage devices (disk drives and controllers), prompts for disk 3, then for the ERD.
If you have an ERD, the process is easy. You can restore any or all of the following Registry files, but you might lose configuration data entered since the last update of the ERD.
You can restore any of the following Registry files (hives):
After you choose which Registry files you want restored, you'll be prompted to match the files and settings on the ERD with the ones on the hard disk. If files are missing or have different dates or sizes, you'll be notified and prompted to update or skip the files.
TIP: Check the files one by one rather than choosing to fix all of the files. There may be files that are of no use to you, perhaps from devices that you have removed from the system. Replacing those files may cause errors in your system.
If you don't have an ERD, the system must find the files on original media (the location that you installed from). At best, you'll lose all configuration information, meaning you must reconfigure all your devices. It's possible that you'll have to reinstall all your devices. The worst-case scenario is you'll have to reinstall NT from scratch.
A Registry restoration through the Repair utility and the ERD will restore most critical settings to your computer. The limitation of the ERD is that it does not cover the full Registry. It does not contain, and therefore cannot restore, all the user settings, file security settings, and shares. Most of the time, though, those are not affected by crashes.
A full Registry restoration is dependent on what type of backup you made, what condition the rest of NT is in, and what type of file system you are using. If the system is completely down, the process of getting everything working can be more difficult than if the system is operable but in need of repair.
Table 5.1 lists the restoration requirements as they relate to the state of the
system, the file system employed, and the backup type.
Table 5.1. Registry restoration options.
| System Condition | File System | Backup Type | Restoration |
| Running | NTFS or FAT | Full backup | Restore all or part from backup |
| Running | NTFS or FAT | Incremental backup | Restore full, then all incrementals to
ensure that all of the Registryis copied |
| Running | NTFS | Full copy | Not available |
| Running | FAT | Full copy | Start other OS, copy files from source |
| Not running | NTFS | Full backup | Reinstall NT, restore all or part from backup |
| Not running | NTFS | Incremental backup | Reinstall NT, then restore full, then restore all incrementals to ensure that all of the Registry is copied |
| Not running | FAT | Full | Restore all or part from backup, if a restore application is available from DOS |
| Not running | FAT | Incremental | Restore full, then all incrementals to ensure that all of the Registry is copied, if a restore application is available from DOS |
| Not running | FAT | Full copy | Start other OS, copy files from source |
| Running | FAT or NTFS | None | Reinstall applications, configure settings, manually change Registry |
| Not running | FAT or NTFS | None | Reinstall NT, applications configure all settings, manually change Registry |
NOTE: As you can see from Table 5.1, FAT volumes make the restoration of a destroyed system much easier. The only disadvantages are FAT volumes' lack of security and fault tolerance. The lack of security can be overcome by putting all applications and data files on a separate volume from the system volume (where NT and the Registry are held). Make the extra volume NTFS, and then apply necessary security as desired. Fault tolerance is another issue. NTFS allows you to mirror or duplex the system volume, so even if there is a hard-drive crash, the system won't go down. There is no loss of use of the system from the console or by network users. That same capability can be obtained with hardware functions called hardware RAID, which adds the capability of hot-swapping the drives so that the system never has to be taken down. Hardware RAID uses a specialized controller card and specially designed hard disk drives (usually in an external cabinet) to allow the fault tolerance. Windows NT looks to it as a single device, even though there may be four, six, or even more hard drives in the cabinet. It uses its own functions to maintain drive performance and reliability. Software RAID is a function in Windows NT, using Disk Administrator, that allows similar redundancy and reliability. It uses off-the-shelf disk drives and controllers, and relies on Windows NT to supply the necessary software to produce a fault-tolerant system. The best choice, then, is FAT with hardware RAID (and copy or back up the Registry), or NTFS with software RAID (and a little longer restoration cycle).
Whatever method you choose to protect your Registry, protect it so you don't have to reconstruct your system from scratch.
NOTE: Even after 13 years of experience with computers and their users, it still amazes me how many people never back up. Who does? Usually, they are the ones who have had a serious crash without a backup, and had no other choice but to rebuild their systems from scratch. Don't be one of the statistics. Even if the system crashes, you can feel confident with your restoration options.
In the previous chapter, you saw how to back up the system using NT Backup. Restoring the system is also very easy. The only caveat is that NT must be installed, the system files must be in the same directory as the original (such as C:\WINNT), and a supported tape drive must be running.
After launching NT Backup with Start |
Programs | Administrative Tools | Backup,
select the Tapes window (as shown in Figure 5.3). Select the tape and tape set you
would like to use.
Figure 5.3. NT backup
If you want to restore only part of the current tape set (only some of the directories or files), double-click the tape-set name. NT Backup performs a Catalog Status procedure to list all the files that are contained on the tape. This procedure is very similar to a DIR command in DOS, except that it takes longer. Select and deselect files as necessary (as Figure 5.4 illustrates).
After you choose the files and directories, confirm the options for the restoration with Operations | Restore. If you want the Registry to be restored to the local system, you must select it in the dialog box shown in Figure 5.5. Selecting the files in the catalog is not enough. If you do not select Restore Local Registry from the Restore Information dialog box, you will receive a File in Use error, and the files will not be restored.
Figure 5.4. Choose which directories and files will be restored.
Figure 5.5. The Restore Information dialog box.
NT Backup prompts you if any files
will be overwritten, as shown by the dialog box
in Figure 5.6. Be very careful about overwriting files that are on your system. Selecting
Yes to All restores all the backed-up files and replaces any that are currently there,
regardless of the date of
the files.
Figure 5.6. The choice to overwrite is yours.
TIP: This is where the restoration of NT from a DOS application to a completely bare drive really comes in handy. There is no worry about overwriting files, which may cause version-related challenges. Look for that feature when evaluating backup software.
Your ability to recover from a disastrous system crash is fully dependent on the quality of your backup. Without a conscientious effort to protect your information, you will spend too many hours trying to recover, only to find that full recovery is impossible.
After you have created good backups, protect them well. With that backup information, you can then quickly recover, regardless of the level of problem. If the problem is minor, use Last Known Good. If it is a little more serious, you can probably recover with your Emergency Repair Disk. If neither of those will restore the required information, use the backups created with your backup software.
© Copyright, Macmillan Computer Publishing. All rights reserved.
