As I hope everybody does, I have a backup system in place that ensures that I have copies of all critical files, including the system registry.\u00a0 A combination of Volume Shadow Copy and BackupPC ensure that I’ll have ample copies of the registry available, but the registry itself makes recovery a less-than-straightforward process.<\/p>\n
For a bare metal restore, the process is actually not too bad.\u00a0 To be specific, you can pretty much just copy over the registry files with backups (which is pretty much every file in %systemroot%\\system32\\config) then rebooting before doing anything else.<\/p>\n
More specifically, you want these files:<\/p>\n
security, software, system, default, sam<\/pre>\nIt gets a little weirder from there if you need registry elements from the user hives and security hives, which is conveniently spread out into places like “Documents and Settings\\NetworkService\\NTUSER.DAT”, “Documents and Settings\\LocalService\\NTUSER.DAT” and helpfully named things like “UsrClass.dat” spread all over creation.<\/p>\n
It wasn’t really my purpose to delineate all these things, so I’ll move on:\u00a0 instead, my purpose was to point out that what, after losing a drive and reinstalling the operating system, you decide that you don’t want<\/em> to inherit all the cruft that was lurking in your “old” registry, but instead would like to pull over just a few select keys?<\/p>\n
On the plus side, there’s a way to do it.\u00a0 On the minus side, doing so is about as convoluted as the registry itself.<\/p>\n
First, the keys you’re looking for are most likely to be housed in the file “software” or “system,” depending on whether you want some keys describing installed software or hardware, respectively — so restore these files somewhere.\u00a0 The location doesn’t matter, as long as you don’t put them on top of their current locations.<\/p>\n
Second, fire up the registry editor (“regedit” or “regedt32”) which will give you a view of your current registry.\u00a0 Click on HKEY_LOCAL_MACHINE, which will then make the menu option File->Load Hive<\/em> available.<\/p>\n
Go ahead and pick the “software” file you restored, and you’re immediately prompted for “Key Name.”\u00a0 This is the key name to mount the hive under, so pick something that’s not<\/em> a hive already in use.\u00a0 (In other words, do NOT pick “software” or “hardware” and so on.)\u00a0 It’s handy, if possible, to pick something absolutely guaranteed not to be in use as a key or value anywhere in the registry, but really anything will do.<\/p>\n
Now you can browse the hierarchy of the registry from the file you loaded.\u00a0 Note that none of these keys are really “in” the registry, but now you can get to them, to select what you need out of the original registry — in my case, it’s almost universally nit picking serial numbers from software I installed long ago and I have an easier time finding the CD than I do where the original serial numbers went.\u00a0 Once you’ve selected the key, File->Export<\/em> will allow you to extract it in text form.<\/p>\n
Unfortunately, registry exports store the absolute path of whatever you’re exporting, so you’ll have to edit the file to get it back in.\u00a0 N.B.:\u00a0 Regedit is notoriously picky about the format of this file, and it will refuse to import a file that isn’t perfect, right down to white space, so you don’t want to edit it with anything that’s going to touch anything but the text (yes, I’m looking at you, TextPad.)\u00a0 I recommend Notepad with word wrap OFF.<\/p>\n
The exported registry file will be littered with references like:<\/p>\n
[HKEY_LOCAL_MACHINE\\MY_HIVE_KEY\\GoodJobSucking]<\/p>\n
Your job, of course, is to change every single “MY_HIVE_KEY” to “SOFTWARE” (or whatever hive you’re trying to get the key back into, while leaving everything else alone.\u00a0 If you were clever about the hive name you selected, this can be a global search-and-replace.<\/p>\n
Save the file, then use File->Import<\/em> to bring the key(s) back in to the actual registry.\u00a0 When you’re done with this procedure, click on your hive with the crazy name, and select File->Unload Hive<\/em> to be rid of it.\u00a0 There’s no “save” in the registry editor, so you’re done at this point.<\/p>\n","protected":false},"excerpt":{"rendered":"
As I hope everybody does, I have a backup system in place that ensures that I have copies of all critical files, including the system registry.\u00a0 A combination of Volume Shadow Copy and BackupPC ensure that I’ll have ample copies of the registry available, but the registry itself makes recovery \u2026 Continue reading