Xem mẫu

  1. Backing up and Restoring Windows NT/2000/XP/ Server 2003 Registries Manually If the boot partition of Windows NT/2000/XP/Server 2003 is formatted using the FAT file system, you can easily back up the system registry manually by booting the computer under an alternative operating system (for example, MS DOS or Windows 9x/ME) or even using the boot diskette. When this is done, you will be able to copy registry-hive files to the backup media using any method of copying (for example, you may use both Windows Explorer and the command line). If the Windows NT/2000/XP or Windows Server 2003 boot partition uses NTFS, you may have some difficulties using this method of backing up the registry (however, contrary to information provided in some sources, this isn't always the case). You may sometimes need to format the Windows NT/2000/XP/Server 2003 boot partition using NTFS (this may be required by the security rules adopted by your company or by certain software products, which need to be installed on NTFS partitions). However, you may wish to continue using a manual method of backing up the registry. The simplest method of avoiding any possible problems is a parallel installation of the operating system. Microsoft officially recommends this method of improving system reliability. This tip can be found in both the Resource Kit documentation and in Microsoft Knowledge Base articles. If you follow this recommendation, though, you'll need to consider the compatibility aspects of NTFS 4 and NTFS 5. You can also use shareware or freeware NTFS drivers, which can be downloaded from the Internet). To back up Windows NT/2000/XP/Server 2003 registry manually, copy the files contained in the %SystemRoot%\System32\Config folder to the backup media. Note that you need to use backup media of sufficient capacity, since the contents of this folder almost certainly won't fit on a 1.44 MB diskette. Selection of removable storage media for transporting your files (for system administrators and technical-support personnel these, most probably, will include recovery tools, drivers, system updates, diagnostic utilities and, certainly, backup files, such as registry backups) is very important. Till recently, ZIP disks and CD-Rs were used for this purpose. Over the past few years, however, newer and better media have become more and more popular. If you need a portable toolkit for emergency situations, such things as external USB card readers, Flash Memory cards, and, above all, USB Flash drives, will be invaluable. Such devices can hold up to 1 GB of data, are very portable, extremely light weight, and compatible with any PC equipped with a USB port. Just stick the flash drive into the USB port of your PC running Windows 2000/XP or Windows Server 2003 and Windows Plug and Play will immediately see it as an additional drive (more information on this topic will be provided in Chapter 5). Then copy the files you need to take with you, unplug the device from the PC, and you're ready to go. Flash
  2. drives hold more data than a floppy disk, are more portable than ZIP drives and other remote-storage devices, and are more convenient (and less fragile) than CD-RW disks. In short, USB Flash Drives may just be the perfect removable storage medium. Note Unfortunately, the small size and large storage capacity of such devices, apart from the advantages that they bring, can also make them dangerous. In order to install such a device in Windows 2000/XP or Windows Server 2003, it isn't necessary for the user to belong to the Administrators group. For example, during the installation of portable USB drives the user can bypass entirely administrative safeguards against worms and viruses, unauthorized software such as shareware programs, software pranks, MP3 files, video clips, spyware or keystroke loggers that can enable users to capture passwords or other sensitive information. Another threat created by such devices is that of theft or loss of software and confidential data. Unless you disable all of the USB ports in your environment, they are impossible to defend against. Protective measures that you can take to safeguard your corporate network against these threats will be considered in Chapter 9. The files that need to be copied from the %SystemRoot%\System32\Config folder are listed below: Appevent.evt Secevent.evt Sysevent.evt Default Security System Default.log Security.log System.alt[*] Default.sav Software System.log Sam Software.log System.sav Sam.log Software.sav Userdiff [*] This file was eliminated in Windows XP and Windows Server 2003. It is only present in earlier versions of Windows NT/2000. Note When backing up the registry manually, don't forget to create backup copies of user profiles, which are stored under %Systemdrive%\Documents and Settings\ folders. To create backup copies of user profiles for each user quickly, log in as the Administrator and copy the Ntuser.dat files for each existing user profile (more detailed information on user profiles will be provided in Chapter 10. Restoring the registry from a backup copy that was created using this method requires booting the computer under an alternate operating system. After rebooting, you simply need to copy the registry files from the backup media back to the %SystemRoot%\System32\Config folder.