USING ERUNT TO MAKE AUTOMATIC BACKUPS AND RECOVERY
OF THE WINDOWS XP/2000/NT REGISTRY

Author: Mike Boesen

Last updated 6 September 2007

The following article will be of interest to people who have Windows XP, NT or 2000 operating systems.  The application ERUNT is applicable to all three systems.  However, for the sake of conciseness, I have used the term XP throughout.

If you have installed some application on your PC and it has stuffed up your Registry, or done something else to achieve the same unhappy result, it is worth trying the System Restore function.  Sometimes that will get your Registry back to the way you want.  However, System Restore has not always worked for me,especially when I really needed it.  I decided that I needed a failsafe, foolproof way of restoring my registry.  This article describes the way I do that using an excellent freeware application named ERUNT (Emergency Recovery Utility NT).

My registry backup and recovery strategy reflects the following assumptions:

THE ERUNT REGISTRY BACKUP APPLICATION

Fortunately all that is possible.  A key utility that I use in ensuring I can do all that is the registry backup application ERUNT, which was created by Lars Hederer.  If you download and install ERUNT it will create a full registry backup automatically at the time you first boot your PC on each day.  The backups are saved to folders on your hard drive, with each day's backup in a separate folder.  It is recommended that the backup folders be located in a folder under the  C:\WINDOWS\   folder to ensure that you can access the backups in the event that you cannot boot normally.   The default settings used by ERDNT save the registry backups in daily folders created under this folder:  C:\WINDOWS\ERDNT\AUTOBACKUP\    The daily folders have a name format of dd-mm-yyyy. 

Installing ERUNT is straightforward - run the ERUNT-SETUP.EXE file that can be downloaded from the site above.  I highly advise you to read the very informative README.TXT file that the installation creates. 

During installation, ERUNT will modify your Startup process so that it will function to create a full registry backup automatically at the time of first boot of every day.  In addition, I suggest you accept the setup option of having a shortcut to the ERUNT.EXE executable placed on your desktop or in some other easy to find location. This will enable you to easily create additional backups whenever you feel like it - for instance, before installing some application that might stuff up your registry!   For example, in addition to the normal daily backup created at first boot on 2005-06-28, you could create a backup in a folder named C:\WINDOWS\ERDNT\2005-06-28A\ or C:\WINDOWS\ERDNT\2005-06-28BEFORETEST\ or whatever.

The default settings created during the installation of the currently available version (1.1h) generate a setup with the following characteristics. 

The default folder under which the backup folders are located is %systemroot%\ERDNT\Autobackup\   For most folk  %systemroot%   is C:\WINDOWS\  so that the backup folders will be under C:\WINDOWS\ERDNT\AUTOBACKUP\   I have changed my setup so that the backup folders are located under C:\WINDOWS\ERDNT\  because the \AUTOBACKUP\  folder is redundant and puts the backups one level further down in the folder structure.  (Note:  ERDNT is not a typo.)

The folder created for each day is in the format dd-mm-yyyy (e.g. 28-06-2005).  I have changed my system so that the folders created are in the format yyyy-mm-dd because I want the folders to always be in chronological order.  Hence, on my PC the folder for today's saved registry would be   C:\WINDOWS\ERDNT\2005-06-28\

When the backup is created at the first boot of the day, the backing up proceeds invisibly.  I have changed my setup so that the process is visible and I can see what's going on - there is a dialog box that includes two sets of moving bars and text indicating what is going on during the short backup process.  However, the backup process proceeds automatically, so I don't need to be around when it happens.

ERUNT saves up to 30 day's worth of registry backups in the folders it creates.  After 30 folders are there, ERUNT automatically deletes the most aged folder so that the maximum is kept at 30.  For my registry it takes about 46 Mb per folder, so 30 days worth plus some ad hoc saves takes up a significant amount of space on the hard drive.  However, it is very easy to delete saved registry folders that are excess to requirements.  Every now and then, simply get into Windows Explorer or your favourite substitute explorer (I use PowerDesk) and delete aged backup folders which you feel you will not need (or can't afford space for).  The only problem with this is that you may forget to do such housekeeping, so the space occupied with backups may stay at the full 30 day's worth.  So I have changed my setup so that only 7 days' of folders are saved automatically, plus my ad hoc backups. 

Overall, the automatic saving of backups of the registry works extremely well.  Most users will be happy to let the number of backups increase to the maximum of 30 (if they have enough space), or else will be relaxed about deleting aged backups from time to time.  If you want to set up an automated system in which the number of days of backups is limited to a figure less than 30, then read appendix 1 to this article.  That appendix also explains how I modified the default setup to suit my requirements..

RESTORING A REGISTRY - NORMAL SITUATION

If you want to replace your existing registry with a backed up registry, and your PC is already booted into Windows XP or you can reboot into Windows XP, the recovery process is very simple.   In each backup folder is a copy of the executable ERDNT.EXE (not ERUNT.EXE) plus all else that is needed to make the restoration. So in Windows Explorer or your normal Explorer go to the folder that has the backup in it that you want to restore. Then double-click on the copy of ERDNT.EXE which you will find in that folder. Bingo - that backed up registry will be restored!!  It's that easy. 

RESTORING A REGISTRY - AFTER BOOTING INTO SAFE MODE

Most times you will probably be able to restore the registry that "normal" way.  However, in a few cases you will be unable to boot your PC into Windows XP the normal way. (As they say in the shiny hair ads"may not happen overnight, but it WILL happen".)  If you are in such a situation, then there are a number of recovery scenarios which are described in ERUNT's readme.txt file.  For instance, if you can boot your PC in Safe Mode, then you can get into Windows Explorer and do the restoration as described in the previous paragraph.  Read the README.TXT file to learn how to boot in Safe mode.  Of course, this is more involved than the situation where you are able to boot in Windows XP, but still relatively easy.

RESTORING A REGISTRY - CAN'T GET INTO XP NORMALLY AND CAN'T BOOT INTO SAFE MODE

If you cannot boot into either the normal XP mode or Safe Mode, then the process of restoring a backup of the registry gets more complicated, but can be done.  You should be able to use your original XP CD to get into XP's so-called "Recovery Console".  Note that in order for your PC to boot from the XP CD the BIOS on your PC's motherboard needs to be configured so that your PC will boot from one of your optical drives (CD drive or DVD drive) BEFORE it tries to boot from the hard drive.  This will already be the case if whomever configured your hardware initially did it properly.  Test it by closing down, then see if you can boot your PC by putting the Windows XP CD in your optical drive just after you turn the power on.  If it will boot from the XP CD then your BIOS is probably configured OK.  If it will not boot from any optical drive, I suggest that you configure your BIOS now so that the device boot order is either:  floppy drive, optical drive, hard drive,  OR optical drive, floppy drive, hard drive.  

If you can boot using the original XP CD and can get into the "Recovery Console", you will end up with the old DOS-style command-line environment in the "root" directory of your hard drive.  This environment will allow limited access to some files and folders.  The files and folders of interest in this situation are in the %systemroot% directory and sub-directories under that.  In the examples here, the %systemroot% directory is C:\WINDOWS\  

Let's assume that you are using the default settings that are used when ERUNT is initially installed and that you want to restore a registry that was saved automatically on June 28 2005.   In that case, your automatic backup will be located in this folder:
C:\WINDOWS\ERDNT\AUTOBACKUP\28-06-2005\   In this case, when you are inside the Recovery Console:

  1. Type CD  C:\WINDOWS\ERDNT\AUTOBACKUP  and hit Return.  'CD' means Change Directory (Directory =  'folder' in XP terminology).

  2. Type DIR and hit Return. The  'DIR' command will list the names of files and sub-folders that are in the the folder in which you are located.  The dates shown on the extreme left of thie display in dd/mm/yyy format are NOT the names of files or folders.  The names of the files and folders will be listed on the extreme right hand side of the display.  In this example, there should be a folder named 28-06-2005 with the text <DIR> to the left of the name, indicating that '28-06-2005' is the name of a folder (i.e. a 'DIRectory').

  3. Type   CD  28-06-2005  and hit Return (do NOT include a leading '\'). 
    This should put you in the folder C:\WINDOWS\ERDNT\AUTOBACKUP\28-06-2005\ 

  4. Type DIR and hit Return.   This should list about 10 files and at least one other folder named Users.  File and folder (DIR) names are shown on the extreme right hand side of the display.  One of the files listed will be named ERDNT.EXE and that's the file that you have to execute.

  5. Type  BATCH  ERDNT.CON   and hit Return.  You will see messages relating to copying of each of ten or so files. 

  6. Remove the CD from your optical drive, turn your PC off, and then do a normal reboot.  If the problem that was preventing your PC from booting normally was a corrupt registry, hopefully this process will have fixed the problem.  Note that the BATCH-initiated copying process only restores the system registry.  However, you should then be able to restart into XP Windows and from there you can run ERDNT.EXE to restore all user registries, if required.

If you make any mistake when executing a DOS command such as CD or DIR you willl get a cryptic error message.  The problem will be caused by a typing mistake or you will be located in a folder that does not contain the sub-folder to which you are trying to navigate.  If in doubt, start again at step 1 above.  Irrespective of what folder you are in, typing   CD  C:\WINDOWS\ERDNT\AUTOBACKUP  and then hitting Return will take you back to that folder. 

If you set up your automatic saving process the way I specify below in Appendix 1, the steps are a tad different.  Assuming that the automatic backup was created on June 28 2005, then when inside the Recovery Console do this:

  1. Type CD  C:\WINDOWS\ERDNT and hit Return. .

  2. Type DIR and hit Return. There should be a folder named 2005-06-28.

  3. Type   CD  2005-06-28  and hit Return (do NOT include a leading '\'). 
    This should put you in the folder C:\WINDOWS\ERDNT\2005-06-28\ 

  4. Type DIR and hit Return.   This should list about 10 files and at least one other folder named Users.  File and folder (DIR) names are shown on the extreme right hand side of the display.  One of the files listed will be named ERDNT.EXE and that's the file that you have to execute.

  5. Type  BATCH  ERDNT.CON   and hit Return.  You will see messages relating to copying of each of ten or so files. 

  6. Remove the CD from your optical drive, turn your PC off, and then do a normal reboot.  If the problem that was preventing your PC from booting normally was a corrupt registry, hopefully this process will have fixed the problem.  Note that the BATCH copying process only restores the system registry.  However, you should then be able to restart into XP Windows and from there you can run ERDNT.EXE to restore all user registries, if required.

RESTORING A REGISTRY - AFTER BOOTING BY USING A BART PE CD

Recovery using the XP CD's recovery process is a basic technique involving the use of a few command line terms.  There is a more elegant way of restoring the registry from one of your backups if you cannot boot into either normal XP mode or Safe Mode.  But this is definitely not for the uninitiated as it requires you to make a bootable CD to be used instead of the XP CD.  In the ERUNT README.TXT file there is reference to making such a CD - a Bart PE CD.  Such a CD can be used to boot your computer into a Windows XP-equivalent graphical user interface so no command line skills are required to use its functions.  Once your PC has booted to the Bart PE interface, you can run the A43 File Management System utility that is a Windows Explorer substitute.  You can then go to the appropriate daily backup folder and restore the registry by double-clicking on the file ERDNT.EXE.  There are also a few other open source utilities that can be run and some could be useful.

However, creating a Bart PE CD requires geek skills, especially if your XP CD is the SP1 version.  In that case, you would need to create an ISO image of the XP CD with the SP2 updates applied, then create a CD from that ISO image.  (An ISO file is an image of a CD.)  That can be done using the freeware applications Autostreamer or nLite.  Autostreamer can be used to combine the stuff from the XP SP1 and the SP2 update CD into one ISO file.  Alternatively, you can do the same thing using nLite, which combines stuff from the XP SP1 CD and either the file 'XPSP2.EXE' on the SP2 update CD or the file 'WindowsXP-KB835935-SP2-NU.exe' which can be downloaded from Microsoft (but note that it is 273 Mb in size).  nLite is probably the easier to use of the two applications and it can apply a number of tweaks to XP in the process of creating the ISO file.

RESTORING A REGISTRY - AFTER BOOTING BY USING A UBCD4WIN CD

There is another excellent bootable CD creator that is based on the Bart PE engine, but which has more open source applications available to the user.  It's UBCD4WIN (Ultimate Boot CD for Windows).  This CD is created in much the same way as the Bart PE CD, but with the Bart PE applications ("plugins") being replaced by another larger set.  For instance there are a number of File Management explorers, a registry editor, and a number of hard drive tools including a very thorough hard drive testing utility named DiskCheck. 

A very detailed step by step list of instructions for making the UBCD4WIN CD are here.  Once made, the CD can be used to boot your computer into a Windows XP equivalent mode and it can be used in the same way as the Bart PE CD to restore any of the registry backups that are on your hard drive. 

CLOSING COMMENTS

I hope that this article is of some use to you. Some day in the future you will need to restrore a backup of the registry, and it may not be possible to do it through System Restore.   I recommend that at minimum, you install and use ERUNT in its default configuration and on occasions, manually delete any aged registry backups that are excess to your needs.  If you have advanced skills, I recommend that you modify the startup system so that the number of registry backups is limited to a number of your choice (see Appendix 1), and to create a Bart PE CD or a UBCD4Win CD and put it with your security blankets for that day when stuff happens. 


APPENDIX 1

LIMITING THE NUMBER OF REGISTRY BACKUPS SAVED BY ERUNT
AND MAKING OTHER CHANGES TO THE DEFAULT SETUP

During the ERUNT installation procedure an application named AUTOBACK.EXE is installed automatically.  This executable is the one that does the automatic saving during first bootup for each day.  This can be configured through so-called "command line" options to do things differently to the default settings.  For instance you can make the automatic saving operation visible and save, say, only 7 (or more or less) days of backups instead of the 30. 

In addition, you can create a file named ERUNT.INI and set options in it to implement things a little differently - for instance, having a date format of yyyy-mm-dd instead of the default dd-mm-yyy

All the command line options and ini file options are explained in the file README.TXT that can be found in the folder into which you installed ERUNT.  However, some of the content in that file was unclear to me.

This is what I have done in setting up my system:

Then hit Apply and OK and exit from Explorer (and from Autoruns, if you are using it).

All the stuff after "C:\Program Files\ERUNT\AUTOBACK.EXE" are command-line options.  The location for the backups is indicated by the path %SystemRoot%\ERDNT\#Date#   Because the term %SystemRoot% would be interpreted as C:\WINDOWS\  in my system, the path translates to C:\WINDOWS\ERDNT\#Date#.  The #Date# term leads to the creation of a folder with a name in the format of \yyyy-mm-dd\  because in the ERUNT.INI file explained below, I defined that as my preferred date format.  The terms sysreg, curuser, otheruser refer to the system registry, current user registry and other users registries.  The term /days:7 means that backup folders will be limited to the 7 most recent days worth.  Change 7 to a figure that suits you.

Note that the Date Separator character is a hyphen.  The DateFormat must have slashes, not hyphens (but the name of the folder created will include hyphens, not slashes).

When the PC boots the following events occur.  The example used is for a day with the date of 2005-06-28 

 


APPENDIX 2

HISTORY OF AMENDMENTS

September 6 2007

Corrected yet another mistake in the section entitled RESTORING A REGISTRY - CAN'T GET INTO XP NORMALLY AND CAN'T BOOT INTO SAFE MODE.  You cannot run ERDNT.EXE from the recovery console and instead must run a batch job that copies files.  If I had read Lars Hederer's README.TXT file more carefully I would not have made that error.  Sorry folkes.

September 5 2007

Corrected a mistake in the section entitled RESTORING A REGISTRY - CAN'T GET INTO XP NORMALLY AND CAN'T BOOT INTO SAFE MODE and rewrote that section to make things clearer. 

The mistake was the extraneous '\' in the term  CD  \28-06-2005  (which should simply be   CD  28-06-2005  ).