120 | Chapter 3: The Registry
So, what??™s different about this second procedure? For one, it??™s automated,
using the little-known REG.exe command-line Registry tool instead of the
Registry Editor to create the hive files. (To learn more about REG.exe, open
a Command Prompt window, type reg /? and press Enter.) Also, it automatically
archives the last backup, thus maintaining two sets of backup files at
all times, a feat accomplished by some simple batch-file commands (see
Chapter 9 for more on batch files).
Most importantly, though, it creates five separate hive files from the HKEY_
LOCAL_MACHINE branch??”one for each sub-branch except HARDWARE, which is
dynamically generated??”instead of just one. As a result, the backup files
you??™ll end up with are the same as those Windows normally uses to store the
Registry on your hard disk.
Windows stores the active hive files??”those for HKEY_LOCAL_MACHINE, at least??”
in the \Windows\System32\Config folder. The exception is the HKEY_CURRENT_
USER branch, stored in the NTUSER.DAT file located in the user??™s home
directory (usually \Users\{username}). See Chapter 8 for more on user accounts.
In your snooping, you might discover the \Windows\
System32\config\RegBack folder. Check the dates of the files
in the RegBack folder, and sure enough, you??™ll see that
they??™re recent??”perhaps with yesterday??™s or today??™s date??”
backups of your HKEY_LOCAL_MACHINE hive files.
Although Vista indeed regularly creates these backups,
they??™re neither complete (the HKEY_CURRENT_USER branch isn??™t
included) nor as useful as a backup you make yourself.
Pages:
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187