Send us your tips and questions. You can also visit Bob Chronister's online Tricks & Traps at http://www.winntmag.com/forums/index.html.
Q:
How can I protect Windows NT's Registry so that I don't accidentally corrupt it?
The Registry is an integral part of NT because it stores all user information and software and hardware configurations. To start, back up your system on a regular basis. In my experience, a daily backup of an active workstation or server is mandatory, particularly if you use that system to store important information.
I suggest you run at least two working copies of NT on each of your active systems. On most of my machines, I install a primary copy of NT Server or NT Workstation and a minimum install copy of NT Workstation so that I can still boot to NT if I damage my primary copy.
Always keep a current Emergency Repair Disk (ERD) on hand. You need this disk during the repair process. To use your ERD in the repair process, you boot into the install process, and instead of installing NT, you choose to repair an installation and specifically to repair the Registry. Use this option only if you diligently keep your ERD up to date. To keep your ERD current, run the rdisk /s utility at the command prompt whenever you install new software or update existing software. This utility writes a complete copy of your Registry to a disk. You need to run rdisk /s from the command prompt; otherwise, if you run rdisk from the NT Explorer or My Computer, the utility won't fully update the default, Security Accounts Manager (SAM), and security files on your ERD.
If the size of your Registry exceeds the size of the disk (i.e., the ERD), you can successfully recover your Registry using the regback and regrest utilities from Microsoft Windows NT Server 4.0 Resource Kit and Microsoft Windows NT Workstation 4.0 Resource Kit. Unfortunately, the documentation for these utilities isn't very helpful. To back up the full Registry to a hard disk, you can type
regback <c:\config>
at the command prompt, where <c:\config> is the name of the directory where you want to store the Registry backup (you must create this directory before you use this command).
I suggest you back up your Registry to a \config directory on the same hard disk where the Registry resides (e.g., if you install NT on the C drive, back up your Registry to c:\config). Regardless of which directory you use, for regrest to work, you must back up the Registry to the same drive where the operating system resides. Be aware that you can't back up your Registry to a \config directory and overwrite previous backups with regback. However, you can overcome this problem by using a simple batch file to delete the files in the directory before you perform the backup. The following batch file works with my c:\config example:
c:
cd \config
del *.* /q
regback c:\config
The /q switch on the third line of the batch file tells the command processor to delete the files in quiet mode (i.e., without asking the user for permission). Screen 1, page 220, shows the files regback saves. When you use regback, the utility doesn't save specific user information. Instead, you must save this information manually, as you see in the message in Screen 2, page 220.
Restoring a Registry that you've backed up with regback is far from intuitive. I find that the Registry restore utility, regrest, works best with the \config directory. I recommend that you restore the Registry hives one at a time to maintain complete control of the restore. For example, you can type
regrest c:\config\system c:\config\system.sav machine system
to restore the Registry from my previous example. All regrest restores are made to either user or machine (system is part of machine). After you execute the regrest command, you must reboot your system for the changes to take effect, as you see in Screen 3. Be aware that performing such backup and restore procedures can be lethal to your system.
Q:
What steps can I take if I can't boot into Windows NT?
If you can't set up or boot into NT, you probably have a corrupt boot sector, which is most likely the result of a virus. To work around this problem, you need an NT boot disk, a mandatory resource for most users' NT toolkits. An NT boot disk (not a DOS disk) made on any Intel-based NT machine will work on any other Intel-based NT machine, assuming the boot.ini file is correct (you can always edit the boot.ini file with any standard text editor, such as the DOS Edit command).
An NT boot disk lets you bypass your hard disk's boot sectors. The NT boot disk contains all necessary boot files, except the necessary system files, which stay on the appropriate hard disk. For both Intel- and RISC-based machines, you must format the NT boot disk in NT. On Intel-based machines, copy ntldr, ntdetect.com, and boot.ini to the boot disk. For RISC-based machines, copy osloader.exe and hal.dll to the boot disk. After you copy the files to the NT boot disk, you can protect the disk from viruses by making it read only (i.e., slide the plastic protective button to the lock position). On Intel-based machines, the NT boot disk will load ntldr and ntdetect.com, which will call on boot.ini to find the appropriate location of the \winnt directory and find all other essential files. I always use such a disk to determine whether my boot sector is corrupt. If you can boot to NT with the NT boot disk, you can probably repair the damaged boot sector without much trouble. To repair the boot sector, try one of the following methods.
- If you need to repair the boot sector on an NTFS drive, you can use the emergency repair procedure. To begin this process, insert your NT setup disk #1 and reboot your machine. (Use the disk-based installation procedure for all emergency repairs. If you lose your three NT setup disks, you can re-create them by booting to any system that has access to the NT CD-ROM, and running winnt /ox or winnt32 /ox.) Carefully follow the instructions on screen, and press R for Repair when prompted. Select only the options to Inspect startup environment and Inspect boot sector, and clear the other two option check boxes for the system files and the Registry. (Note that you don't need to have recently updated your emergency repair information when you choose only these first two options.) The repair procedure will then attempt to fix the startup environment. If it doesn't fix the problem, try the next method.
- The DOS Fdisk command is perhaps the fastest and simplest way to fix or replace the Master Boot Record (MBR), but Microsoft doesn't endorse using Fdisk because it can be risky. You can use Fdisk to repair either the MBR or the partition tables, but don't use it if you run third-party partition applications.
On a DOS (version 5.0 or later) machine, make a system disk by running sys.com from the DOS directory or by formatting the disk with the format /s command. After you create the system disk, copy fdisk.exe, format.com, and sys.com to the disk.
Boot to the boot disk you just created, and type
fdisk /mbr
at the disk command prompt. This command replaces the MBR but doesn't alter the partition tables at the end of the sector. As I stated before, this procedure is very fast and doesn't provide you with a message or response. I've used this simple approach to recover numerous corrupted boot sectors, but the process doesn't always work. Interestingly, fdisk will remove any NT signature written onto the drive by Disk Administrator. This problem surfaces only when the disk or partitions on the disk are part of a stripe or volume set. When fdisk removes the NT signature, Disk Administrator places a new one on the disk when you boot into NT and run the Disk Administrator applet.