Restore Windows 10 Registry from Backup using Command Prompt

The system automatically saves a Windows 10 backup copy of some registry hives to the folder %windir%\System32\config\RegBack.

Each registry hive is stored in a separate file. There are 5 files total in this location (in parentheses indicate the registry hive that is stored in a file):

  • DEFAULT (HKEY_USERS.DEFAULT)
  • SAM (HKEY_LOCAL_MACHINE\SAM)
  • SOFTWARE (HKEY_LOCAL_MACHINE\Software)
  • SECURITY (KEY_LOCAL_MACHINE\Security)
  • SYSTEM (HKEY_LOCAL_MACHINE\SYSTEM)

Please keep in mind that the user’s registry hives are not automatically backed up. These hives are saved in the NTUSER.DAT and USRCLASS.DAT files in each directory with a user profile, and you must generate copies yourself.

To restore the registry in Windows 10, copy the files from the RegBack folder (where they are typically changed following registry-related upgrades) to the folder percent windir percent System32Config.

A separate activity from the Automatic Maintenance subsystem, RegIdleBack, creates backup copies of registry hives. A registry backup is produced every 10 days by default, or whenever you install system updates, drivers, or programmes. Open the Windows Scheduler to discover a task that is in charge of backing up the registry (Taskschd.msc). Go to the area Task Scheduler Library > Microsoft > Windows > Registry in the Task Scheduler console.

The RegIdleBack task is active (Ready) and completed successfully the last time (Last Run Result: The operation completed successfully – 0x0).

Because the original registry files in the percent windir percent System32Config are locked by the operating system, you won’t be able to replace them if your Windows 10 is turned on (online). However, if your Windows is not starting properly in normal mode, you can apply the registry recovery technique. In this situation, either booting your computer in the Windows 10 recovery environment or using Windows 10 installation media, you can update the damaged registry files from the WinPE command prompt.

Restoring Registry Backup Task in Windows 10 1803 and Higher

The process of automatically producing registry backups does not work as it did before in Windows 10 1803 (and in all newer Windows 10 builds: 1809 and 1903). The C:WindowsSystem32ConfigRegBack directory is either empty or includes hive files that are 0 bytes in size. What’s more intriguing is that the task RegIdleBackup is running and completing its tasks on time. The automatic backup task was discontinued to save space, according to Microsoft employees’ comments. It also lets you extract older registry hives from system recovery points (if they are enabled).
The registry can be used to allow automatic registry backups to the RegBack folder.

to perform this:

  • Open the Registry editor regedit.exe;
  • Go to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager;
  • Create a new DWORD parameter named EnablePeriodicBackup with the value 1;
  • Close the registry editor and restart the computer. The next time you start automatic system maintenance (if you did not disable it), the copies of registry hives will also be created. To start a task manually, run the command:
schtasks /run /i /tn "Microsoft\Windows\Registry\RegIdleBackup"

Tip. You can also make changes to the registry with the command:

reg add "HKLM\System\CurrentControlSet\Control\Session Manager\Configuration Manager" /v EnablePeriodicBackup /t REG_DWORD /d 1

You may also use the following instructions to create your own scheduling task (using schtasks) to backup the Windows registry keys to a separate directory (or a separate disc):

md C:\PS\RegBack
schtasks /create /ru system /sc weekly /st 12:00:00 /tn "MyRegIdleBackup" /tr "cmd /c del /f /q C:\PS\RegBack & cd /d C:\PS\RegBack & reg save HKLM\SAM SAM & reg save HKLM\SECURITY SECURITY & reg save HKLM\SOFTWARE SOFTWARE & reg save HKLM\SYSTEM SYSTEM & reg save HKU.DEFAULT DEFAULT"

You can perform a full registry backup or manually back up important registry hives. Select the relevant registry hive (or the registry root) from the context menu and choose Export. Set the name of the reg file where you want your registry to be saved.

From the Command Prompt, restore the Windows 10 Registry.
Start your computer in recovery mode to access the command prompt. To do so, use the Power button to interrupt a normal boot of your computer three times in a succession. Then choose Troubleshoot > Advanced Options > Command Prompt from the drop-down menu.

You can also boot your PC using the Windows 10 distribution DVD disc or flash drive to go to the command prompt. Press Shift + F10 (or Shift + Fn + F10 on some computers) on the first installation screen.

In the WinPE recovery environment, the letter assigned to your system drive may be different from C:. To find out what drive letter your system partition is assigned, run the following commands one by one:

diskpart
list volume
exit

You can easily detect your system partition by the large disk size. In our case, it’s the drive with the letter D:\ (volume 2).

Now use Command prompt to restore the registry from backup:

Xcopy d:\Windows\System32\config\regback d:\Windows\System32\config

Confirm the replacement of files using key A.

Following the completion of the command, all registry files will be replaced with backup copies. Close the Command prompt and restart the machine to determine if Windows 10 functionality has been restored.

If the registry files in the backup are corrupted, you can restore an earlier version of the registry files manually from a System Restore point.

Go to the windows system32 directory after booting into the WinPE environment as explained earlier:

d:\
cd d:\windows\system32

Display a list of all available restore points using the command:

vssadmin.exe list shadows

In this example, the last shadow copy has taken 10/20/2016 4:02:40 AM, and has a Shadow Copy Volume path ?GLOBALROOT\Device\HarddiskVolumeShadowCopy6.

Mount the restore point (snapshot) in the Read-only mode to the folder d:\ShadowCopy using the mklink too

mklink /D d:\ShadowCopy ?GLOBALROOT\Device\HarddiskVolumeShadowCopy6

Now you can access files stored in the shadow volume. Simply copy and replace registry files using the following commands:

xcopy d:\shadowCopy Windows\System32\config\DEFAULT d:\Windows\System32\config

xcopy d:\shadowCopy Windows\System32\config\SAM d:\Windows\System32\config

xcopy d:\shadowCopy Windows\System32\config\SOFTWARE d:\Windows\System32\config

xcopy d:\shadowCopy Windows\System32\config\SECURITY d:\Windows\System32\config

xcopy d:\shadowCopy Windows\System32\config\SYSTEM d:\Windows\System32\config

You’ve successfully Restored Windows 10 Registry after rebooting your machine.

Leave a Reply

Your email address will not be published. Required fields are marked *




Enter Captcha Here :