System Restore from WinPE

[Ravenlark]

I have been trying to figure something out for work, but I'm stumped, so I thought I would see if anyone here has any ideas.

I have a full WinPE 2004 build, everything works (Network, Explorer etc). It's currently loaded on a local hard drive.

What I ideal want to be able to do, is run System Restore from WinPE.

I am facing an immediate challenge, and a more long term challenge.

The immediate challenge is that SR relies on a service to run, and has registry entries in the System hive.

I have no idea how to add services to PE (I know I can use the Net USe command to start them, but I don't know how to get them ready to be started).

Some registry entries I found for SR are in the System hive, but as PE has no system hive, I was at a loss on where to put that information.

The other issue I can forsee, is that even if I get SR working, how do I point it to the system I am running PE on? (I mean if I make a CD, the system the CD is booting on's native installation) I have an inkling it might be based on the machineguid entry in the registry, since SR reems to keep track of that, but I'm not sure.

Anyone done anything like this before or have any ideas how I might proceed?

Many thanks.

[getwired]

ERD Commander 2005 (from Winternals.com) can do what you want... not sure if you want to buy a commercial product or hack something together yourself.

[Takeshi]

Interesting problem.

I'm not sure if it's at all possible to do a SR offline, i.e. from WinPE to say, an installed XP on C, by the SR GUI or command-line directly.

You can call SR from Safe Mode with command prompt. The Recovery Console can't access the SVI folder.

But I think there is a work around. Bear in mind that SR mostly backs up the registry and the files are all in the SVI subfolders, RPn (where n is a number denoting a SR point).

You can improvise the priniciples outline in:

http://support.microsoft.com/default.aspx?...kb;en-us;307545

to replace the registry hive files from the RPn folder to the C:\windows\system32\config\ directory.

So in essence you rename and copy these

• _REGISTRY_USER_.DEFAULT

• _REGISTRY_MACHINE_SECURITY

• _REGISTRY_MACHINE_SOFTWARE

• _REGISTRY_MACHINE_SYSTEM

• _REGISTRY_MACHINE_SAM

to:

c:\windows\system32\config\sam

c:\windows\system32\config\security

c:\windows\system32\config\software

c:\windows\system32\config\default

c:\windows\system32\config\system

The n in RPn varies but you can read the time stamp to determine its date of creation.

On a side issue, I haven't figured out how to add Explorer to WinPE: can you show me how?

[Ravenlark]

We did consider ERD 2005, but this is for company use and it's not worth paying for all the licenses at this point. Plus the copy of ERD 2003 we have destroys the profile whenever SR is used...puts all the files in the ERDUNDOCACHE folder...not sure if it is still buggy.

Definately manually restoring the registry hives from a given restore point is an option, however the end result that I am shooting for is something that can be done by someone less technical following instructions; I wouldn't want to try guiding someone to replace their registry via Recovery console over the phone.

The advantage of system restore for my our use is the easy interface. That's what I am trying to maintain.

As for Explorer, the instructions I followed are here: http://www.911cd.net/forums/index.php?showtopic=754...since all Cubie's links for explorer on this forum are broken.

The only notes with those instructions are:

-rundll.exe is actually rundll32.exe

-You will also need %system%\system32\gonconv.exe

You will also get an "installation failed" message when starting it from the command prompt, but it works fine.

Keep in mind that some stuff wont work, like certain control panel elements etc....it's mainly just for file browsing.

Anyone else have any ideas with SR?

Or, so I can try another angle, anyone know why WinPE doesn't have a System hive, and where the information that would normally be there is stored / configured?

[d4vr0s]

If you're only wanting to restore the registry, you can look at viceroy's registry restore wizard:

http://viceroy.web1000.com/

Or, so I can try another angle, anyone know why WinPE doesn't have a System hive, and where the information that would normally be there is stored / configured?

The system hive for WinPE is here -> i386\system32\setupreg.hiv

Edited October 26, 2005 by d4vr0s

[Ravenlark]

Thanks for the tip.

Now I know where the System registry is in PE, I'll try porting the whole app over again. I'll post back the results when I have them.

[Ravenlark]

Bah. When I add the system restore info into the WinPE registry, I get the ever-lovely BSOD.

Anyone have any other ideas?

Thanks for your replies.

[Takeshi]

Thanks for the info on explorer.

Although I haven't investigated this, I didn't think the system hive (HKLM) the registry in WinPE would be identical to that in the native OS.

I can't think of anything else right now but the work around above is scriptable and can be implemented. Afterall if you have to tell someone to do a repair over the phone, the other person won't have WinPE on hand either, or will he/she?

Edited October 28, 2005 by Takeshi