Restore Windows registry partially

    • 3 min read

    Because editing the registry cannot be done without some risk to the system, it is recommended to create a system restore point before proceeding.

    The registry is backed up using a VSS writer. VSS writers will only be backed up if the file set on the client has the following setting enabled: Use Service with All Non-Excluded Writers (recommended).

    The VSS Registry Writer backs up the hive files, which backs up the registry as a single unit. A hive is a logical group of keys, subkeys, and values in the registry that has a set of supporting files containing backups of its data. Each time a new user logs on to a computer, a new hive is created for that user with a separate file for the user profile. This is called the user profile hive. A user’s hive contains specific registry information pertaining to the user application settings, desktop, environment, network connections, and printers. User profile hives are located under the HKEY_USERS key.

    Traditionally, the writer would be restored in its entirety. If you wish to restore only select portions of the registry, you will need to pull the desired portions out of the registry hive files.

    1. Obtain the hive files from the VSS Registry Writer:

      1. From JobsHistory, right-click the desired job and select Browse and Restore.

      2. Browse to VSS:/System State/Registry Writer/Registry/C:/Windows/System32/config/.

      3. Select the names or links of the various files (these are called subkeys) located within the configuration folder one by one.

        This will prompt you to download the files to the location your web browser uses for downloaded files.

    2. Extract the desired portions of the registry:

      1. Open the hive files by temporarily loading them onto the registry.

      2. Open the registry editor, select HKEY_LOCAL_MACHINE in the left panel.

        HKLM must be the active selection, or the option to Load Hive will not be available.

      3. Select FileLoad Hive.

      4. Point to one of the Subkeys restored from the appliance and select Open.

        Different parts of the registry are located in different areas/subkeys. Determine where to find the registry key you wish to restore.

        The Registry Editor will ask for a name for the key to load the hive into. You can name it any unique string. For example, backup.

      5. Browse into the key to find the portion of the registry you wish to restore.

        Due to the limitations of the registry editor, you will not be able to drag and drop the key to where you want it. You must first export the file, then import it again.

      6. Right-click the desired key and chose Export.

        Save the file in a location you will be able to remember and with a name that you will recognize.

        After the desired keys are exported, you will need to close the hive file.

      7. Select the top key of the hive › FileUnload HiveYes when it asks if you are sure.

        First right-click the REG file created by the export above, and choose edit to open the file in notepad.

      8. From the edit menu, select find and replace.

        Here we will find the temporary location we had the hive file open at (in this example backup), and replace that with where the registry keys should be.

      9. Save and exit.

    3. Double-click the REG file you just edited and confirm all prompts to continue to import the file into the registry.