ADSM-L

NT client - ntuser.dat?

2015-10-04 18:08:48
Subject: NT client - ntuser.dat?
From: INTERNET.OWNERAD at SNADGATE
To: Jerry Lawson at ASUPO
Date: 4/29/97 11:53AM
BTW, there is an NT4.0 version of the same text recommended in the book, but by
a different author - it's by Kathy Ivens.  I have found it to be excellent also.
I also found it at Borders; Barnes and Noble seems to carry these too.

Jerry Lawson
jlawson AT thehartford DOT com

Someone else wrote:

>
>This is, indeed, a subtle problem.  I ran into this in January, and it took a
>lot of digging around with NT 4.0 books and a lot of help from IBM Level 2 to
>get around it.  I opened an apar with IBM that was closed as a suggestion -
>IC16250.
>
>It applies only to NT 4.0, not NT 3.5.1.
>I will explain what we figured out as best I can.  If anyone from IBM would
>like to chime in with a more technical explanation, feel free.
>
>The WinNT "registry" consists of information in memory, and information that
>is stored in supporting files on disk.
>When ADSM incremental backup runs (either from the GUI or from the Scheduler
>Service), it uses the REGBACK utility to request registry key information
>from WinNT, stores a copy in /adsm.sys, and sends a copy to the ADSM server.
>So the way I think of it is that ADSM gets most of the registry information
>by doing a "logical" backup of the registry info, rather than by just copying
>the files on disk.
>
>In WinNT 4.0, Microsoft MOVED part of the information that makes up the
>user's profile.  Some of the information, such as the icons that should
>appear on a user's desktop, exists in flat files.  But some of the
>information is in NTUSER.DAT, a file that is new for WinNT 4.0.  In addition,
>Microsoft locks NTUSER.DAT so that while the user is logged on, nothing else
>(including ADSM) can copy NTUSER.DAT.
>
>When a user logs on to WinNT, that user's profile information is copied into
>the "HKEY_CURRENT_USER" registry key.
>Now, you can recover the user's profile from EITHER a physical backup of
>NTUSER.DAT, or a "logical" backup of the HKEY_CURRENT_USER registry key.
>Both are not necessary.
>
>If a user runs a registry backup from the ADSM GUI, that user's profile is
>backed up as part of the "logical" ADSM backup of the HKEY_CURRENT_USER
>registry key, and that user is covered.
>
>When the Scheduler Service runs an incremental backup, if no one is logged on
>it will back up all the NTUSER.DAT files as normal flat files, and everyone
>is are covered.  (There is an NTUSER.DAT file for EVERY locally-defined user
>on the machine, plus one for the DEFAULT profile.)  The NTUSER.DAT files get
>restored as part of the WinNT 4.0 system recovery, you don't have to do
>anything special to get the profiles back.  But, if anyone is logged on to
>the machine at the time the Scheduler Service runs, THAT user's NTUSER.DAT
 >file is skipped.
>
>When the Scheduler Service runs an incremental backup, it does do a logical
>backup of the HKEY_CURRENT_USER registry key, but the "CURRENT USER" in this
>case is the "system" id that runs the Scheduler Service, not the logged on
>user, or the admin user, so it doesn't cover them.
>
>So, in most cases, you will be covered OK - if everyone is logged off when
>your backups run, all the NTUSER.DAT files will be backed up, and you won't
>have to do anything special to recover the user profiles.
>
>Where you are likely to have an exposure is the case we had - a single user
>comes in to work, boots the NT 4.0 system, logs on, stays on all day, shuts
>the whole system down.  That user's NTUSER.DAT is likely to always be missed
>when the Scheduler Service runs.  (Same problem will occur for the admin
>userid, if that userid is left logged on all the time. )
>
>What we do to cover this case (a recommendation from IBM level 2) is to
>create a bat file with this command:  DSMC REGBACK USER CURUSER.  That is the
>command to back up the HKEY_CURRENT_USER registry keys to /adsm.sys.  We put
>this .bat file in the user's startup group.   When that user logs on, the
>DSMC command will do the logical backup of that user's profile as the
>"CURRENT_USER".
>
>To restore this user's profile in a disaster situation (assuming that the
>NTUSER.DAT file is not backed up):
>
>*      Follow all the instructions in the Redbook to bring back the whole WinNT

>system, including the registry.
>*      Reboot.
>*      At this point you should have your userids available, because they
should
>have come back with the restore of the local security data base.  Logon on as
>the desired user.
>*      From a DOS window, run the command DSMC REGREST USER CURUSER.  This
>recovers the profile of the logged-on user, as it was last backed up by the
>DSMC REGBACK command.
>*      Reboot.   (Note this REBOOT is EXTREMELY important.  If you log off and
>logon again without a total reboot, WInNT creates a NEW profile for this user
>from the DEFAULT profile instead of using the recovered one.  The user is
>connected to the new default profile via some registry entries, and you can't
>clean up again without going in and altering the registry entries.)
>
>Some notes:
>
>*    The problem of backing up "logged on users" has has NOTHING to do with who
>is logged on to a WinNT DOMAIN, if you are running a Microsoft WinNT LAN.  It
>only applies to the users logged on LOCALLY to a WinNT server or workstation.





>
>*    I had great difficulty finding out how the WinNT profiles are constructed.
>I went down to the local bookstores and looked at lots of WinNT books that
>say "updated for WinNT Server 4.0!", but most of them aren't really.

>The book I found that actually explains how WinNT profiles are constructed and
>what the corresponding registry entries look like is, "Windows NT Server 4
>Professional Reference", by Karanjit S. Siyan.  Got it from my friendly local
>Border's Books.
>
>
>---------- >From:  Ewald Jenisch[SMTP:Ewald.Jenisch AT univie.ac DOT at]
 >Sent:  Tuesday, April 22, 1997 3:36 PM

>To:    ADSM-L AT VM.MARIST DOT EDU
>Subject:       NT client - ntuser.dat?
> >Hi,
>
>Upon trying to recover an NT 4.0 system from disastrous failure I ran
>into a very subtle problem.
>
>Here's what I've done:
>
>I set up a NT-system (NT 4.0 workstation) and on another partition an
>"NT repair system" as described in
>http://www.redbooks.com/SG244880/ntsysr02.htm
>and
>http://www.redbooks.com/SG244880/ntsysr03.htm
>
I did a backup of the production system using the latest client
>available. During backup however two files weren't backed up (marked >as
failures):
>
>NTUSER.DAT
>and the corresponding "...log"-file.
>
>When I recovered the NT system I started from the repair-partition and
>restored all the files that were on the production NT system.
>
>I then moved the registry files from the c:\adsm.sys\... to the
>corresponding c:\winnt\system32\config as described in the WEB-pages
>above.
>
>Next I tried to boot the restored system, i.e. the "production
>system". It went OK in the first step, however I discovered that when
>logging in with userid "Administrator" (where I also did the backup in
>the first place), all the desktop settings as well as the program
>manager groups etc. were *GONE*!!!
>
>In fact it appeared to me as if user Administrator has been given the
>desktop and setting of the Default user.
>
>
>To double check I tried the process of restoring and configuring the
>production system several times - always with the same "result".
>The problem seems to be with the NTUSER.DAT file not being backed up
>and thus not being restored.
>
>
>Is there any way to *really* restore an NT 4.0 system including the >registry
and settings for all users on the system?
> >Thanks much in advance for any clue,
>-ewald
>
>-- >Ewald Jenisch

|  E-mail: jenisch AT cc.univie.ac DOT at >Vienna University Computer Center  |
>Universitaetsstrasse 7             |  Tel: (+43 1) 406-58-22 x251  Fax x170
>A-1010 Vienna, Austria             |  NIC-Handle: EJ63 > >
<Prev in Thread] Current Thread [Next in Thread>