When Windows 10 have some problems with registry files (in case of corruption, accidental deletion etc.), the system offers a simple way to restore the registry from automatically created backup. In this guide we will show you how to restore the registry in Windows 10 from a backup or system restore point (VSS snapshots) created earlier.
How to Restore Windows 10 Registry from Backup/Restore Point
The system automatically saves a backup copy of Windows 10 registry in the folder %windir%\System32\config\RegBack\.
Each branch of the registry hive is stored in a separate file. There are 5 files total (in parentheses indicate the registry branch that is stored in a file):
- DEFAULT (HKEY_USERS\.DEFAULT)
- SAM (HKEY_LOCAL_MACHINE\SAM)
- SOFTWARE (HKEY_LOCAL_MACHINE\Software)
- SECURITY (KEY_LOCAL_MACHINE\Security)
- SYSTEM (HKEY_LOCAL_MACHINE\SYSTEM)
Accordingly, to restore the registry simply copy the files from RegBack folder (where they are usually updated after updates that affect the registry) to the folder %windir%\System32\Config.
If Windows 10 is turned on, you can’t replace the original registry files in the %windir%\System32\Config since they are locked by the system. However, as a rule, you have to proceed to the registry restore process when your Windows is not booting in normal mode. In this case, you can replace the damaged registry files from the WinPE command prompt by booting to the Windows 10 recovery environment or from Windows 10 distribution disk.
To open command prompt, boot your PC in the recovery mode (you need to interrupt normal boot of your computer 3 times in a row using Power button) and select Troubleshoot -> Advanced Options -> Command prompt.
Also to open Command prompt you can boot your PC from Windows 10 distribution DVD disk or flash drive and on the first installation screen press Shift + F10 (on some laptops Shift + Fn + F10).
Letter of your system drive may be different from C:\ in the recovery environment. To find out what drive letter is assigned to the system partition, enter one by one the following commands:
You can easily determine that the system partition is assigned the drive letter D:\ (volume 2) by the size of disks.
Now use this command to restore the registry from backup:
Xcopy d:\Windows\System32\config\regback d:\Windows\System32\config
Confirm the replacement of files using key A.
After the command execution is finished, all the registry files will be replaced with their backups. You can close the Command prompt and reboot computer to see whether the operability of Windows 10 has been restored.
If the registry files in backup are corrupted, you can try manually restore older version of the registry files from a System Restore point.
Boot into WinPE environment as described earlier and go to the system32 directory:
Display a list of all available restore points using command:
vssadmin.exe list shadows
In this example, the last shadow copy taken 10/20/2016 4:02:40 AM and has Shadow Copy Volume path \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\.
Mount the snapshot on reading to the folder d:\ShadowCopy using the mklink tool:
mklink /D d:\ShadowCopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\
Now you can access files stored in the shadow volume. Simply copy and replace registry files using the following commands:
xcopy d:\shadowCopy\ Windows\System32\config\DEFAULT d:\Windows\System32\config xcopy d:\shadowCopy\ Windows\System32\config\SAM d:\Windows\System32\config xcopy d:\shadowCopy\ Windows\System32\config\SOFTWARE d:\Windows\System32\config xcopy d:\shadowCopy\ Windows\System32\config\SECURITY d:\Windows\System32\config xcopy d:\shadowCopy\ Windows\System32\config\SYSTEM d:\Windows\System32\config
Reboot your computer and the registry should be restored. Hope it was useful!