Restore Windows 10 Registry from Backup using Command Prompt

When Windows 10 have some problems with registry files/settings (in case of corruption, accidental deletion, etc.), the system offers a simple way to restore the registry settings from the automatically created backup. In this guide, we will show how to restore Windows 10 registry from a backup or system restore point (VSS snapshots) that were created earlier.

Regback. How to Restore Registry from Backup in Windows 10?

The system automatically saves a Windows 10 backup copy of some registry hives to the folder %windir%\System32\config\RegBack.

windows 10 registry backup location

Each registry hive is stored in a separate file. There are 5 files total in this location (in parentheses indicate the registry hive that is stored in a file):


Note. Please note that the user’s registry hives are not backed up automatically. These hives are stored in each directory with a user profile in the NTUSER.DAT and USRCLASS.DAT files and you need to make copies by yourself.

Accordingly, to restore the registry in Windows 10, you need to copy the files from the RegBack folder (where they are usually updated after updates that affect the registry) to the folder %windir%\System32\Config.


Registry hives backup copies are created by a separate task RegIdleBack from the Automatic Maintenance subsystem. By default, a registry backup is created every 10 days or when installing system updates, drivers, or programs. To find a task that is responsible for backing up the registry, open the Windows Scheduler (Taskschd.msc). In the Task Scheduler console, go to the section Task Scheduler Library > Microsoft > Windows > Registry.

As you can see, the RegIdleBack task is active (Ready) and the last time completed successfully (Last Run Result: The operation completed successfully – 0x0).

You can run this task manually by right-clicking on the task name and select Run.

restore registry windows 10 command prompt

If your Windows 10 is turned on (online), you can’t replace the original registry files in the %windir%\System32\Config since they are locked by the operating system. However, you can use the registry recovery procedure when your Windows is not booting properly in normal mode. In this case, you can replace the damaged registry files from the WinPE command prompt by booting your computer in the Windows 10 recovery environment or from Windows 10 installation media.

Restoring Registry Backup Task in Windows 10 1803 and Higher

Starting from Windows 10 1803 (and in all newer Windows 10 builds: 1809 and 1903), the task of automatically creating registry backups by default doesn’t work like before. The C:\Windows\System32\Config\RegBack directory is empty, or contains hive files with the size of 0 bytes. What is interesting is that the task RegIdleBackup is active and successfully performed according to the schedule.

According to the comments of Microsoft employees, the automatic backup task was disabled to save space. It also allows you to extract old versions of registry hives from system recovery points (if they are enabled).

You can enable automatic registry backups to the RegBack folder using the registry. To do this:

  • Open the Registry editor regedit.exe;
  • Go to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager;
  • Create a new DWORD parameter named EnablePeriodicBackup with the value 1;
  • Close the registry editor and restart the computer. The next time you start automatic system maintenance (if you did not disable it), the copies of registry hives will also be created. To start a task manually, run the command:
    schtasks /run /i /tn "Microsoft\Windows\Registry\RegIdleBackup"

Tip. You can also make changes to the registry with the command:

reg add "HKLM\System\CurrentControlSet\Control\Session Manager\Configuration Manager" /v EnablePeriodicBackup /t REG_DWORD /d 1

You can also use your own scheduler task (with schtasks) to backup the Windows registry keys to a separate directory (you can also place backup on a separate disk) using the commands:

md C:\PS\RegBack
schtasks /create /ru system /sc weekly /st 12:00:00 /tn "MyRegIdleBackup" /tr "cmd /c del /f /q C:\PS\RegBack & cd /d C:\PS\RegBack & reg save HKLM\SAM SAM & reg save HKLM\SECURITY SECURITY & reg save HKLM\SOFTWARE SOFTWARE & reg save HKLM\SYSTEM SYSTEM & reg save HKU.DEFAULT DEFAULT"

You can manually back up important registry hives or make a full registry backup. Select the required registry hive (or select the registry root), and select Export from the context menu. Specify the name of the reg file in which you want to save your registry.

windows 10 registry backup location

Restore Windows 10 Registry from Command Prompt

To open the command prompt, boot your PC in recovery mode. To do this you need to interrupt a normal boot of your computer 3 times in a row using the Power button. Then select Troubleshoot > Advanced Options > Command prompt.

Also to open the command prompt, you can boot your PC from Windows 10 distribution DVD disk or flash drive. On the first installation screen press Shift + F10 (for some laptops Shift + Fn + F10).

Your system drive assigned a letter in the WinPE recovery environment may be different from C:\. To find out what drive letter is assigned to your system partition, enter one by one the following commands:

list volume

cmd diskpart

You can easily detect your system partition by the large disk size. In our case, it’s the drive with the letter D:\ (volume 2).

Now use Command prompt to restore the registry from backup:

Xcopy d:\Windows\System32\config\regback d:\Windows\System32\config

Confirm the replacement of files using key A.

restore windows 10 registry from command prompt

After the command execution finishes, all the registry files will be replaced with their backup copies. You can close the Command prompt, and reboot the computer to see whether the operability of Windows 10 has been restored.

If the registry files in the backup are corrupted, you can try to manually restore the older version of the registry files from a System Restore point.

Boot into WinPE environment as described earlier and go to the windows\system32 directory:

cd d:\windows\system32

Display a list of all available restore points using the command:

vssadmin.exe list shadows

restore windows 10 registry command prompt

In this example, the last shadow copy has taken 10/20/2016 4:02:40 AM, and has a Shadow Copy Volume path ?GLOBALROOT\Device\HarddiskVolumeShadowCopy6.

Mount the restore point (snapshot) in the Read-only mode to the folder d:\ShadowCopy using the mklink tool:

mklink /D d:\ShadowCopy ?GLOBALROOT\Device\HarddiskVolumeShadowCopy6

restore registry windows 10 command prompt

Now you can access files stored in the shadow volume. Simply copy and replace registry files using the following commands:

xcopy d:\shadowCopy Windows\System32\config\DEFAULT d:\Windows\System32\config

xcopy d:\shadowCopy Windows\System32\config\SAM d:\Windows\System32\config

xcopy d:\shadowCopy Windows\System32\config\SOFTWARE d:\Windows\System32\config

xcopy d:\shadowCopy Windows\System32\config\SECURITY d:\Windows\System32\config

xcopy d:\shadowCopy Windows\System32\config\SYSTEM d:\Windows\System32\config

Reboot your computer, and you’ve successfully Restore Windows 10 Registry. Hope this was useful!

I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.


  1. Thank you, Thank you, Thank you, Thank you!!!

    Saved me hours of reinstalling after trying hours of other stuff!

  2. How about restoring registry from user made backup using regedit.
    Above example is only to restore default registry backup created by windows OS not user.

  3. You have mistake in mklink command. Two backslashes needed
    mklink /D d:\ShadowCopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\

  4. A million thanks to you, and another million more, heck, a trillion thanks. You saved me hours and hours of re-installation and customization and tuning work.

  5. Is the following a cause for concern?

    The mklink returns with no error, and all seems good, but most of the simple commands I try to browse the files there return a rather laconic and not-very precise error:

    d:\Windows\System32>cd d:\shadowcopy
    The parameter is incorrect.

    Further: after trying some 5-10 commands and reeiving the same error message in response to all of them, I tried as a parting shot the first of your xcopy commands above… and it worked!! In fact **all** those xcopy comand worked, but everything else gave me “The Parameter is incorrect.”

    Also: when I am done with the image, is there a “correct” way to unmount the image? Or do i just delete d:\shadowcopy?

    Thanks again, so very much.

  6. Like one of the other commenters, I tried to browse the c:\shadowcopy folder and was blocked, but the copy commands worked anyway. Actually xcopy didn’t work but copy worked. Also also my system drive was mounted as C: so had to adjust the commands as appropriate. Aaaand also also also, the correct command to mount is missing a backslash, as noted by a previous commenter. mklink /D c:\ShadowCopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2 in my case. Thanks!

  7. Hello,

    The spaces in the final five xcopy commands result in “invalid parameters” error. Please remove spaces after d:|shadowcopy\. Other than that, thanks for the useful info!


    xcopy d:\shadowCopy\ Windows\System32\config\DEFAULT d:\Windows\System32\config

    Should be:

    xcopy d:\shadowCopy\Windows\System32\config\DEFAULT d:\Windows\System32\config

  8. Hello, great resource here. After running the commands I get File not found – Default and 0 files copied. They seem to be missing. I have a backup image of my entire system from 4 months ago..perhaps I can use the Registry files from that image backup and copy them over to my current system?

    Can anyone help me with a way to do that? Thanks a million!

  9. you are a LIFE SAVER – this information is priceless and I can’t thank you enough!

    As pointed out above, I also had to include the leading back-slashes on the mklink command and also add a trailing back-slash.

    BTW, if anyone has this issue: I have a custom Win 7 system with add-in cards and an M.2 SATA drive – the Windows 7 boot CD needs the drivers installed to even see my C drive. Long story short: could NOT get the Windows 7 rescue environment to see anything, however, I used a Windows 10 bootable USB and I was able to see ALL my drives including the M.2.

    (to address the elephant in the room : I am stuck with Windows 7 on this particular PC due to the need to preserve legacy devices)

  10. Hi,
    My laptop did not boot correctly even in safe mode and stuck in BSOD loop with error code “driver verifier detected violation”, I had tried different kinds of ways, until I tested your recommendation above. It was perfect. I copied RegBack folder to c:\windows\system32\config and restarted windows 10 and all of things are in its position without losing data.
    Thanks a GIGA

  11. Well written and clearly explained for the most part, but I am confused about using the D drive with the restore point data and uncorruped Registry. Is the D drive supposed to be empty (mine is) and its only purpose is to place the restore point data on it, copy the uncorrupted Registry entries to it, and then boot from it? If so, do you have to mess with the BIOS to point to D as where to boot from?
    If not, can someone please clarify the purpose of the D drive?


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.