Background
The reason you can't select the TrueCrypt mounted volume as a backup destination for the built-in "Windows Backup and Restore Center" on Windows Vista and Windows 7 is because your user account mounted the TrueCrypt volume but the Backup Service runs as the SYSTEM account. 2
Contraints
- In order for this solution to work, you must be able to backup to a network location. This is not supposed by all editions of Windows Vista and Windows 7. The following editions DO support backup to a network location:
- Windows Vista Home Premium
- Windows Vista Business
- Windows Vista Ultimate
- Windows Vista Enterprise
- Windows 7 Professional
- Windows 7 Ultimate
- Not all editions of Windows Vista or Windows 7 support Full System Backup (aka "Complete PC Backup"). The following editions DO support Complete PC Backup:
- Windows Vista Business
- Windows Vista Ultimate
- Windows Vista Enterprise
- Windows 7 Home Premium
- Windows 7 Professional
- Windows 7 Ultimate
- I've only verified this solution on Windows Vista Business 64-bit SP2 with TrueCrypt 6.3a.
Gotchas
If you also use TrueCrypt to encrypt your backup source, there is a limitation on TrueCrypt (at the time of writing, Version <= 6.3a) on support for the Volume Shadow Copy service:
The Windows Volume Shadow Copy Service is currently supported only for partitions within the key scope of system encryption (for example, a system partition encrypted by TrueCrypt or a non-system partition located on a system drive encrypted by TrueCrypt). Note: For other types of volumes, the Volume Shadow Copy Service is not supported because the documentation for the necessary API is available from Microsoft only under a non-disclosure agreement (which is impossible to comply with because TrueCrypt is open source).
Since the File Backup (aka "Back Up Files") option uses the Volume Shadow copy Service (VSS) to perform its backup, this means you will not be able to backup sources that are encrypted outside of the scope of the system encryption key (e.g. an external hard drive that has been encrypted or the contents of a file based TrueCrypt volume).
The folder share will not survive being unmounted and mounted to a different drive letter. (It may not even survive unmounting and remounting to the Same drive letter, but I haven't confirmed this yet). If you don't want to have to manually create this share each time, you may need to script out it's creation as a log-on script or something.
- "Windows 7 allows performing a full system image backup to a network location however subsequent incremental system image backups cannot be performed to a network" 8
Solution
NOTE: The following instructions are for Windows Vista Business 64-bit SP2 but the steps should be the same on any supported Vista editions and very similar for any supported Windows 7 editions. See above for supported editions.
To perform a File Backup (aka "Back Up Files"):
- Mount the TrueCrypt encrypted file system which will serve as the destination for the backup
- Create a folder on the mounted volume where you want to store the backups (e.g. "Backups")
- Right-click on the folder created above and select "Share"
- Type in SYSTEM
- Click "Add"
- In the "Permission Level" drop down next to the SYSTEM user, select "Co-Owner"
- Click "Share" (Your user should already be listed as the owner since you created the share, but if not, add it as the owner)
- Accept the UAC pop-up if you receive it.
- Click the Windows Start Menu
- In the Search box type: Backup Status and Configuration
- Press "Enter"
- In the top right, Click "Back Up Files"
- Click "Change Backup Settings"
- Click "Continue" if you receive a UAC prompt
- Click "On a network"
- In the text box type:
\\COMPUTERNAME\ShareName\ (e.g. \\JOHNS-COMPUTER\Backup\)
- Click "Next"
- Provide your user's username and password when you receive the credentials prompt
- Click "OK"
- Select the file types you want to backup
- Click "Next"
- Provide your scheduling information
- Check the box that says "Create a new, full backup now in addition to saving settings"
- Click "Save Settings and Start Backup"
NOTE: The Complete PC Backup on Vista doesn't give you the option to backup to a network location in the GUI, but you can do so from the command line using WBADMIN.EXE on supported editions.
To perform a Full System Backup (aka "Complete PC Backup"):
- Mount the TrueCrypt encrypted file system which will serve as the destination for the backup
- Create a folder on the mounted volume where you want to store the backups (e.g. "Backups")
- Right-click on the folder created above and select "Share"
- Click "Share" (Your user should already be listed as the owner since you created the share, but if not, add it as the owner)
- Accept the UAC pop-up if you receive it.
- Click the Windows Start Menu
- In the Search box type: cmd.exe
- Press "Enter"
- In the CMD prompt, type:
WBADMIN START BACKUP -backupTarget:\\COMPUTERNAME\ShareName -include:C: -user:<youruser> -vssFull (e.g. WBADMIN START BACKUP -backupTarget:\\JOHNS-COMPUTER\Backup -include:C: -user:jdoe -vssFull )
- Press "Enter"
- When prompted "Do you want to start the backup operation?" type: Y
- Press Enter
References
1) For some manufacturers (Dell) you can get a tool from them to burn your system restore data to a DVD. For others, you may look into creating a bootable cd using a tool like BartPE, VistaPE, or another generic rescue disk maker. I personally use BartPE, it was quite easy to use.
2) System restore points can't be put onto a disk, from vista on, the computer uses what's called "Shadow Copies" (it doesn't really delete things when you make changes, it just deletes the header, but keeps track of the old file). Since it doesn't actually have a block of old files laying around, there's nothing to move to CD.
3) If you need to import a registry backup into a corrupted install you can use a win7 disk you borrow from someone else, or you can use a rescue disk like BartPE or whatever - they almost univerally have registry editors included.
4) to use restore points from a boot scenario, you need a windows 7 DVD. Once you boot up from the CD, just hit "repair" instead of "install" and then select the option about restore points. I think it's called "roll my system back" or something similar.
Post Script - If you're not able to burn a windows 7 disc from your rescue files on the computer, try calling up their tech support and telling them your partitions got messed up or something similar and so you lost the rescue data. Ask them to mail you a restore DVD, it's a hell of a lot cheaper than sending a tech out, so they'll usually do it.
Best Answer
There is a way to restore the registry if System Restore is enabled.
If you can boot into Windows you can use System Restore to restore the registry by restoring the system to a restore point before the incident.
If you cannot boot into Windows, you can try booting into Windows safe mode. You can use System Restore from safe mode as well.
If you cannot boot into Windows normal mode nor into safe mode, you can try performing a startup repair, and at the same time restore the system to a restore point before the incident by using WinPE/WinRE.
If you want to restore only the Windows registry you will have to do it manually. System Restore stores its Restore Points (RP) in a folder called _Restore{#} where # represents a Hex number. It is located in C:\System Volume Information. You will have to take ownership of this folder and all of its subfolders. Each restore point has its own folder of the format RP### where the ### stands for a 3-digit number.
After taking ownership of the C:\System Volume Information folder and its subfolders, locate the RP folder that goes back to a date before the incident.
For example, to restore Windows registry from restore point 100, issue following commands in a command prompt.
You don't have to copy them all unless you need to or you want to.
Reboot and the registry should be restored.