Hi all,

I'd like to backup my security accounts so that I can restore them on a new
install of XP. For some reason I don't want to make a full system restore
for my system has become somewhat unstable. I'll have to reinstall every
single application but I don't want to lose security accounts.

What I'd like is then to reinstall XP on a new computer but to keep previous
security (user accounts, profiles, aso). I'll reinstall all applications so
that I can reuse previously saved local profiles (I have some that I cannot
afford losing). The final aim is to avoid re-registering the computer into
the domain again.

Is it possible? What's the best way to achieve this?

Thanks for any hint/suggestion.

Vince C.

There is no tool available to do exactly what you ask.
What you can do however, is to use the Fast tool (file=20
and settings transfer =3D fast) to collect together what=20
should be transferred from an old account and restored=20
into the new accounts.
You will need to define the new accounts in the new=20
install. For each account you need to log in before in=20
the old system and then again in the new system, each=20
time running Fast.
You will find Fast as the fastwiz file in the CD, IIRC it=20
its in the support folder. You will want to filter down=20
rather severely what files are transferred, keeping things=20
like the email software's pst pab etc files, but not keeping=20
things like exe files or the transfer file will become large.

--=20
Roger=20

"Vince C." > wrote in message =
...
> Hi all,
>=20
> I'd like to backup my security accounts so that I can restore them on =
a new
> install of XP. For some reason I don't want to make a full system =
restore
> for my system has become somewhat unstable. I'll have to reinstall =
every
> single application but I don't want to lose security accounts.
>=20
> What I'd like is then to reinstall XP on a new computer but to keep =
previous
> security (user accounts, profiles, aso). I'll reinstall all =
applications so
> that I can reuse previously saved local profiles (I have some that I =
cannot
> afford losing). The final aim is to avoid re-registering the computer =
into
> the domain again.
>=20
> Is it possible? What's the best way to achieve this?
>=20
> Thanks for any hint/suggestion.
>=20
> Vince C.
>=20
>

"Roger Abell {MVP}" > a écrit dans le message de
...
> There is no tool available to do exactly what you ask.
> What you can do however, is to use the Fast tool (file
> and settings transfer = fast) to collect together what
> should be transferred from an old account and restored
> into the new accounts.
> You will need to define the new accounts in the new
> install. For each account you need to log in before in
> the old system and then again in the new system, each
> time running Fast.
> You will find Fast as the fastwiz file in the CD, IIRC it
> its in the support folder. You will want to filter down
> rather severely what files are transferred, keeping things
> like the email software's pst pab etc files, but not keeping
> things like exe files or the transfer file will become large.
>
> --
> Roger

Thanks Roger.

If I understood there is no way to recover the machine SID, for instance? At
that level it seems it's as fast to save my profiles somewhere, logon using
new accounts and restore all profiles from saved locations. I also assume
I'll need to set access rights on all registries accordingly.

I read a little on ASR (Automated System Recovery). Can't it substantially
do what I want? I won't have both machines in the same time, that's my
problem...

Vince C.

ASR would be similar to just doing a backup with system state=20
and then restoring after the fresh install, which you indicate you=20
have reason for not wanting to do.
Simply copying profiles is no longer an advised way of doing=20
things. There is now stuff stored there that is SID sensitive as=20
well as controlled by encryption based on a hash of the password.
The Fast approach would be very tedious if there are many accounts,=20
but it will handle things like Office product identities, email storage, =

etc. which is otherwise a little tricky.
In the long run, trying for a shortcut based on simple copy out=20
and copy back will probably end up being more effort (again,=20
depending on how much of this you need to do)

--=20
Roger=20

"Vince C." > wrote in message =
...
> "Roger Abell {MVP}" > a =E9crit dans le message de
> ...
> > There is no tool available to do exactly what you ask.
> > What you can do however, is to use the Fast tool (file
> > and settings transfer =3D fast) to collect together what
> > should be transferred from an old account and restored
> > into the new accounts.
> > You will need to define the new accounts in the new
> > install. For each account you need to log in before in
> > the old system and then again in the new system, each
> > time running Fast.
> > You will find Fast as the fastwiz file in the CD, IIRC it
> > its in the support folder. You will want to filter down
> > rather severely what files are transferred, keeping things
> > like the email software's pst pab etc files, but not keeping
> > things like exe files or the transfer file will become large.
> >
> > --=20
> > Roger
>=20
> Thanks Roger.
>=20
> If I understood there is no way to recover the machine SID, for =
instance? At
> that level it seems it's as fast to save my profiles somewhere, logon =
using
> new accounts and restore all profiles from saved locations. I also =
assume
> I'll need to set access rights on all registries accordingly.
>=20
> I read a little on ASR (Automated System Recovery). Can't it =
substantially
> do what I want? I won't have both machines in the same time, that's my
> problem...
>=20
> Vince C.
>=20
>

why not just: run secedit and export your security settings
to an inf, run local security policy and export your ipsec
settings (if any) backup your efs keys(if any) backup your
c:\documents and settings\%username% folders. export/backup
the syskey, the profilelist and user keys. check/backup
ms/third party programs that store user data in "other"
locations - licensing info also and for orginal setups.

"The final aim is to avoid re-registering the computer into
the domain again." humm probably need some entries from
the security hive also, probably in the secrets key.

install on a new machine and import the lot. simple. :-)
just an idea, but it will probably work.


>-----Original Message-----
>ASR would be similar to just doing a backup with system state=20
>and then restoring after the fresh install, which you
indicate you=20
>have reason for not wanting to do.
>Simply copying profiles is no longer an advised way of doing=20
>things. There is now stuff stored there that is SID
sensitive as=20
>well as controlled by encryption based on a hash of the
password.
>The Fast approach would be very tedious if there are many
accounts,=20
>but it will handle things like Office product identities,
email storage,=20
>etc. which is otherwise a little tricky.
>In the long run, trying for a shortcut based on simple
copy out=20
>and copy back will probably end up being more effort (again,=20
>depending on how much of this you need to do)
>
>--=20
>Roger=20
>
>"Vince C." > wrote in message
...
>> "Roger Abell {MVP}" > a =E9crit dans le
message de
>> ...
>> > There is no tool available to do exactly what you ask.
>> > What you can do however, is to use the Fast tool (file
>> > and settings transfer =3D fast) to collect together what
>> > should be transferred from an old account and restored
>> > into the new accounts.
>> > You will need to define the new accounts in the new
>> > install. For each account you need to log in before in
>> > the old system and then again in the new system, each
>> > time running Fast.
>> > You will find Fast as the fastwiz file in the CD, IIRC it
>> > its in the support folder. You will want to filter down
>> > rather severely what files are transferred, keeping things
>> > like the email software's pst pab etc files, but not
keeping
>> > things like exe files or the transfer file will become
large.
>> >
>> > --=20
>> > Roger
>>=20
>> Thanks Roger.
>>=20
>> If I understood there is no way to recover the machine
SID, for instance? At
>> that level it seems it's as fast to save my profiles
somewhere, logon using
>> new accounts and restore all profiles from saved
locations. I also assume
>> I'll need to set access rights on all registries
accordingly.
>>=20
>> I read a little on ASR (Automated System Recovery).
Can't it substantially
>> do what I want? I won't have both machines in the same
time, that's my
>> problem...
>>=20
>> Vince C.
>>=20
>>=20
>.
>

Naaa , I am betting that will not work .=20
For example, when did you change the machine's=20
sid so its domain account info is sync'd.

Nice sketch of a long-cut though :-)

--=20
Roger=20

"Peter Clark" > wrote in message =
...
why not just: run secedit and export your security settings
to an inf, run local security policy and export your ipsec
settings (if any) backup your efs keys(if any) backup your
c:\documents and settings\%username% folders. export/backup
the syskey, the profilelist and user keys. check/backup
ms/third party programs that store user data in "other"
locations - licensing info also and for orginal setups.

"The final aim is to avoid re-registering the computer into
the domain again." humm probably need some entries from
the security hive also, probably in the secrets key.

install on a new machine and import the lot. simple. :-)
just an idea, but it will probably work.
>-----Original Message-----
>ASR would be similar to just doing a backup with system state=20
>and then restoring after the fresh install, which you
indicate you=20
>have reason for not wanting to do.
>Simply copying profiles is no longer an advised way of doing=20
>things. There is now stuff stored there that is SID
sensitive as=20
>well as controlled by encryption based on a hash of the
password.
>The Fast approach would be very tedious if there are many
accounts,=20
>but it will handle things like Office product identities,
email storage,=20
>etc. which is otherwise a little tricky.
>In the long run, trying for a shortcut based on simple
copy out=20
>and copy back will probably end up being more effort (again,=20
>depending on how much of this you need to do)
>
>--=20
>Roger=20
>
>"Vince C." > wrote in message
...
>> "Roger Abell {MVP}" > a =E9crit dans le
message de
>> ...
>> > There is no tool available to do exactly what you ask.
>> > What you can do however, is to use the Fast tool (file
>> > and settings transfer =3D fast) to collect together what
>> > should be transferred from an old account and restored
>> > into the new accounts.
>> > You will need to define the new accounts in the new
>> > install. For each account you need to log in before in
>> > the old system and then again in the new system, each
>> > time running Fast.
>> > You will find Fast as the fastwiz file in the CD, IIRC it
>> > its in the support folder. You will want to filter down
>> > rather severely what files are transferred, keeping things
>> > like the email software's pst pab etc files, but not
keeping
>> > things like exe files or the transfer file will become
large.
>> >
>> > --=20
>> > Roger
>>=20
>> Thanks Roger.
>>=20
>> If I understood there is no way to recover the machine
SID, for instance? At
>> that level it seems it's as fast to save my profiles
somewhere, logon using
>> new accounts and restore all profiles from saved
locations. I also assume
>> I'll need to set access rights on all registries
accordingly.
>>=20
>> I read a little on ASR (Automated System Recovery).
Can't it substantially
>> do what I want? I won't have both machines in the same
time, that's my
>> problem...
>>=20
>> Vince C.
>>=20
>>=20
>.
>

"Roger Abell [MVP]" wrote:

> Naaa , I am betting that will not work .
> For example, when did you change the machine's
> sid so its domain account info is sync'd.

Hi

SysInternals utility NewSID allows you to specify the SID that you want applied, so you can set up the
new computer with the same SID as the old one:

http://www.sysinternals.com/ntw2k/source/newsid.shtml

--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter

"Torgeir Bakken (MVP)" > a écrit dans le message
de ...
| "Roger Abell [MVP]" wrote:
|
| > Naaa , I am betting that will not work .
| > For example, when did you change the machine's
| > sid so its domain account info is sync'd.
|
| Hi
|
| SysInternals utility NewSID allows you to specify the SID that you want
applied, so you can set up the
| new computer with the same SID as the old one:
|
| http://www.sysinternals.com/ntw2k/source/newsid.shtml
|
| --
| torgeir
| Microsoft MVP Scripting and WMI, Porsgrunn Norway
| Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide:
| http://www.microsoft.com/technet/scriptcenter
|

Wow...

Thanks Torgeir and all the others. Looks like Indy's quest to the Holy Graal
:-s... I'm getting confused.

Peter's way looks pretty attractive but I understand it might not work.

How about integrally restoring the system and reinstalling Windows XP over it
(say from safe mode, for example)? I know this technique from Windows 9x and
2000. It keeps security, application and document settings while a full system
is installed as though it were the first time but by keeping your touchy stuff
intact.

Would it work? I have a clone of my machine. Assuming that I have set it to
VGA mode prior to saving it, would it work?

In my case I want to keep local accounts under which I have SQL Server run,
for instance. It would *** (just a bit) if I had to re-customize disk
security, folder settings, local groups, aso. Knowing I have the same security
database, I would be able to carelessly restore backed-up files and security
without worrying.

Thanks.

Vince C.

i'll have a bash and see if i can get a procedure going for
the process. can you email me your email address so i don't
have to search wayback in the newsgroups?
is not real, right?



>-----Original Message-----
>"Torgeir Bakken (MVP)" > a
=E9crit dans le message
>de ...
>| "Roger Abell [MVP]" wrote:
>|
>| > Naaa , I am betting that will not work .
>| > For example, when did you change the machine's
>| > sid so its domain account info is sync'd.
>|
>| Hi
>|
>| SysInternals utility NewSID allows you to specify the
SID that you want
>applied, so you can set up the
>| new computer with the same SID as the old one:
>|
>| http://www.sysinternals.com/ntw2k/source/newsid.shtml
>|
>| --
>| torgeir
>| Microsoft MVP Scripting and WMI, Porsgrunn Norway
>| Administration scripting examples and an ONLINE version
of the 1328 page
>Scripting Guide:
>| http://www.microsoft.com/technet/scriptcenter
>|
>
>Wow...
>
>Thanks Torgeir and all the others. Looks like Indy's quest
to the Holy Graal
>:-s... I'm getting confused.
>
>Peter's way looks pretty attractive but I understand it
might not work.
>
>How about integrally restoring the system and reinstalling
Windows XP over it
>(say from safe mode, for example)? I know this technique
from Windows 9x and
>2000. It keeps security, application and document settings
while a full system
>is installed as though it were the first time but by
keeping your touchy stuff
>intact.
>
>Would it work? I have a clone of my machine. Assuming that
I have set it to
>VGA mode prior to saving it, would it work?
>
>In my case I want to keep local accounts under which I
have SQL Server run,
>for instance. It would *** (just a bit) if I had to
re-customize disk
>security, folder settings, local groups, aso. Knowing I
have the same security
>database, I would be able to carelessly restore backed-up
files and security
>without worrying.
>
>Thanks.
>
>Vince C.
>
>
>.
>

"Peter Clark" > a écrit dans le message de
...
i'll have a bash and see if i can get a procedure going for
the process. can you email me your email address so i don't
have to search wayback in the newsgroups?
is not real, right?

Right. In fact I changed it hoping I would receive less spam but I realized it
was a dream...

Vince C.



>-----Original Message-----
>"Torgeir Bakken (MVP)" > a
écrit dans le message
>de ...
>| "Roger Abell [MVP]" wrote:
>|
>| > Naaa , I am betting that will not work .
>| > For example, when did you change the machine's
>| > sid so its domain account info is sync'd.
>|
>| Hi
>|
>| SysInternals utility NewSID allows you to specify the
SID that you want
>applied, so you can set up the
>| new computer with the same SID as the old one:
>|
>| http://www.sysinternals.com/ntw2k/source/newsid.shtml
>|
>| --
>| torgeir
>| Microsoft MVP Scripting and WMI, Porsgrunn Norway
>| Administration scripting examples and an ONLINE version
of the 1328 page
>Scripting Guide:
>| http://www.microsoft.com/technet/scriptcenter
>|
>
>Wow...
>
>Thanks Torgeir and all the others. Looks like Indy's quest
to the Holy Graal
>:-s... I'm getting confused.
>
>Peter's way looks pretty attractive but I understand it
might not work.
>
>How about integrally restoring the system and reinstalling
Windows XP over it
>(say from safe mode, for example)? I know this technique
from Windows 9x and
>2000. It keeps security, application and document settings
while a full system
>is installed as though it were the first time but by
keeping your touchy stuff
>intact.
>
>Would it work? I have a clone of my machine. Assuming that
I have set it to
>VGA mode prior to saving it, would it work?
>
>In my case I want to keep local accounts under which I
have SQL Server run,
>for instance. It would *** (just a bit) if I had to
re-customize disk
>security, folder settings, local groups, aso. Knowing I
have the same security
>database, I would be able to carelessly restore backed-up
files and security
>without worrying.
>
>Thanks.
>
>Vince C.
>
>
>.
>