Running a DryRun (Impact Analysis)
A Dry Run is a read-only impact analysis that compares the data in your backup manifest against the current state of the live system. It shows what the import would create, change, or leave unchanged — without making any modifications.
The Dry Run is a mandatory step in every GUI import workflow. It cannot be skipped.
When to Use Dry Run
- Before restoring to a system that already has data — See which registry values would be overwritten and which files would be replaced
- Verifying mapping accuracy — Confirm that mapped paths point to real or expected locations on the target system
- Assessing import scope — Understand the full impact before committing to changes
- Selectively excluding items — Deselect individual items you do not want to restore before proceeding with the import
- Compliance and audit — Document the predicted impact for review before executing the import
How to Run a Dry Run
The Dry Run runs automatically as part of the import workflow in the GUI. When you click Import Backup, AppProfileSafe performs preflight validation first, then immediately starts the Dry Run analysis — there is no option to skip it.
The Dry Run opens a progress window titled "DryRun Analysis" with a simulation banner. While analyzing, each application shows a status like "Analyzing (1/3)...". When complete, the results are displayed in the progress grid with a Continue Import button at the bottom. The import only proceeds if you click Continue.
What Gets Analyzed
Registry
For each registry key and value in the backup, the Dry Run reads the corresponding entry from the live Windows registry (after applying mapping rules). It compares:
- Registry keys: Checks whether the key exists on the live system. Reports
Created(key does not exist) orUnchanged(key already exists). - Registry values: Reads the current value and compares it to the backup value. Reports
Created(value does not exist),Changed(value differs), orUnchanged(value matches). Values are compared in a type-encoded format (e.g.REG_SZ:hello,REG_DWORD:42).
Files and Folders
For each file and folder in the manifest, the Dry Run checks whether the target path exists on the live system (after expanding environment variables and applying mapping rules). It compares:
- Existence: Reports
Createdif the file or folder does not exist at the target location - SDDL (ACL): If the item exists and the manifest contains SDDL data, the current SDDL is compared. Reports
Changedif different,Unchangedif identical or if no SDDL is stored in the manifest. The scope of ACL data read during comparison matches the current privilege level (see ACL Preservation).
Result Display
Each analyzed item appears in the progress grid with the following columns:
| Column | Description |
|---|---|
| ✓ | Checkbox indicating whether this item will be included in the import. All items are selected by default. Deselect an item to exclude it — it will receive the status Skipped during import. |
| App | Application name |
| Type | Item type: RegKey, RegValue, File, or Folder |
| Destination Path | Target path (after mapping) — this is where the import would write the data |
| Old Value | Current value on the live system. Empty for items that do not yet exist. |
| New Value | Value from the backup that would be written by the import. |
| Result | Created, Changed, or Unchanged |
Toolbar Buttons
Below the progress grid, the following buttons are available after the analysis completes:
| Button | Action |
|---|---|
| Select All | Selects all items for import |
| Deselect All | Deselects all items from import |
| Export Results | Saves the Dry Run results to a CSV file |
Action Types
| Action | Meaning |
|---|---|
Created |
The item does not exist on the live system. The import would create it. |
Changed |
The item exists but its value or SDDL differs from the backup. The import would overwrite it. |
Unchanged |
The item exists and matches the backup. The import would still write it (to ensure completeness), but no data change would occur. |
Summary
After analysis, the log records a summary: "DryRun completed: N items (X created, Y changed, Z unchanged)".
An audit log entry is written with action DryRunExecuted including the counts. The DiffReport can also be exported as a CSV file with the schema: App, Type, Path, OldValue, NewValue, Action.
After the Dry Run
The progress window shows a Continue Import button after the analysis completes. Before clicking Continue, you can review and adjust the item selection:
- Deselect individual items — Uncheck items you do not want to restore. These items will be skipped during import and receive the status
Skipped. - Use Select All / Deselect All — Quickly select or deselect all items at once.
You then have two options:
- Continue Import — Proceed with the import workflow (system restore point, then actual import). Only selected items will be imported.
- Cancel Import / Close the window — Abort the import. No changes are made to the system.
Limitations
- Registry access errors during the Dry Run (e.g. access denied) are treated as "not accessible" — the key is reported as if it does not exist
- File content is not compared, only existence and SDDL. A file reported as
Unchangedmay still have different content. - The Dry Run reads ACLs on a best-effort basis. If SDDL cannot be read from a file or folder, the comparison is skipped for that item.
- If a registry key is deselected but a value within that key is selected, the value is also skipped because the parent key is required for writing.
- When comparing SDDL between a backup made as administrator and a live system read as a standard user, the comparison may report differences due to the different ACL scope (SACL included in backup but not readable on the live system).
See Also
- Running a Simulation — Preview path transformations only (no live system comparison)
- Simulation vs. DryRun Comparison — Detailed comparison of both preview modes
- Performing the Actual Import — What happens during the real import