Repairing Windows 2000 through the Recovery Console

By Brien M. Posey | Jun 27, 2000 | Print this Page
http://www.enterprisenetworkingplanet.com/netsysm/article.php/623601/Repairing-Windows-2000-through-the-Recovery-Console.htm

A little over a year ago, I found a good solution to the problem of repairing Windows NT. This solution uses a utility that I purchased off the Internet: ERD Commander Professional by Winternals Software. This wonderful utility is available from the Winternals Web site for about $324 US (winternals).

ERD Professional creates a series of boot floppies that can gain full read and write access to any partition on a Windows NT system. Because the utility was built on top of the three boot floppies that ship with Windows NT, it can access stripe sets and mirror sets. This utility can access things like the Service Control Manager directly from the command prompt without having your to edit the Registry. You can even use it to change Windows NT passwords from the command prompt of a damaged system. In short, ERD Commander Professional is an absolutely awesome utility, and it's worth every penny of the price if you still support Windows NT 4.0 systems.

Unfortunately, ERD Commander Professional has one big flaw. It supports all the built-in Windows NT mass-storage devices and disk controllers--but if you're using a disk controller that requires a third-party driver, you're out of luck (at least in the year-old version that I have).

Have you ever experienced a Windows NT 4.0 system crash? In such a situation, the ideal reaction is to simply format the hard disk and reload it using a standard disk image. Unfortunately, many smaller companies aren't set up to use standard workstation configurations. In such companies, users often save data to their own local hard drives. Similarly, you don't want to reformat the hard disk on a server if you can avoid doing so.

In these situations, performing a repair can be extremely difficult because of the way that Windows NT protects itself. However, Windows 2000 offers a new utility called the Recovery Console that can help you recover from an operating system crash much more quickly. In this article, I'll discuss the Windows 2000 Recovery Console. As I do, I'll explain how to install it, and I'll provide some basic information for using the extended command set that's associated with the Recovery Console.

Trying to Repair Windows NT

Before you can truly appreciate the Recovery Console, you need to know something about repairing Windows NT 4.0 the old-fashioned way. The difficulty of repairing a Windows NT crash depends on several factors, including whether the operating system will start, the amount of free hard disk space, and the file system loaded on the system's hard disk.

The problem with repairing Windows NT is that NT is designed to prevent you from accessing the hard disk (assuming it's formatted with NT File System [NTFS]) unless you do so through the operating system. If Windows NT has crashed completely, you can't even begin to think about repairing Windows, because you can't access the hard disk. Even if your hard disk happens to be formatted in the file allocation table (FAT) format, accessing it could be impossible outside Windows NT if the hard disk is part of a stripe set or mirror set. It could also be impossible to access certain types of hard disks--such as SCSI disks--outside of Windows NT.

If the NT operating system has crashed completely and you can't access the hard disk from a boot floppy, you have only a couple of options. First, you can reformat the hard disk, reload Windows NT, and restore a backup. However, this solution is no good if you don't have a backup or if you need to preserve any data added to the system since the last backup.

The recommended Microsoft solution is to install a second copy of Windows NT. Naturally, this copy should go in a different directory than the original copy. Once you've installed the second copy, you can use it to access the hard disk and thus repair the original damage. This method has several problems, though. First, it won't work if you don't have enough free hard disk space to load a second copy of Windows NT. Second, even if you do manage to load the second copy and are able to access your hard disk, you still face the difficult task of trying to repair the original problem without being able to use any portion of the old operating system.

For example, suppose you enabled a service in Windows NT that caused the operating system to crash. Now, suppose this service starts automatically upon boot-up and results in an instant blue screen of death. You'd have to be really sharp to repair this problem using the second copy of Windows NT, because you wouldn't be able to access the Service Control Manager directly to shut down the menacing service. Instead, you'd have to figure out which files composed the Registry and edit those files to disable or remove the service that's causing the problem. Doing so can be very difficult, especially if you don't live and breathe Windows NT--if you don't know exactly what you're doing, you can further damage the old operating system.

Repairing Windows 2000

Here are some of the new commands available in the Recovery Console DOS window:

  • chkdsk--Works pretty much the same way it does in any Windows NT environment. You can enter the chkdsk command to diagnose hard disk problems, or use chkdsk /f to fix problems. This version of chkdsk works with FAT 16, FAT 32, and NTFS partitions.
  • disable--Disables a malfunctioning service. For example, suppose that the Alerter service is malfunctioning and causing a blue screen of death on boot-up. In such a situation, you can enter the command disable alerter to correct the problem.
  • diskpart--Works similarly to fdisk, in that it allows you to create, delete, and manage hard-disk partitions. Of course, fdisk still exists and functions properly within the Recovery Console.
  • enable--Works like the disable command. It is used to enable services that have been disabled.
  • exit--Exits the Recovery Console and reboots the computer into Windows 2000. If you don't want to do an immediate reboot, it is safe to power off the system while running the Recovery Console.
  • extract--Extracts files from the Windows 2000 CD. As you probably know, the Windows 2000 system files are compressed on the CD to save space. Should you need to replace a damaged file, you can use the extract command to extract the needed file from its CAB file on the Windows 2000 CD.
  • fixboot--Writes a new boot sector to the hard disk. You'll use this command if your boot sector has been damaged by a virus or other catastrophe.
  • fixmbr--Writes a new master boot record to the hard disk.
  • helpLists more commands than space permits me to cover. It also covers the syntax of each command and some common uses of the various commands.
  • listsvc--Displays the names of and some basic information about all the services on the system. Obviously, the enable and disable commands are useless to you if you can't remember the exact name of the service in question.
  • logon--Lets you log in to the Recovery Console using a different user account.
  • systemroot--Automatically takes you to the system root folder (usually \WINNT\SYSTEM32). This command is basically a shortcut. It's especially useful if you're unsure which folder is acting as the system root.

    As you can see, repairing a failed copy of Windows NT 4.0 can be difficult and time consuming, at best. However, Windows 2000 has a much better solution directly built into the operating system. The Recovery Console utility lets you access the hard disk of a failed system directly from the command prompt.

    Once you access the command prompt, you can perform a variety of hard-disk repair functions by using built-in utilities. You can also perform any necessary file manipulations regardless of the file system or the type of hard disk the files reside on.

    About the only edge ERD Commander Professional (discussed in the sidebar "Repairing Windows NT with ERD Commander Professional") has over the Recovery Console is the ability to reset passwords. This ability is very handy, should someone "accidentally" change the Administrator password, because you can't access the Recovery Console without providing the Administrator password. Fortunately, according to the Winternals Web site, ERD Commander Professional will work with Windows 2000 as well as with Windows NT 4.0. Therefore, I recommend keeping a copy of ERD Commander Professional around for resetting changed or damaged passwords. I recommend using the Recovery Console for all other critical Windows 2000 repairs.

    Accessing the Recovery Console

    Even though the Recovery Console is part of Windows 2000, it isn't installed by default--probably because it consumes an extra 74MB of hard disk space. If you need access to the Recovery Console, you have a couple of choices. Before the system ever crashes, you can install it directly through the Windows 2000 graphical user interface. If a crash has already occurred, you can install the Recovery Console by booting from the four Windows 2000 startup disks and following the prompts. (Of course, if the crash has already occurred and you don't have enough free hard-disk space to install the Recovery Console--or if the hard disk is too badly damaged to install or access the Recovery Console--you can always use ERD Commander Professional to get in and clean up the hard disk. It works directly off floppy disks and doesn't have to be installed to the hard disk.)

    To install the Recovery Console on a functional Windows 2000 system, follow these steps:

    1. Close any open programs and open a Command Prompt window.
    2. Insert your Windows 2000 CD and navigate to the I386 directory (or the Alpha directory, if you're using an Alpha system).
    3. Enter the following command to install the Recovery Console: [code] WINNT32 /CMDCONS
    4. If the system has already been damaged, boot your computer from the first setup disk. If you don't have these disks, you can easily create them on any PC by using the disk images stored on the Windows 2000 CD.
    5. Once your system boots, follow the prompts as if you're installing Windows 2000 until you reach the point at which where Setup asks if you want to repair an existing installation. Enter "R" to begin the repair process.
    6. You'll be asked if you prefer to use the Recovery Console or the emergency repair disk. Select the Recovery Console option and continue to follow the prompts to install the Recovery Console.

    Once you've installed the Recovery Console, you can access it by rebooting your PC and selecting the Recovery Console command from the boot menu. As I mentioned earlier, you'll have to enter the Administrator password before you'll be able to use the Recovery Console. Once the Recovery Console loads, you'll be presented with a standard DOS screen. Most of the usual DOS commands work in this environment; however, some new commands are available, as listed in the sidebar "Recovery Console Commands". You can put these commands to work as you fix Windows 2000.