Recovering from Disasters

Recovering from Disasters

Until this point, I've assumed in everything I've explained that you can start Windows. If you can't, your recovery options are a bit more limited and a lot more dramatic. If you have the money, I'd invest in Winternals Administrator's Pak, which you can learn more about at http://www.winternals.com. This is a set of advanced troubleshooting tools that I use to recover configurations that are almost ready for the trash bin. I'll tell you more about these tools in Chapter 10, “Finding Registry Settings,” because I use them to track down programs' settings in the registry (which will be discussed later in this book).

It's fortunate that these types of problems don't occur as often as they once did. The reliability improvements in Windows mean that I don't have to recover nearly as many configurations as I did with Windows 98 or Microsoft Windows NT 4.0. The tools now available in Windows are similar to the ones that came with Windows 2000. The Windows Advanced Options Menu (the boot menu) offers a variety of modes in which you can start Windows, including safe mode. The Windows Recovery Console is a limited command window environment with which you can fix certain classes of problems. And ASR, which is the last resort, minimally reinstalls Windows on the computer. I'll present these in the order in which you should use each option.

NOTE
Don't wait until after a failure to master the advanced troubleshooting tools. Practice with them in a lab environment. Make them your own by scoping out their advantages and disadvantages well in advance of any problems. Master these tools now, and you'll enjoy that feeling you get from fixing a user's computer and walking away saying “No worries” after just a few minutes of work.

Windows Advanced Options Menu

Windows gives you a number of options for starting the computer. Safe mode is the most common example. In safe mode, Windows uses default settings for the minimum set of device drivers required to start the operating system. When you can't start Windows normally, you can usually start it in safe mode and then either repair the problem or use System Restore to restore a checkpoint. You can also remove programs by using Add Or Remove Programs to uninstall cranky devices.

To start safe mode or one of the other modes, you have to display the Windows Advanced Options Menu. First restart the computer. When you see the Please Select The Operating System To Start message, press F8. (If you don't see this message, you can start pressing F8 as soon as the computer starts.) Then select one of the following options from the menu:

• Safe Mode.

  Uses basic files and drivers (mouse, monitor, keyboard, mass storage, basic video, and default system services without network connections) to start Windows. If Windows doesn't start when you use safe mode, you might need to use the Windows Recovery Console to repair Windows.

• Safe Mode With Networking.

  Starts Windows by using basic files and drivers, as described in the preceding item, but includes network connections.

• Safe Mode With Command Prompt.

  Uses basic files and drivers to start Windows. After logging on to the operating system, you see a command prompt instead of the graphical user interface.

• Enable Boot Logging.

  Starts Windows and logs all the device drivers and services that the operating system attempts to load. The log file is Ntbtlog.txt and is in the %SystemRoot% folder. Safe Mode, Safe Mode With Networking, and Safe Mode With Command Prompt add to the log a list of all the drivers and services that Windows loaded. The log is useful for determining which device driver or service is preventing Windows from starting properly.

• Enable VGA Mode.

  Uses the basic VGA driver to start Windows. This mode is useful after installing a new device driver for the video card when it's preventing Windows from starting properly. Windows always uses the basic VGA driver when you start in Safe Mode, Safe Mode With Networking, or Safe Mode With Command Prompt.

• Last Known Good Configuration.

  Uses the registry hive files and device drivers that Windows saved after the last successful logon. Any changes made since the last successful logon are lost. Only use Last Known Good Configuration when the problem is in the configuration because it doesn't solve problems caused by corrupt or missing files.

• Directory Service Restore Mode.

  Restores the SYSVOL directory and the Active Directory directory service on a server. This option is irrelevant to Windows.

• Debugging Mode.

  Starts Windows and sends debugging information to another computer through a serial cable.

NOTE
If you're unable to start Windows using the graphical user interface, you can usually start it using Safe Mode with Command Prompt. To run System Restore, which you're likely to do if you want to restore an earlier restore point, run the command %SystemRoot%\System32\Restore\rstrui.exe. System Restore is only available in Windows XP, however.

Windows Recovery Console

If Safe Mode doesn't start your computer, try the Windows Recovery Console. It offers commands that help fix varieties of system-related problems. You can enable or disable services; format disks; read and write files on a local NTFS volume; and perform a number of other administrative tasks. Notably, you can copy files from a floppy disk or CD to %SystemRoot% in order to replace broken system files. The Windows Recovery Console is useful only if you're already familiar with a command prompt, and you must log on to the computer as an administrator to use it.

You start the Windows Recovery Console in one of the following two ways:

• From the Windows CD.

  Use the Windows CD to boot the computer, and the setup program gives you the option of starting the Windows Recovery Console.

• From the list of operating systems when the computer boots.

  First you must install the Windows Recovery Console on the computer by typing D:\i386\winnt32.exe/cmdconsD:\i386\winnt32.exe/cmdcons in the Run dialog box, where D is the drive containing the Windows CD. Restart the computer, and in the list of operating systems, choose Microsoft Windows Recovery Console.

The Windows Recovery Console has numerous commands, but it's missing many of the commands that a command prompt provides. To see a list of commands and how to use them, type help at the Windows Recovery Console command prompt. Here's a brief overview of each of them:

• Attrib

  Changes the attributes of a file or directory

• Batch

  Executes the commands specified in the text file

• Bootcfg

  Boot file (boot.ini) configuration and recovery

• ChDir (Cd)

  Displays the name of the current directory or changes the current directory

• Chkdsk

  Checks a disk and displays a status report

• Cls

  Clears the screen

• Copy

  Copies a single file to another location

• Delete (Del)

  Deletes one or more files

• Dir

  Displays a list of files and subdirectories in a directory

• Disable

  Disables a system service or a device driver

• Diskpart

  Manages partitions on your hard disks

• Enable

  Starts or enables a system service or a device driver

• Exit

  Exits the Windows Recovery Console and restarts your computer

• Expand

  Extracts a file from a compressed file

• Fixboot

  Writes a new partition boot sector onto the specified partition

• Fixmbr

  Repairs the master boot record of the specified disk

• Format

  Formats a disk

• Help

  Displays a list of the commands that you can use in the Windows Recovery Console

• Listsvc

  Lists the services and drivers available on the computer

• Logon

  Logs on to a Windows installation

• Map

  Displays the drive letter mappings

• Mkdir (Md)

  Creates a directory

• More

  Displays a text file

• Rename ( Ren)

  Renames a single file

• Rmdir (Rd)

  Deletes a directory

• Set

  Displays and sets environment variables

Policies that you can enable to add more capabilities to the Windows Recovery Console are new for Windows. The policies Recovery console: Allow automatic administrative logon and Recovery console: Allow floppy copy and access to all drives and folders are per-computer administrative policies in \WindowsSettings\Security Settings\Local Policies\Security Options. Enable Recovery console: Allow automatic administrative logon to automatically log on to the Windows Recovery Console as Administrator. Set Recovery console: Allow floppy copy and access to all drives and folders to allow access to all of the computer's drives and folders. (By default, Windows Recovery Console limits access to %SystemRoot%.) After you enable this policy, you configure the Windows Recovery Console by setting environment variables: type set variable = true | falsevariable = true | false at the command prompt. (You must include a space on each side of the equal sign.) Table 9-1 shows the default environment settings. To see the current settings, type set.

NOTE
You can't log on to the Windows Recovery Console if you installed Windows from a disk image prepared with Sysprep. (See Chapter 15, “Cloning Disks with Sysprep.”) This is due to changes that Sysprep makes in the way that Windows stores password keys in the registry. These changes aren't compatible with the Windows Recovery Console. Microsoft publishes a fix for this problem in the Knowledge Base. Look for article 308402, “–The Password Is Not Valid' Error Message Appears When You Log On to Recovery Console in Windows XP,” and download the files that it lists. This problem will not exist on Windows XP systems with Service Pack 1 (SP1) or later.

Automated System Recovery

Create Automated System Recovery (ASR) backups frequently as part of your overall strategy. It's a last resort for system recovery, useful only if you've already tried using the other options that I've described in this chapter, including Safe Mode, Last Known Good Configuration, and the Windows Recovery Console.

ASR is a two-part process. The first part is to back up the computer using Automated System Recovery Preparation Wizard, which is accessible within the Backup Utility. The wizard backs up system state data, services, and all operating system components. It also creates a file that contains information about the backup data, disk configurations, and how to restore the computer. ASR does not back up or restore data files or programs. It only backs up the files necessary to start the computer in the event of failure. Here's how to prepare for ASR:

1. Run Backup Utility. Click Start, All Programs, Accessories, System Tools, and then Backup.

2. If you see Backup or Restore Wizard, click Advanced Mode; otherwise, move on to the next step.

3. On the Welcome tab, click Automated System Recovery Wizard to start the wizard, and then follow the instructions that you see on the screen to back up the computer and create an ASR disk.

The second part of the process is to restore the computer. When booting the computer from the Windows CD, when prompted by the setup program, you press F2 to use ASR. ASR reads the disk configurations from the file that it created earlier and restores all disk signatures, volumes, and disks containing operating system files. (It tries to restore all the computer's disks but might not be able to do so successfully.) ASR then installs Windows minimally and restores the backup created by Automated System Recovery Preparation Wizard. The whole process is similar to reinstalling Windows manually and then restoring your own backup, but it's automated.

Administrator's Pak

Winternals Administrator's Pak contains tools that do much more than the Windows Recovery Console and ASR do. You can also buy these tools individually if the price of the entire pak is a bit high.

The first tool is ERD Commander. Using this tool, you can start computers directly from a CD in an environment similar to Windows. The environment gives you full access to all the computer's volumes. It's similar to a graphical version of the Windows Recovery Console. You can even reset a forgotten administrator password, edit the registry, and copy files from the computer to the network. If this tool is your last resort for fixing a downed computer, you're in good hands.

Disk Commander is another tool in the kit that enables you to recover files from dead volumes. After scanning a volume, it presents in a user interface similar to Windows Explorer the files it found, so you can copy them to a safe place.

Remote Recover is the last tool that I'm featuring here, but there are more in the Administrator's Pak. Use this tool to repair failed computers across a network; that is, it gives you access to a remote computer's disks as if you installed those disks on your computer. You have to boot the remote computer, though, and Remote Recover gives you two options. The first is to start the remote computer using a bootable floppy disk. The second, and the one I like best, is a PXE-based disk image that you can start remotely or add to a RIS (Remote Installation Services) server.

You can learn more about these notable tools by visiting the Winternals Web site at www.winternals.com. The wunderkind duo of Mark Russinovich and Bryce Cogswell, Winternals Software's founders, have developed these and other tools to such a high level of reliability that I often bet my job on them.