May 25, 2011, 12:56 p.m.
posted by vdv
The Recovery Console uses a miniature version of Windows Server 2003 built by the Windows Server 2003 CD to access files on the system partition. Using this operating environment, you can run a small set of diagnostic utilities, disable drivers and services, replace driver files, and do other surgical procedures to recover a failed system. The Repair Console can be loaded in one of two ways:
There is no option for booting the Recovery Console from floppies because Windows Server 2003 has no floppy Setup option. Let's install the Recovery Console files on the hard drive then see how it works.
Installing a Bootable Copy of the Recovery Console
The steps in Procedure 21.8 copy the boot files from the Windows Server 2003 CD to the boot drive of the server and configures a boot menu option that loads the Recovery Console. You'll need the Windows Server 2003 CD.
This Recovery Console installation makes the following changes to the drive:
Using Bootsect.dat to launch an alternative operating system is a standard Windows trick. This same workaround is used to boot Windows 9x using the Windows Server 2003 bootstrap loader. The Boot.ini file is modified as follows, with the new line in bold:
When you select the Recovery Console option from the boot menu, Ntldr shifts the computer back to Real mode and loads the contents of the Bootsect file into memory at location 0x700h just as if it had been loaded by a standard INT13 call. Ntldr then turns control over to the executable code in the boot sector image.
The executable code points at an alternative bootstrap loader called Cmldr. This bootstrap loader brings up an alternate command interpreter that has just enough versatility to do file checks, copy drivers, and diagnose a few errors.
Whether you boot to the Windows Server 2003 CD or the cmdcons option on the hard drive, the steps to load the Recovery Console are the same. At the Welcome to Setup screen, select R to load the Recovery Console (see Figure). Notice that there is no longer an Emergency Repair option. So long, Emergency Repair Disk.
The Recovery Console searches for installations of Windows NT, Windows 2000, and Windows Server 2003 and displays them to you for selection. Be careful, because the instructions say ENTER in capital letters, but you have to select a partition number first or you will exit out of the Recovery Console and you'll have to boot all over again.
The Recovery Console then prompts you for logon credentials. The only option is to log on using the local Administrator account. If this is a domain controller, you would use the password you gave when you promoted the machine to a domain controller.
If you do not know the Administrator password, you can use one of several utilities to hack a change into the SAM:
Also, if you have access to any utility that can mount an NTFS partition, or you want to install Windows Server 2003 into a separate partition, you can delete or rename the SAM hive file from \Windows\System32\Config. The system will build a new SAM with a blank Administrator password. Do not do this if there is the possibility of having unique accounts in that copy of the SAM.
Recovery Console Options
After you've booted into the Recovery Console, if you type help at the console prompt, you'll get a list of the available command options. Figure shows some examples.
Most have standard functions you would expect from their DOS counterparts. Others are specific to the Recovery Console. Here is a list of the commands with special functionality:
Recovery Console Limitations
You can remove these security limitations using group policies or direct Registry entries. The group policies are located in Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options. They are as follows:
I'm not necessarily recommending that you enable these policies; I'm just telling you that the options are available. After the second policy is in place, as an additional layer of protection, you must use the Set command to specify environment variables in the Recovery Console that enable the expanded functionality. Here are the environment variables (be sure to include the spaces around the equal sign in your Set command):
Loading the Recovery Console from RIS
You must already have a "flat" RIS image on the RIS server. See Chapter 2, "Performing Upgrades and Automated Installations," for details on installing this image. At the RIS server, create a System Information File (SIF) using a text editor. Give the file an 8.3-compliant name with an .sif extension, such as cmdcons.sif. The file contents are as follows:
[data] floppyless = "1" msdosinitiated = "1" OriSrc = "\\%SERVERNAME%\RemInst\%INSTALLPATH%" OriTyp = "4" LocalSourceOnCD = 1 [SetupData] OsLoadOptions = "/noguiboot /fastdetect" SetupSourceDevice ="\Device\LanmanRedirector\%SERVERNAME%\RemInst\%INSTALLPATH%" [UserData] FullName = "%USERFULLNAME%" OrgName = "%ORGNAME%" ComputerName = %MACHINENAME% [RemoteInstall] Repartition = no [OSChooser] Description ="Windows Server 2003 Recovery Console" Help ="Loads a Windows Server 2003 Recovery Console." LaunchFile = "%INSTALLPATH%\%MACHINETYPE%\templates\startrom.com" ImageType =Flat Version="5.0"
Place this SIF file in the following folder under the \Remoteinstall folder that holds the RIS image files: \Remoteinstall\Setup\English\Images\Windows\i386\templates. Test by booting a PXE (Pre-boot eXecution Environment) client and verifying that it loads the Setup files and can initialize the Recovery Console. From this point forward, you can use the Recovery Console just as you would if you had booted from the Windows Server 2003 CD or from the \cmdcons folder.