Recovery Console

Recovery Console

The Recovery Console uses a miniature version of Windows Server 2003 built by the Windows Server 2003 CD to access files on the system partition. Using this operating environment, you can run a small set of diagnostic utilities, disable drivers and services, replace driver files, and do other surgical procedures to recover a failed system. The Repair Console can be loaded in one of two ways:

  • Boot from the Windows Server 2003 CD and select the Repair option.

  • Install the console files on the local drive, which makes the Recovery Console part of the boot menu.

There is no option for booting the Recovery Console from floppies because Windows Server 2003 has no floppy Setup option. Let's install the Recovery Console files on the hard drive then see how it works.

Installing a Bootable Copy of the Recovery Console

The steps in Procedure 21.8 copy the boot files from the Windows Server 2003 CD to the boot drive of the server and configures a boot menu option that loads the Recovery Console. You'll need the Windows Server 2003 CD.

Dynamic Volumes and the Recovery Console

Because the Recovery Console does not load a full-fledged copy of the Logical Disk Manager, it is unable to determine the content of dynamic volumes that are soft-linked to the LDM database. See Microsoft Knowledgebase article Q227364 for more information.

Procedure 21.8 Installing the Recovery Console

  1. Insert the Windows Server 2003 CD in the CD-ROM drive.

  2. Open a command session and navigate to the \I386 directory on the CD.

  3. Run winnt32 /cmdcons. After a fairly long pause, the Windows Server 2003 Setup window opens with a Recovery Console warning.

  4. Click Yes to acknowledge the warning and install the console.

  5. After Setup installs the recovery console files, it displays a Successful Completion message then exits.

This Recovery Console installation makes the following changes to the drive:

  • Creates a hidden folder, \cmdcons, in the root directory. This folder contains the same files that are in the boot environment of the Windows Server 2003 CD. Essentially, when you boot using files in the \cmdcons folder, you're booting to the Windows Server 2003 CD.

  • Copies the Partition Boot Sector from the Windows Server 2003 system volume to the \cmdcons folder into a file called Bootsect.dat.

  • Puts an alternative bootstrap loader, Cmldr, at the root of the boot partition.

  • Modifies the Boot.ini file to include the alternative for booting to the Recovery Console.

Using Bootsect.dat to launch an alternative operating system is a standard Windows trick. This same workaround is used to boot Windows 9x using the Windows Server 2003 bootstrap loader. The Boot.ini file is modified as follows, with the new line in bold:

[boot loader]
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\Windows="Windows Server 2003 Standard Edition" /
C:\CMDCONS\BOOTSECT.DAT="Windows Server 2003 Recovery Console" /cmdcons

When you select the Recovery Console option from the boot menu, Ntldr shifts the computer back to Real mode and loads the contents of the Bootsect file into memory at location 0x700h just as if it had been loaded by a standard INT13 call. Ntldr then turns control over to the executable code in the boot sector image.

The executable code points at an alternative bootstrap loader called Cmldr. This bootstrap loader brings up an alternate command interpreter that has just enough versatility to do file checks, copy drivers, and diagnose a few errors.

Whether you boot to the Windows Server 2003 CD or the cmdcons option on the hard drive, the steps to load the Recovery Console are the same. At the Welcome to Setup screen, select R to load the Recovery Console (see Figure). Notice that there is no longer an Emergency Repair option. So long, Emergency Repair Disk.

Figure. Recovery Console welcome and logon screen.


The Recovery Console searches for installations of Windows NT, Windows 2000, and Windows Server 2003 and displays them to you for selection. Be careful, because the instructions say ENTER in capital letters, but you have to select a partition number first or you will exit out of the Recovery Console and you'll have to boot all over again.

The Recovery Console then prompts you for logon credentials. The only option is to log on using the local Administrator account. If this is a domain controller, you would use the password you gave when you promoted the machine to a domain controller.

If you do not know the Administrator password, you can use one of several utilities to hack a change into the SAM:

Also, if you have access to any utility that can mount an NTFS partition, or you want to install Windows Server 2003 into a separate partition, you can delete or rename the SAM hive file from \Windows\System32\Config. The system will build a new SAM with a blank Administrator password. Do not do this if there is the possibility of having unique accounts in that copy of the SAM.

To exit from the Recovery Console and restart the machine, enter exit at the console prompt. Pressing Ctrl+Alt+Del will not do anything.

Recovery Console Options

After you've booted into the Recovery Console, if you type help at the console prompt, you'll get a list of the available command options. Figure shows some examples.

Figure. Recovery Console command list.


Most have standard functions you would expect from their DOS counterparts. Others are specific to the Recovery Console. Here is a list of the commands with special functionality:

  • Attrib. Changes the attributes of a file but does not display them. Use Dir to see attributes.

  • Batch. Runs the contents of a designated text file as a batch fileā€”for example, batch script1.txt. Only commands that are part of the Recovery Console command interpreter can be part of the script.

  • Enable/Disable. Use pair of commands to control service entries in the Registry. You can turn off a service that is the source of your troubles. This lets you restart and figure out what happened.

  • Diskpart. Brings up a partition manager very similar to that used in the text-based portion of Setup. You can use this utility to create the partition and then use the Format command to install a file system.

  • Fixboot. Replaces the partition boot sector. This is a useful way to remove a boot sector virus.

  • Fixmbr. This writes a new Master Boot Record while leaving the partition table intact. This is similar to using fdisk /mbr and has the same potential for making the machine unbootable if the Master Boot Record is non-standard.

  • Listsvc. This command lists the services that are in the Registry along with their status setting. Use this command in conjunction with Enable/Disable. It's a handy way to look up the short name for the service.

  • Logon. This initiates the same logon routine that you encountered when the Recovery Console first loaded. You can use it to log on to another instance of Windows on the local system.

  • Map. This lists the symbolic links under \Device in the Object Namespace. These links represent drive partitions.

  • Systemroot. This option takes you to the system root for the Windows instance that you logged on to. For Windows Server 2003, this is \Windows.

  • Exit. As you would guess, this exits the console and restarts the machine.

Recovery Console Limitations

The default configuration of the Recovery Console imposes several limitations:

  • Directory limits. You can only view files in the root directory, \Windows directory, and the \cmdcons directory, if there is one. Attempting to enter other directories gives an Access Denied error. This is a security measure to prevent hacking around in user data.

  • File copy limits. You can only copy files onto the hard drive, not off of it. This prevents stealing files.

  • Wild card limits. To prevent accidental damage to large numbers of files, the Recovery Console does not permit the use of wild cards when deleting files. You cannot run del *.htm, for example.

  • Administrator logon. You must give the Administrator account password to log on to the Recovery Console.

You can remove these security limitations using group policies or direct Registry entries. The group policies are located in Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options. They are as follows:

  • Allow Automatic Administrative Logon. This option uses the local Administrator password to create an automatic logon.

  • Allow Floppy Copy and Access to All Drives and All Folders. This option removes the limitations on copying files from the hard drive and it permits you to roam at will on all the drives.

  • Copy prompts. To preserve file integrity, you are prompted when overwriting a file using the Copy command.

I'm not necessarily recommending that you enable these policies; I'm just telling you that the options are available. After the second policy is in place, as an additional layer of protection, you must use the Set command to specify environment variables in the Recovery Console that enable the expanded functionality. Here are the environment variables (be sure to include the spaces around the equal sign in your Set command):

  • AllowWildCards = true

  • AllowAllPaths = true

  • AllowRemovableMedia = true

  • NoCopyPrompt = true

Loading the Recovery Console from RIS

You can configure a Remote Installation Services (RIS) server to distribute Recovery Console images. This can simplify using the Recovery Console on machines that do not have CD-ROM drives.

You must already have a "flat" RIS image on the RIS server. See Chapter 2, "Performing Upgrades and Automated Installations," for details on installing this image. At the RIS server, create a System Information File (SIF) using a text editor. Give the file an 8.3-compliant name with an .sif extension, such as cmdcons.sif. The file contents are as follows:

floppyless = "1"
msdosinitiated = "1"
OriTyp = "4"
LocalSourceOnCD = 1

OsLoadOptions = "/noguiboot /fastdetect"
SetupSourceDevice ="\Device\LanmanRedirector\%SERVERNAME%\RemInst\%INSTALLPATH%"

OrgName = "%ORGNAME%"
ComputerName = %MACHINENAME%

Repartition = no
Description ="Windows Server 2003 Recovery Console"
Help ="Loads a Windows Server 2003 Recovery Console."
LaunchFile = "%INSTALLPATH%\%MACHINETYPE%\templates\"
ImageType =Flat

The most important line in this file is the one I've put in bold: Repartition=no. If you neglect to include this line, RIS will reformat your hard drive. That can be tough to explain to Management.

Place this SIF file in the following folder under the \Remoteinstall folder that holds the RIS image files: \Remoteinstall\Setup\English\Images\Windows\i386\templates. Test by booting a PXE (Pre-boot eXecution Environment) client and verifying that it loads the Setup files and can initialize the Recovery Console. From this point forward, you can use the Recovery Console just as you would if you had booted from the Windows Server 2003 CD or from the \cmdcons folder.

     Python   SQL   Java   php   Perl 
     game development   web development   internet   *nix   graphics   hardware 
     telecommunications   C++ 
     Flash   Active Directory   Windows