Troubleshooting Tools and Strategies
The Recovery Console is a startable text-mode command interpreter environment separate from the Windows 2000 command prompt that allows the system administrator access to the hard disk of computer running Windows 2000 Professional, regardless of the file format used, for basic troubleshooting and system maintenance tasks. Since Windows 2000 does not need to be running to use Recovery Console, it is most useful when a Windows 2000 – based computer does not start properly or cannot start at all.
The Recovery Console allows you to obtain limited access to NTFS file system, file allocation table (FAT) 16, and FAT32 volumes without starting the graphical interface. The Recovery Console allows administrators to manage files and folders, start and stop services, and repair the system. It can also be used to repair the master boot record (MBR) and boot sectors and to format volumes. The Recovery Console also prevents unauthorized access to volumes by requiring the user to enter the system administrator password before using the console.
Starting the Recovery Console
To start the Recovery Console, start the computer from the Windows 2000 operating system CD or the Windows 2000 Setup floppy disks. If you do not have Windows 2000 Setup floppy disks and your computer cannot start from the CD, use another Windows 2000 – based computer to create the setup disks. For information about creating the Windows 2000 Setup floppy disks, see Windows 2000 Professional Help.
.gif "note-icon")
Note
The Recovery Console can also be installed to the local hard disk and accessed from the Windows 2000 startup menu. However, if the MBR or system volume boot sector have been damaged, you need to start the computer from either the Setup floppy disks or the Windows 2000 Professional operating system CD to access the Recovery Console.
To add the Recovery Console to existing installations of Windows 2000, carry out the following command from the Windows 2000 operating system CD in the Run dialog box:
d :\I386\Winnt32.exe /cmdcons
where d: represents the CD-ROM drive. This installation requires approximately 7 megabytes (MB) of disk space on your system volume.
This only works correctly if your computer does not contain a mirrored volume. To install the Recovery Console on a computer that contains a mirrored volume, first break the mirror. After the Recovery Console is installed, you can re-establish the mirrored volume. For more information, see the Microsoft Knowledge Base link on the Web Resources page at https://windows.microsoft.com/windows2000/reskit/webresources .
Start the computer from either the Windows 2000 Setup disks or the operating system CD, and then enter Windows 2000 Setup. Press ENTER at the Setup Notification screen to go to the Welcome to Setup screen. Press R to repair a Windows 2000 installation, and then press C to use the Recovery Console.
The Recovery Console displays valid Windows 2000 installations and prompts you select the installation to repair. To access the disk with the Recovery Console, press the number key for the Windows 2000 installation that you want to repair, and then press ENTER. If you press ENTER without typing a number, the Recovery Console quits and restarts the computer.
Note
The Recovery Console might show installations of Microsoft Windows NT. However, the results of attempting to access a Windows NT installation from the Recovery Console can be unpredictable. Only use the Recovery Console to fix Windows 2000 installations.
Mirrored volumes appear twice in the Recovery Console startup menu, but each entry uses the same drive letter, indicating a reference to the same disk.
The Recovery Console then prompts you for the local administrator account password. If you do not enter the correct password after three attempts, Recovery Console refuses access to the local disks and restarts the computer.
Note
If the registry is corrupted or missing or no valid installations are found, the Recovery Console starts in the root of the startup volume without requiring a password. You cannot access any folders, but you can carry out commands such as chkdsk , fixboot , and fixmbr for limited disk repairs.
After the password is validated, you can access the following folders on your computer:
The root folder of any volume.
%systemroot% and subfolders of the Windows 2000 installation on which you are currently logged on.
\Cmdcons and subfolders (if they exist).
Folders on removable media disks, such as CD-ROM and floppy disks.
By default, the Recovery Console prevents access to other folders such as Program Files or Documents and Settings, and folders containing other installations of Windows 2000. This can be changed by using local Group Policy settings. For more information about using Group Policy to change the default behavior of the Recovery Console, see the procedure on setting the policy later in this section. For access to other Windows 2000 installation folders, restart the Recovery Console, and select that installation.
Using the Recovery Console
You cannot copy a file from the local hard disk to a floppy disk. However, you can copy a file from a floppy disk or a CD-ROM to any hard disk, and from one hard disk to another. The Recovery Console displays an Access is denied error message when it detects invalid commands.
You cannot run any programs or commands other than the supported commands listed later in this section. The Recovery Console contains no editing capabilities.
.gif "important-icon")
Important
The set command makes use of Recovery Console environment variables to enable, among other options, disk write access to floppy disks. To enable the user to modify the restricted default Recovery Console environment variables, a Group Policy setting must be made. For more information about enabling the set command in Recovery Console, see the procedure at the end of this section.
The Recovery Console buffers previously entered commands and makes them available to the user by means of the UP ARROW and DOWN ARROW keys. To edit a previously entered command, use BACKSPACE to move the cursor to the point where you want to make the edit and rekey the remainder of the command.
To quit and restart the computer, at the command prompt, type:
exit
Important
The Recovery Console might not map disk volumes with the same drive letters found in Windows 2000. If you are having trouble locating files to copy make sure that the drive mappings for both the source and the target locations are correct. If not, examine other drive letters for the file you are seeking. In addition, some volumes might not have drive letters assigned to them, such as volumes formatted with NTFS and grafted onto the folder structure of another volume by the use of volume mount points. Use the map command to confirm which drive letters and unnamed volumes correspond to which local volumes on the system. For more information about volume mount points, see File Systems in this book.
Several of the Recovery Console commands are not fully functional to users who have converted to dynamic disk. For more information about dynamic disks, see Disks Concepts and Troubleshooting in this book.
Supported Commands
Table 31.3 lists the commands that are supported by the Recovery Console.
Table 31.3 Available Recovery Console Commands
Command |
Explanation |
|---|---|
Attrib |
Changes the attributes of a file or folder. Syntax: attrib -|+[c][h][r][s] filename + Sets an attribute. - Clears an attribute. c Compressed file attribute. h Hidden file attribute. r Read-only file attribute. s System file attribute. At least one attribute must be set or cleared. To view attributes, use the dir command. You can set multiple attributes simultaneously. To change multiple attributes in a like manner, use either enable/disable switch (+/-) and all the attribute letters to be changed, as in the following syntax: +chr . To change multiple attributes in a dissimilar manner, use the enable switch (+) and all the attribute letters to be enabled, followed immediately by the disable switch (-) and all the attribute letters to be disabled, as in the following syntax: +ch-r . Do not separate attribute switches with spaces. |
Batch |
Carries out commands specified in a text file. Syntax: batch inputfile [outputfile] inputfile Specifies the text file that contains the list of commands to be executed. outputfile Contains the output of commands listed in inputfile. If no outputfile is specified, the command output is displayed on the screen. Batch cannot be one of the commands included in the inputfile. |
Cd or Chdir |
Displays the current volume and directory or changes to the folder specified. Syntax: cd [path]|[..]|[drive:] chdir [path]|[..]|[drive:] path Changes to the specified folder on the same volume. .. Changes to the parent folder. drive: Displays the active folder of the volume specified. Using no switches displays the current volume and folder. Cd treats spaces as delimiters, requiring that a space precede all arguments, including the use of double periods. Use quotation marks to enclose a path or file name that contains a space. |
Chkdsk |
Checks a disk and, if needed, repairs or recovers the volume. Chkdsk also marks bad sectors and recovers readable information. Syntax: chkdsk [drive:] [/p]|[/r] drive: Specifies the volume to check. /p Forces check if volume is not identified as bad. /r Locates bad sectors and recovers readable information (/p is automatic). Chkdsk can be used without switches, and when no disk is specified the current volume is implied. Chkdsk requires that Autochk.exe be installed in the System32 folder or be available from the Windows 2000 operating system CD. |
Cls |
Clears the screen. |
Copy |
Copies a single file to a specified location. Syntax: copy source [target] source Specifies the file to be copied. target Specifies the destination folder and/or filename for the new file. The use of wildcard characters (* and ?) is not permitted. If the target is not specified, it defaults to the current folder. If the file already exists, you are prompted to overwrite it. Compressed files from the Windows 2000 operating system CD are automatically decompressed as they are copied. |
Del or Delete |
Deletes one file. Syntax: del [drive:][path]filename delete [drive:][path]filename drive: Specifies the volume on which the file to be deletes resides. path Specifies the location within the folder structure of the file to be deleted. filename Specific file to be deleted. The use of wildcard characters (* and ?) in file names is not permitted. |
Dir |
Displays a list of files and folders within a folder. Syntax: dir [drive:][path][filename] drive: Specifies the volume on which the files to be displayed reside. path Specifies the location within the folder structure of the files to be displayed. filename Specific file to be displayed. Dir lists all folders and files, including hidden and system files. Each listing can have any of the following attributes: a Archive h Hidden c Compressed p Reparse point d Directory r Read-only e Encrypted s System file The use of wildcard characters (* and ?) is permitted. |
Disable |
Disables a Windows 2000 system service or driver. Syntax: disable servicename servicename Name of the service or driver to be disabled. Use the listsvc command to display all services or drivers that can be disabled. Disable prints the previous START_TYPE of the service before resetting it to SERVICE_DISABLED. Because of this, make sure that you record the previous START_TYPE, in case it is necessary to re-enable the service. The START_TYPE values that the disable command displays are: SERVICE_DISABLED SERVICE_BOOT_START SERVICE_SYSTEM_START SERVICE_AUTO_START SERVICE_DEMAND_START |
Diskpart |
Manages the partitions on your hard disk. Syntax: diskpart[/add|/delete] [device-name|drive-name|partition-name] [size] /add Create a new partition. /delete Delete an existing partition. device-name Device name for creating a new partition (such as \Device\HardDisk0). drive-name Drive-letter based name for deleting an existing partition (such as D:). partition-name Partition-based name for deleting an existing partition and can be used in place of the drive-name argument (such as \Device\HardDisk0\Partition1). size Size of the new partition, in megabytes. If no arguments are used, a user interface for managing your partitions appears. Warning This command can damage your partition table if the disk has been upgraded to dynamic disk. Do not modify the structure of dynamic disks unless you are using the Disk Management tool. |
Enable |
Enables a Windows 2000 system service or driver. Syntax: enable servicename [start_type] servicename Name of the service or driver to be enabled. start_type How the service or driver is scheduled to be started. Valid values include: SERVICE_BOOT_START SERVICE_SYSTEM_START SERVICE_AUTO_START SERVICE_DEMAND_START Use the listsvc command to display all eligible services or drivers to enable. The enable command prints the previous START_TYPE of the service before resetting it to the new value. Note the previous value, in case it is necessary to restore the START_TYPE of the service. If you do not specify a new START_TYPE, enable prints the previous START_TYPE. |
Exit |
Quits the Recovery Console and restarts your computer. |
Expand |
Expands a compressed file stored on the Windows 2000 operating system CD or from within a CAB file on the Windows 2000 operating system CD and copies it to a specified destination. Syntax: expand source [/f:filespec] [target] [/y] expand source [/f:filespec] /d source Specifies the file to be expanded. May not include wildcard (* and ?) characters. target Specifies the destination folder and/or file name for the new file. /y Do not prompt before overwriting existing file. /f:filespec If source contains more than one file, this parameter is required to identify the specific file(s) to be expanded. May use wildcards. /d Do not expandonly display a folder of the files which are contained in the source. If target is not specified, the default is the current folder. If the file already exists, you are prompted to overwrite it unless the /y switch is used. The target file cannot be read-only. Use attrib to remove the read-only attribute. |
Fixboot |
Rewrites the boot sector code on the hard disk. This is useful for repairing corrupted boot sectors. Syntax: fixboot [drive:] drive: Specifies the volume on which to rewrite a new boot sector. If drive: is not specified, the default is the system boot volume. |
Fixmbr |
Rewrites the master boot code of the master boot record (MBR) of the startup hard disk. This command is useful for repairing corrupted MBRs. Syntax: fixmbr [device-name] device-name Specifies the name of device needing a new MBR (such as \Device\HardDisk1). If device-name is not specified, the default is disk 0. If disk 0 is not the device needing repair, the device-name of other disks can be obtained by using map . If fixmbr detects an invalid or nonstandard partition table signature, it prompts you for permission before rewriting the MBR. Warning This command can damage your partition table if a virus is present, if you have a third-party operating system installed, if you have a non-standard MBR, or if a hardware problem exists and causes volumes to become inaccessible. It is recommended that you run antivirus software before using this command. Important Running fixmbr overwrites only the master boot code, leaving the existing partition table intact. If corruption in the MBR affects the partition table, running fixmbr might not resolve the problem. |
Format |
Formats the specified volume to the specified file system. Syntax: format [drive:] [/q] [/fs:file_system] drive: Specifies the volume to format. /q Performs a quick format. /fs:file_system Specifies the file system use. Valid values for file_system include FAT, FAT32, and NTFS. If no file system is specified, NTFS is used by default. Choosing FAT formats a volume as FAT16. FAT16 volumes cannot be larger than 4 gigabytes (GB) and should not be larger than 2 GB to maintain compatibility with Microsoft MS-DOS, Microsoft Windows 95, and Windows 98. Windows 2000 can format FAT32 volumes up to 32 GB. Larger volumes should be formatted as NTFS. |
Help |
Shows help display for commands within the Recovery Console. Syntax: help [command] command Any Recovery Console command. If command is not specified, all of the commands supported by the Recovery Console are listed. The command argument is used to see help for any specific command. |
Listsvc |
Lists all available services, drivers, and their START_TYPES for the current Windows 2000 installation. Used in conjunction with the disable and enable commands. The information listed by this command is extracted from the registry file System in the folder %systemroot%\System32\Config. If System is damaged or missing, results can be unpredictable. |
Logon |
Lists all detected installations of Windows 2000 and Windows NT, and then requests the local administrator password. If more than three attempts to log on fail, the Recovery Console quits, and the computer restarts. |
Map |
Lists all drive letters, file system types, volume sizes, and mappings to physical devices that are currently active. Syntax: map [arc] arc Forces the use of Advanced RISC Computing (ARC) specification name paths instead of Windows device paths. This can be used in recreating the Boot.ini file. Important The map command might not work correctly with systems using dynamic disk. |
Md or Mkdir |
Creates a directory. Syntax: md [drive:]path mkdir [drive:]path drive: Specifies the volume on which to create a folder. path Specifies the name of the folder to be created. Wildcard characters (* and ?) are not allowed. Note This command might not display all of the volumes on disk or the correct volume sizes if the disk has been upgraded to dynamic disk. |
More or Type |
Displays a text file on the screen. Syntax: more filename type filename filename Specifies text file to be displayed. If a text file is too large to fit on one screen, use the following page viewing options: ENTER Scroll down one line at a time. SPACEBAR Scroll down one page at a time. ESC Quit viewing text file. |
Rd or Rmdir |
Deletes a directory. Syntax: rd [drive:]path rmdir [drive:]path drive: Specifies the volume on which to delete a folder. path Specifies the name of the folder to be deleted. Wildcard characters (* and ?) are not supported. |
Ren or Rename |
Renames a file or directory. Syntax: ren [drive:][path]filename1 filename2 rename [drive:][path]filename1 filename2 drive: Specifies the volume on which the file to be renamed resides. path Specifies the location within the folder structure of the file to be renamed. filename1 Specific file to be renamed. filename2 New filename. You cannot specify a new volume or path for your target file. Wildcard characters (* and ?) are not supported. |
Set |
Displays and sets Recovery Console environment variables. Syntax: set [variable = value] The following environment variables are supported: AllowWildCards Enable wildcard support for some commands, such as DEL, that do not otherwise support them. AllowAllPaths Allow access to all files and folders on the computer. AllowRemovableMedia Allow files to be copied to removable media, such as floppy disks. NoCopyPrompt Do not prompt when overwriting file. To display the list of current environment variable settings, use set without arguments. The set command is a Recovery Console configuration command that can only be enabled by using the Group Policy snap-in to MMC. Many users find it useful to enable the set command to extend the use of the Recovery Console. The procedure for enabling the set command follows. |
Systemroot |
Sets the current directory to the %systemroot% directory of the Windows 2000 installation with which you are currently working. |
Note
The switch /? displays a help screen offering a description of each command, its syntax, arguments (if any exist), and other useful information.
Arguments and switches listed between brackets ([and ]) are optional. Arguments and switches listed between pipes (|) are either/or choices.
To enable full functionality of the set command using Group Policy
Note
If the Group Policy snap-in has already been added to your MMC, then skip to step 8.
From the Start menu, click Run , and then type: mmc
From the Console1 dialog box, click the Console menu, and then select Add/Remove Snap-in .
Click Add .
Select Group Policy , and then click Add .
In the Group Policy Object list box, select Local Computer , and then click Finish .
In the Add Standalone Snap-in dialog box, click Close .
In the Add/Remove Snap-in dialog box, click OK .
Expand Local Computer Policy .
Expand Computer Configuration , Windows Settings , Security Settings , and Local Policies .
Click Security Options .
Double-click the policy Recovery Console: Allow floppy copy and access to all volumes and folders .
In the Local Security Policy Setting dialog box, select Enabled , and then click OK .
Important
If you are using computers running Windows 2000 Professional on a Microsoft Windows 2000 Server – based network, use Group Policy from the server to control this functionality. It is more efficient to set this policy in one place and have the workstations automatically implement it when logging on to the network than to implement it on each workstation.
Note
You can also use the Group Policy snap-in to enable the policy Recovery Console: Allow automatic administrative logon , allowing you to bypass the logon process when the Recovery Console is started. Activating this policy eliminates a security barrier used to protect your computer against intruders. You should only enable this policy on systems that have controlled access to the console, such as those in rooms that can be locked.
Both of the settings available in the Group Policy snap-in can also be made through the Security Configuration and Analysis snap-in.
For more information about setting up, starting, and using Group Policy, see Customizing the Desktop in this book.
Using the Recovery Console to Restore the Registry
If you know your registry is damaged, or some of your registry files are corrupted or have been deleted, you might be able to use the Recovery Console to restore your registry. However, this procedure can only work if you regularly create an Emergency Repair Disk (ERD) and you choose the option to back up your registry to the repair directory. For more information about backing up the registry when creating the ERD, see Emergency Repair Process later in this chapter.
When you create an ERD and you choose this option, the current version of your registry files are copied from the %systemroot%\System32\Config folder to the %systemroot%\Repair\RegBack folder. Since both of these folders are accessible through the Recovery Console, you can use the copy command to restore the files.
To restore the Registry by using the Recovery Console
.gif "warning-icon")
Warning
Only use this procedure if you are certain which registry file needs to be restored, and you are certain that the restoration will not cause other damage to your computer. Restoring registry files improperly can prevent your system from starting and can cause you to lose data.
Start the Recovery Console and log on to the Windows 2000 installation containing the registry that you want to restore.
To copy the files you want from %systemroot%\Repair\RegBack to %systemroot%\System32\Config, type: cd repair\regback and: copy file_namedrive_letter** :\system_root \system32\config where file_name is the registry file you want to restore, drive_letter is the drive letter where your system is installed (for example, C), and system_root is the system installation folder (for example, Winnt).
Note
As a precaution, first rename the existing file in the Config folder that you intend to restore from backup. If a problem arises from the restoration attempt, you can restore the renamed file to return your system to its original condition.
To restore your entire registry, you need to copy the files Default, Sam, Security, Software, and System.To exit the Recovery Console, type: exit