Rescue data from locked or disabled systems
Work as a systems or security administrator long enough and you'll undoubtedly need to access a downed Windows system. Perhaps the system drive crashed or a user altered the system so that it won't boot properly. Maybe an ex-employee changed the passwords or locked you out of the system by some other means.
Several tools can help you access data from otherwise inaccessible systems. I'll step you through the wonderfully easy to use utility called BartPE. With BartPE, you can insert a CD-ROM or DVD into a troubled computer, boot the system to a graphical environment resembling Windows, map a network drive, and copy the system's data to a safe place on your network.
The Preinstalled Environment
BartPE is named for its creator, Bart Lagerweij, and for its function as a preinstalled environment. A preinstalled environment is essentially a bootable CD-ROM that includes a robust OS and a series of recovery utilities. BartPE differs from several available Linux preinstalled environments in that it uses actual Windows programs and libraries to create a Windowsesque interface—right down to the dialog boxes, command prompt, and icons. BartPE even lets you install your own third-party programs, which it calls plug-ins.
After you build your preinstalled environment CD-ROM or DVD, you can insert it into the fallen computer and boot the system. A minute later, you'll have full access to the computer's files through a Windows interface. Think of BartPE as an actual Windows environment that lets you access a system's files and/or the network (although it's not the best tool for resetting an administrator password or hacking and/or accessing a fallen computer's registry).
Creating a Bootable CD-ROM or DVD
Creating the BartPE preinstalled environment CD-ROM or DVD image is easy. The process consists of four basic steps:
- Download PE Builder, the BartPE-creation program. Download the latest PE Builder application file from the Nu2 Productions Web site (http://www.nu2.nu/pebuilder/down load), extract it to a folder, and run pebuilder.exe to begin creating your preinstalled Windows environment image. Because you'll use actual Windows files to create this boot disk, you need to have a licensed copy of Windows Server 2003 or Windows XP Service Pack 1 (SP1) or later from which to extract the source files that you'll use to build the CD-ROM or DVD.
- Tell PE Builder where your Windows install files are located. It's easiest to insert your Windows 2003 or XP SP1 installation media, but you can specify an alternate location, such as a file share containing your Windows source files. You can also specify the name of the output folder that PE Builder uses for the created image— by default it's C:\BartPE\BartPE.
- Define any BartPE plug-ins to customize your environment. PE Builder supports a variety of plug-ins for your BartPE image, including Lavasoft's Ad-Aware, Tom Ehlert Software's Drive Snapshot, Winternals Software's ERD Commander 2002, McAfee's VirusScan, and many others. Some of these plug-ins are commercial and some are freeware.
The Help screen for each supported plug-in describes the plug-in, the required parent program, and the location to copy the needed files to for installation. For example, if you wanted to make your copy of Winternals ERD Commander available in your BartPE environment, the PE Builder Help will instruct you to copy eight ERD Commander files from your ERD Commander install disk (or installed location) to the C:\BartPE\plugin\ erd2002 directory. After you find the correct files for your plug-in and copy them to the appropriate location, enable the plug-in and you're all set.
Not all supported plug-ins are third-party programs. The Boot Fix plug-in, for example, simply adds text that instructs the user of the BartPE CD-ROM to "Press any key to boot from CD" instead of booting directly to the computer.
PE Builder also lets you add other plug-ins. For example, it's easy to add Mozilla Firefox to your preinstalled environment: Go to http://www.nu2.nu/pebuilder/plugins and download the Firefox Web browser plug-in. Then, in PE Builder, click plugins, Add, then browse to the CAB file that you downloaded. Specify where to save the plug-in (by default, C:\ BartPE\plugin\firefox-220.127.116.11-en-us), and you're done.
The Nu2 Web site provides information about more than 65 plug-ins, many of which are free to download and add to your image. Plus, you can build your own plug-ins—the Web site offers detailed instructions for creating your own plug-in configuration file and collecting the files needed by your custom plug-in.
- Create your image. After you've installed and enabled your plug-ins, select whether to create an ISO disk image or burn your preinstalled environment directly to a CD-ROM or DVD. When you click Build, PE Builder presents your Microsoft license agreement because the tool copies many of the source files from your licensed Windows 2003 or XP installation media. The program copies the files to the output directory you specified earlier and then creates an ISO image or a bootable CD-ROM or DVD and burns the CD-ROM or DVD for you.
PE Builder takes just a few minutes to create a BartPE ISO image with the default options and just a few minutes more to burn a CD-ROM or DVD. In all, a basic BartPE image is about 150MB.
After you create the CD-ROM or DVD, insert it into a computer configured to boot from a CD-ROM or DVD and turn the computer on. (You might need to press the F12, ESC, or Delete key or some key sequence, depending on the exact BIOS, to configure your computer to boot from a CD-ROM or DVD drive.)
If you're successful, you'll see the Starting BartPE screen followed by the Windows startup screen, then the BartPE environment will load. BartPE will ask if you want network support and will configure it as you choose. Then BartPE will present a familiar-looking graphical interface.
Windows administrators will feel comfortable with the menus, dialog boxes, and other UI aspects based on standard Windows APIs, as well as BartPE's many original Windows DLLs and supporting files. BartPE includes a file manager, which lets you browse all the FAT32 or NTFS files on your host computer, and a command prompt, which lets you run many Windows commands. Figure 1 shows some BartPE interface elements.
While in BartPE, you can view the NTFS permissions on files and folders on a system, but they won't resolve because your preinstalled environment won't have domain recognition. Even though you're running in a Windows-like environment, this environment contains only a subset of Windows features. For example, although you can access all the files on a host system started with BartPE, you can't add users to file permissions, and you'll receive an error message if you try to do so.
In your preinstalled environment, you have full access to the host system's files as well as administrative rights to anything within the environment. For example, if you enabled network support, you can use the Windows net use command to map a drive to another Windows computer and copy files between the systems. Because BartPE runs under its own workstation credentials, you simply need to specify a domain user to access any network credentials just as though you were using a Windows computer outside the domain or workgroup that you're trying to access.
BartPE also includes the Microsoft diskpart.exe partition-analyzing utility, Microsoft Remote Desktop Connection, and of course all the plug-ins you installed. A graphical environment isn't helpful if you can't see or use it, so BartPE lets you adjust your mouse, keyboard, and even your screen resolution so that it's usable, whether you're viewing an old LCD screen in a server room or a 21" monitor with high-resolution capability.
BartPE's robust Windows environment is an effective tool for troubleshooting or accessing unresponsive or damaged Windows computers on your network. Although several Linux preinstalled environment distributions designed for CD-ROM or DVD boot-up are available, they're mostly for security or other niche purposes. I think Windows administrators will find BartPE provides similar utilities in a form that will make them feel immediately at home.