Microsoft

Repairing a server with ERD Commander 2000

Discusses the ERD Commander 2000 command set and explains how you can use some of the more unique commands to repair a damaged system


About two years ago, I wrote an article about an earth-shattering utility called ERD Commander Professional. At the time, this was the most powerful utility that I had ever seen for Windows NT. It was designed to allow you to boot a Windows NT Server or a Windows NT Workstation to a command prompt. By doing so, you could make repairs to the system outside of the GUI interface. Although ERD Commander Professional was an extremely powerful utility, it was lacking in a few areas.

In spite of that, I continued to use this program religiously until Windows 2000 was released. Unlike Windows NT, Windows 2000 offers the ability to boot to a command prompt and perform similar repairs through a built-in utility called the Recovery Console. With such a utility built into the operating system, it seemed that the greatest utility ever made had just become obsolete.

However, Winternals Software, the manufacturer of ERD Commander Professional, released a revised edition called ERD Commander 2000. ERD Commander 2000 is far more powerful than Windows 2000’s Recovery Console. In this article, I’ll introduce you to ERD Commander 2000. I’ll begin by discussing the basic operations of this software. Then, I’ll discuss the ERD Commander 2000 command set. As I do, I’ll explain how you can use some of the more unique commands to repair a damaged system.

Why do I need ERD Commander 2000?
As you probably know, Windows NT can’t be booted to a command prompt the way that Windows 9x can. If a critical failure occurs, booting to a command prompt is often the only way of making a repair. For example, suppose that you were to load an incorrect device driver that results in the infamous blue screen of death on boot up. In a Windows 9x environment you could boot the system into safe mode to make the repair. If the damage was severe enough that safe mode wouldn’t function, you could boot the system into MS-DOS mode to make the repair at the file system level.

In Windows NT however, this method of repair is impossible. Safe mode doesn’t even exist and neither does MS-DOS mode. About the only boot option that’s available should the GUI fail to load is VGA Mode. VGA Mode loads Windows NT with the default VGA driver rather than the video driver that’s designed to work with your specific card. VGA Mode is useful if you accidentally specify the wrong video driver, but it won’t get you around any other sort of boot problems.

When it comes to the ability to recover from boot problems, Windows 2000 is far superior to Windows NT. Like Windows 98, Windows 2000 can be booted into Safe Mode to take care of boot problems. Although Windows 2000 can’t be booted into MS-DOS Mode, it can be booted into a mode called the Recovery Console. The Recovery Console is a command prompt environment that functions similarly to MS-DOS Mode.

Even though Windows 2000 supports Safe Mode and comes with a Recovery Console, these options are simply not enough to correct some types of problems. As with a Windows 9x environment, it’s possible for severe system problems to prevent Windows 2000 from being able to boot into Safe Mode. In such instances, even the Recovery Console is often unable to correct the problem. The reason for this is that the Recovery Console is good for replacing damaged files, but it’s not good for much else. For example, suppose that you installed a new service that prevented Windows 2000 from booting in both Normal Mode and Safe Mode. Even if you could get the system booted into the Recovery Console, it’s virtually impossible to change the startup status of a service from a command prompt.

How does ERD Commander 2000 help?
ERD Commander 2000 is a utility that picks up where the built-in recovery tools leave off. At first, this software seems deceptively simple because it ships on a single installation floppy. However, this floppy combines its own code with code from your Windows 2000 CD and with third-party drivers. When all of the code is combined, ERD Commander 2000 creates either a set of boot disks or a bootable CD. The disks or CD can then be used to repair any computer with a comparable operating system. The license agreement that comes with the program licenses the program on a per user (rather than a per machine) basis. Therefore, a single user can legally use the program to repair any number of machines.

Windows NT comes with three boot disks that can be used to launch the Windows NT installation process. During ERD Commander 2000’s installation procedure, the installation program will ask you for these boot disks or for the Windows NT installation CD. The program will then use the code contained on the Windows NT installation media and on the ERD Commander installation disk to produce four floppy disks or a CD that can be used to repair any machine that’s running Windows NT Server or Windows NT Workstation. It doesn’t matter whether you used Server or Workstation to create the disks.

Unfortunately, a set of disks created using the Windows NT installation media can’t be used to repair a Windows 2000 system. If you want to repair a Windows 2000-based system, you’ll have to create a set of disks off of the Windows 2000 installation media. Again, the disks or CD that you create can be used to repair machines running any version of Windows 2000, regardless of which version you used to make the disks.

Not only does the installation program give you the option of creating a set of disks or a bootable CD, you can also install ERD Commander 2000 directly to a machine’s hard disk, as shown in Figure A.

Figure A
You can install ERD Commander 2000 to disks, a CD, or to the machine’s hard disk.


There are advantages and disadvantages to each type of installation. Installing to floppy disk is often the best option. It’s easy to create the disks, and the disks are portable so they can be used to repair any machine on a whim.

A hard disk installation is also easy to set up, but lacks portability. The real advantage to having ERD Commander 2000 installed on the hard disk is that if it ever does become necessary to repair a machine, you can do it quickly. It can take up to 20 minutes to load ERD Commander 2000 from floppy disks on a slow machine, but the program loads from the hard disk almost instantaneously.

If you’re planning to install ERD Commander 2000 to a machine’s hard disk, just remember if hard disk corruption is responsible for a boot problem, you may not be able to access ERD Commander 2000 to do the repair. Finally, installing to CD is also a good option because a CD is as portable as a set of floppies but is more durable and offers faster load times.

Unfortunately, not every machine is capable of booting from a CD. Another problem with creating a boot CD is that it’s very difficult to create. As you can see in Figure B, there are some very rigid stipulations that you must specify to your CD-burning program. I tried using three different CD-burning programs and none were able to match ERD Commander 2000’s requirements.

Figure B
Creating an ERD Commander 2000 boot CD can be difficult.


Running ERD Commander 2000
When you’ve created your ERD Commander 2000 disks, you can boot from them. Then, you’ll arrive at a command prompt that resembles a DOS prompt. It’s important to realize that this command prompt isn’t really a DOS prompt even though it looks like one. This means that you can’t run programs other than the ones that are included with the ERD Commander 2000 program.

As you start to use the program, the first thing that you’ll notice is that you have full read and write access to FAT, FAT 32, and NTFS partitions. You’ll also have read access to CDFS partitions.

I mentioned that ERD Commander 2000 also uses some third-party code. Even though workstations typically use traditional partitions, servers often use RAID arrays and other types of mass storage devices. Windows NT and Windows 2000 both include drivers for mass storage devices, but there are many types of mass storages devices in the world that don’t have drivers included with Windows. For example, my primary file server contains two DVD-RAM drives. The only way to access these drives is through third-party drivers. As you can see in Figure C, ERD Commander 2000’s installation program gives you the chance to include such drivers on your working copy of the program.

Once you’ve loaded drivers such as these, all mass storage devices are fully accessible, just as if Windows were functional. The biggest shortcoming of the previous version of ERD commander was that it limited you to using the drivers that were included with Windows. If you had a mass storage device that wasn’t natively supported by Windows, you couldn’t access it through the program.

Figure C
You can use third-party drivers to access mass storage devices.


As you can imagine, in the wrong hands, a copy of ERD Commander 2000 can be a dangerous thing. After all, if someone gets their hands on your copy of ERD Commander 2000 and has physical access to your server, they can bypass all of your security and gain access to anything on the system. To help guard against this access, ERD Commander 2000 allows you to assign a password to the software during the setup process, as shown in Figure D. This was a feature that wasn’t included in previous versions.

Figure D
You can password protect your ERD Commander 2000 disks to prevent someone from using them to hack into your network.


The Command Set
Now that you know something about the way that ERD Commander 2000 works, it’s time to review the program’s internal command set. Many of the commands are familiar DOS commands. However, some of these familiar commands have been slightly modified or extended. Still other commands are totally unique to ERD Commander 2000 and enable such functionality as resetting passwords or starting or stopping services.

ACCESSACCESS drive: path filename [/S]

The ACCESS command can be used to grant everyone access to a file or directory. This command will work even if the Administrator has been accidentally locked out of the file or directory. The /S switch can be used to grant everyone access to all of the subdirectories beneath the specified location.

ATTRIBATTRIB drive: path file [+-] [RSHA] [/S]

The ATTRIB command works exactly like it does in DOS. After specifying the location, you can use the plus or minus sign to turn the various attributes on or off. The attributes include the following:
R – Read Only
S – System
H – Hidden
A – Archive


The /S switch can be used to apply the specified attributes to all subdirectories that fall beneath the specified location.

BATCHBATCH drive: path file

I mentioned you couldn’t run programs—other than the ones that are built-in—through the command prompt. The one exception to this rule is batch files. Unlike a true DOS environment, you can’t execute a batch file directly. Instead, you must proceed to call the batch file with the BATCH command. The BATCH command interoperates all of the commands within the batch file as if they were typed directly into the ERD commander console. If you want to add a comment to a batch file, just precede the filename with the pound sign, and the BATCH command will ignore the line. The ability to run a batch file can be handy during repairs that require extensive file manipulation.

CD / CHDIR
The CD command works exactly the same way that it does in DOS except that you don’t have to use quotation marks to change to a directory that contains spaces. For example, in a true DOS environment, if you wanted to change to the Program Files directory, you’d have to use one of the following commands:
CD\Progra~1
CD\”Program Files”


With ERD Commander 2000, you could simply use the following command (although the latter of these commands will still work):
CD\Program Files

CHKDSK
The CHKDSK command works just like it does in DOS. This command allows you to correct hard disk corruption problems that prevent Windows from booting.

CLS
Just as in DOS, the CLS command clears the screen.

COMPRESSCOMPRESS /P /S /F Source…Destination

The COMPRESS command allows you to compress files into a CAB file. This feature is extremely useful if you need to copy large files to a floppy disk. Not only will the COMPRESS command shrink the files to help them fit on a floppy, it can also span large files across multiple floppies. Here’s a summary of the command line switches:
/P – Preserves the path info
/S – Recurse subdirectories
/F – Limit the output file’s size to 1.44 MB
Source - The file or files to be compressed
Destination – The name of the CAB file to create. The .CAB extension will automatically be added to the file.


COPY
The COPY command works identical to the DOS copy command.

DEL
The DEL command works identical to the DOS DEL command.

DEVICEDEVICE device start

The DEVICE command used without any parameters displays all of the device settings within the system. If you follow the DEVICE command with a device name, ERD Commander will display that device’s startup options. You can alter the startup option by specifying a new startup option. For example, to disable the 3C5x9 device, you’d enter the following command:
DEVICE 3c5x9 disable

The valid startup options are Boot, System, Auto, Manual, and Disable. Before the DEVICE command can be used, you must first run the REGISTRY command.

DIR
The DIR command works the same as it does in DOS.

EDITEDIT drive path filename

The EDIT command provides you with a method of making changes to text files. Although the text editor isn’t as primitive as the ancient DOS command EDLIN, it isn’t anywhere near as nice as the DOS editor that was present in later versions of DOS and Windows. When you first use the EDIT command, you’ll be presented with a summary of the commands that are available within the editor.

ERASE
The ERASE command works the same way it does in DOS.

EXIT
The EXIT command exits the system from ERD Commander 2000 and reboots the system.

EXPANDEXPAND source target

The EXPAND command is used to extract files from a CAB file. In the EXPAND command’s syntax, the source is the CAB file that contains the file, and the target is the name of the file that you want to extract.

FTDISK
The FTDISK command makes fault-tolerant devices, such as RAID arrays, available through the command prompt interface. The REGISTRY command must precede this command.

HELP
The HELP command can be used to display a summary of the available commands and their usage.

KEYBOARDKEYBOARD nation

As in DOS, the KEYBOARD command is used to support foreign keyboards. The available nations are the United States, Germany, and Japan.

LOGFILELOGFILE filename

The LOGFILE command is used to create a log of all commands used within the current ERD Commander 2000 session and the results of those commands. The LOGFILE command is especially useful if you’re running an automated batch file and you want to record the results. Specifying the LOGFILE command with a filename initiates a log file with the name that you specify. Entering the LOGFILE command with no filename stops ERD Commander 2000 from recording any more data to the log file.

MAP
Entering the MAP command displays a summary of which partitions and storage devices are mapped to which drive letters. Unlike DOS environments, MAP is a display-only command. It can’t be used to attach additional drive mappings.

MD / MKDIR
The MD command works just like the DOS version.

MORE
The MORE command works exactly like the DOS version.

MOVE
The MOVE command works just like the DOS version.

PASSWORDPASSWORD account password

The PASSWORD command allows you to assign a new password to any user account. This command is extremely useful in situations where the Administrator’s password is unknown and needs to be reset. I’ve been in many situations where I’ve agreed to help friends solve network problems. Many times these friends haven’t known the Administrator’s password on Windows NT workstations, and the only way to fix the workstation without reinstalling Windows was to use ERD Commander.

To use the PASSWORD command, simply enter the command followed by the username and the new password. This way, you’ll never have to enter the old password. You must enter the REGISTRY command before using the PASSWORD command.

QUIT
The QUIT command exits the system from ERD Commander 2000 and reboots the system.

RD
The RD command works just like the DOS version.

REGEDITREGEDIT
REGEDIT query key /S
REGEDIT query key \value
REGEDIT add key \ value = data type
REGEDIT add key class
REGEDIT delete key \value /F
REGEDIT find key string /D


Perhaps one of the greatest additions to ERD Commander is the addition of a Registry Editor. As you probably know, the Registry Editor allows you to repair a damaged registry. Unfortunately, in a command prompt environment, you don’t have the luxury of a point-and-click Registry Editor. Instead, all registry look-ups and changes must be done from a command prompt. You can see just how complicated the syntax for the Registry Editor is in the section above. Here’s a summary of the REGEDIT options that you can use:
  • KEY—Location of the registry key
  • VALUE—Name of a value within a key
  • DATA—Text string, decimal number, or hex number
  • Text String—(REG_SZ, REG_EXPAND_SZ)
  • Decimal Number—(REG_DWORD)
  • HEX—(REG_BINARY)
  • TYPE—Either REG_SZ, REG_EXPAND_SZ, REG_BINARY, REG_DWORD, or REG_MULTI_SZ (the default type is REG_SZ)
  • CLASS—Name of the registry class
  • String—Text string to search for
  • /S—Traverse subdirectories
  • /F—Force deletion without prompting
  • /D—Search data of values

There are a couple of other limitations that you need to know about. First, you can only work with the HKEY_LOCAL_MACHINE | SYSTEM portion of the registry. Fortunately, this is the section responsible for most of the boot options. You should also know that you must run the REGISTRY command prior to using the Registry Editor.

REGISTRYREGISTRY systemroot

The REGISTRY command loads the Windows registry into memory. As you’ve seen so far, many of the ERD Commander 2000 commands require the registry to be loaded into memory prior to use. One of the great things about ERD Commander 2000 is that unlike previous editions of ERD Commander, the 2000 edition supports multiple copies of Windows. You can use the systemroot parameter to specify the drive and directory containing the copy of Windows whose registry you want to work with. If multiple installations of Windows exist but you don’t specify a location, ERD Commander 2000 will prompt you for the copy that you want to work with.

RENAME
The RENAME command works very similarly to the DOS version, except that it can’t be used to move a file. It can only rename a file in the file’s present location.

RMDIR / RD
The RD command works just like the DOS version.

SERVICE
The valid startup options are Boot, System, Auto, Manual, and Disable. Before the SERVICE command can be used, you must first run the REGISTRY command.

TYPE
The TYPE command works just like the DOS version.

VER
The VER command displays the ERD Commander version rather than the Windows version.

XCOPYXCOPY source destination /A /M /P /S /W /C /E /I /Q /F /H /R /T /U /K

The XCOPY command works similarly to the DOS version, but it contains an extensive set of switches that can be used for a variety of functions. Here’s a summary of those switches:
  • Source—The drive path and filename of the files to be copied
  • Destination—The location to which the files will be copied
  • /A—Copies files with the archive attribute set; doesn’t reset the attribute
  • /M—Copies files that have the archive attribute set, but turns off the attribute after copying
  • /P—Prompts you before creating each destination file
  • /S—Copies subdirectories of the source path
  • /W—Prompts you to press a key before copying
  • /C—Continue copying even if an error occurs
  • /E—Copies empty subdirectories
  • /I—If the destination doesn’t exist and you’re copying more than one file, assume that the destination is intended to be a directory rather than a file
  • /Q—Don’t display filenames while copying
  • /F—Display full source and destination while copying
  • /H—Copy hidden and system files
  • /R—Overwrite read-only files
  • /U—Copy only files that already exist in destination
  • /T—Create directory structure, but don’t copy files
  • /K—Copies all attributes (normal XCOPY function resets attributes)
If you’re interested in acquiring a copy of ERD Commander 2000 for your organization, you can contact Winternals Software at Sales@winternals.com (1-800-408-8415). At the time this article was written, a single user license of ERD Commander 2000 sold for $349.00.
Conclusion
In this article, I’ve discussed how ERD Commander 2000 can change the way that you make server repairs. I also explained the basic ERD Commander 2000 command set and some recovery techniques that you can use to repair some common server problems.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

Editor's Picks