SolutionBase: Working with the Windows 2003 Recovery Console

Learn how to use the Recovery Console to fix Windows Server 2003 crashes.

When something goes wrong with your Windows Server 2003 server, you need a way to quickly get things back up and running. To help make troubleshooting easier, Microsoft created the Recovery Console. Here's how the Recovery Console works with Windows Server 2003.

The road to Recovery (Console)
Back when Windows NT was Microsoft's only server operating system, I used to think that although Windows NT was a decent OS, Microsoft really dropped the ball when it cam to being able to recover from disaster. For example, if the operating system were installed on an NTFS partition and you accidentally did something to crash the system, then your chances of being able to fix the problem without reinstalling Windows was slim to none. Sure, Windows NT had VGA mode and the Last Known Good Configuration option, but if the problem was too serious to be fixed by one of these options, you were pretty much out of luck. Consequently, I used to urge my readers to use the FAT file system on the boot and system partitions.

Today though, using the FAT file system on a server would never be an acceptable option because doing so would undermine the server's security. Fortunately, there is no longer any reason to use the FAT file system since Microsoft has made it much easier to recover from a disastrous configuration error. One of the tools that you can use to recover from a serious operating system crash is the Recovery Console. The Recovery Console, which was first introduced with Windows 2000, allows you to boot a failing server to a command prompt. From there you can use the normal DOS commands and some special commands to recover the Windows operating system.

Being that the Recovery Console existed in Windows 2000, you are probably wondering what's new for Windows Server 2003. There are two main features that are new to the Windows Server 2003 Recovery Console. First, there is a lot more security built into the Recovery Console than there used to be. The Recovery Console has always been password protected, but anyone who knew the Administrator's password could access anything on the server. Now, unless you reconfigure some security policies, the Recovery Console will prevent anyone from accessing directories containing data. It will also prevent anyone who might happen to be doing the repair work on your machine from copying your files to a floppy. I'll talk more about this new security later on, but for now you should know that the extra security can be disabled if your own staff is working on the server, but is an excellent safety feature if you rely on consultants to do your repair work.

The other new Recovery Console feature for Windows Server 2003 is the ability to use the Recovery Console to repair other operating systems. Yes, you read that correctly. The Windows Server 2003 Recovery Console can be used to repair Windows NT installations. The Recovery Console could theoretically also be used to repair a Windows 2000 installation, but since Windows 2000 comes with its own Recovery Console, there is really no reason to install the Windows Server 2003 version.

Installing the Recovery Console
Although you can run the Recovery Console from the Windows Server 2003 installation CD, you can also preinstall it so that it is already ready to go should you ever need it. Preinstalling the Recovery Console requires 7 MB of free disk space. Before I walk you through the installation process though, there are a couple of things that you need to know.

For starters, you can only install the Recovery Console if the server's system volume is contained on a single physical hard disk. If you've ever tried to install Windows Server 2003 onto a mirrored hard disk, you know that it simply can't be done. Microsoft places the same restrictions on the Recovery Console.

The other thing that you need to know is that although the Recovery Console can be used to repair Windows installations on both FAT and NTFS volumes, it uses a different set of files depending on the format of the boot partition. Therefore, if you are thinking about converting your boot partition from FAT to NTFS, do the conversion before you install the Recovery Console. If you were to install the Recovery Console onto a system running Windows on a FAT partition and then later converted the partition to NTFS, then if you ever try to access the Recovery Console, the system will lock up before it ever gets you to the command prompt.

To install the Recovery Console insert your Windows Server 2003 installation CD and then enter the following command at the Run prompt where D: is the letter of your CD-ROM drive:
D:\i386\winnt32 /cmdcons��

When you do, you will see a dialog box explaining that Windows will install the Recovery Console as a startup option and that the Recovery Console will consume 7 MB of disk space. Click Yes to continue with the installation. When the installation completes, you will see a message indicating that installation of the Recovery Console has been successful.

Now that you know how to install the Recovery Console, you can access it by rebooting the system and selecting the Microsoft Windows Recovery Console option from the boot menu. When you do, Windows will give you the opportunity to press [F6] if you need to load a third-party driver for your SCSI controller. If you don't press [F6], the Recovery console will continue to boot.

After a few seconds, you will see a screen asking you which Windows installation you would like to log into. Normally, there will only be one choice, but if your server happens to have multiple operating systems installed, you can select which operating system you want to work with. Earlier I mentioned that the Windows Server 2003 Recovery Console could be used to repair a Windows NT installation. The reason why this is possible is because the Recovery Console isn't version specific. It simply tries to detect any Windows installation that might exist on your hard disk.

Select the installation that you wish to repair and press [Enter]. Windows will now prompt you for the Administrator's password. Keep in mind that Windows is asking for the password for the Administrator's account, not the password for someone who happens to be a member of the Administrators group. After entering the password you will be taken to a Command Prompt and the path will be set to your %SYSTEMROOT% directory.

At this point, you might be curious to do a little looking around and see exactly what you can access. One of the first things that you might notice is that the CD command (Change Directory) behaves strangely. For example, on my test system, the Recovery Console boots into the C:\Windows directory. I can use the CD command to get to the SYSTEM32 directory, but I can't use CD.., CD\ , or CD\WINDOWS to get back. By default, the CD command is restricted to allow you to move deeper into the directory structure, but not to let you backtrack. I have absolutely no idea what Microsoft's reasoning was behind this.

What makes the restrictions on the CD command even stranger is the fact that Microsoft included a comparable command with fewer restrictions. The CHDIR command works very similarly to the CD command, but it will allow you to backtrack. There are two things that you need to know before using CHDIR though. First, any time that you use CHDIR, or any other command, to access a file or folder with a long file name (multiple words such as Program Files), the file or folder name must be placed in quotation marks.

This leads me to the other quirk that you need to know about. If you were to enter the command CHDIR "C:\Program Files", you would receive an access denied error message. It might seem strange not to have access to the entire system being that you are the Administrator, but as I explained earlier, Microsoft has seriously restricted access as a safety feature to protect your data in the event that you have to let someone else work on your server. By default, there are only four things that you are allowed to access from the Recovery Console. These include:

  • The root folder
  • The %SYSTEMROOT% folder and its subfolders
  • The Cmdcons folder
  • Removable media such as the Windows installation CD

There are also some other restrictions placed on the Recovery console as well. If you are familiar with DOS then you know that the asterisk (*) is used as a wild card. In a DOS environment for example, if you entered the command DELETE *.EXE, then all files in the current directory with the .EXE extension would be deleted. In the Recovery Console though, the asterisk does not act as a wild card. This is a safety feature to prevent you from accidentally deleting, renaming, or modifying multiple files. As I will show you later though, there is a way to get wild card functionality back.

Another way that the Recovery Console protects Windows is by controlling access to removable media. Remember, removable media is one of the four things that the Recovery Console gives you access to. However, the default access level to the removable media is read only. This prevents a consultant from copying pieces of your server's registry to a floppy in an effort to later use the stolen information to crack passwords. Again, the restrictions on removable media can be circumvented through a technique that I will show you later.

The final security measure that the Recovery Console uses to protect you from yourself is copy protection. In my opinion, this feature isn't really a big deal. The copy protection doesn't stop you from overwriting a file on your hard disk. It simply prompts you to confirm that you really do want to overwrite the file. If this is too much of a nuisance to you though, this protection too can be disabled.

Reducing Recovery Console's security

To disable all of the Recovery Console's security features, you have to begin by modifying either the Domain Controller Security Policy or the Local Security Policy, which ever applies to the server. To do so, boot the server into Windows (you might want to do this before your system has a crash, since normally if you are using the Recovery Console, Windows is not accessible). When Windows boots, select either the Domain Controller Security Policy or the Local Security Policy from the Administrative Tools menu. When the console opens, navigate through the control tree to Security Settings | Local Policies | Security Options. The pane to the right contains many different security policy options. Scroll through the list to the policies related to the Recovery Console.

The Domain Controller Security Policy contains two settings related to the Recovery Console. The first security setting is Recovery Console: Allow Automatic Administrative Login. If you enable this option, it will allow you to access the Recovery Console without having to enter a password. This is handy if you have a consultant who does your server repairs and don't want to give out your Administrator account password. At the same time though, this setting does represent a significant security risk, and I personally think that it's a bad idea to enable it.

The other Recovery Console security option is: Recovery Console: Allow Floppy Copy And Access To All Drives And Folders. This option is actually a bit misleading. If you enable this security setting, it doesn't do away with any of the restrictions that I discussed earlier. Instead, it simply gives you the option to turn those restrictions on or off.

To give you an idea of how this works, go ahead and double-click on Recovery Console: Allow Floppy Copy And Access To All Drives And Folders. When you do, you will see a dialog box appear. Select the Define This Policy Setting check box and then select the Enabled radio button and click OK. Finally, reboot the computer and enter the Recovery Console.

Once the system boots into the Recovery Console, you can use a series of commands to enable or to disable the various security mechanisms. For example, if you wish to be able to use the asterisks as a wild card then you can enter the following command:
Set AllowWildCards = TRUE

I should point out that this command is case sensitive and the spacing is also very important. If you don't include the space on each side of the equals sign then the command will not work. If at any time you want to restrict the use of wild cards then you can enter the exact same command, but substitute FALSE for TRUE.

There are similar commands for enabling or disabling the other security functions. The syntax for all of the commands is the exact same as it is for the AllowWildCards command. The command for removing restrictions on what directories can be accessed is AllowAllPaths. The command for removing restrictions on removable media is AllowRemovableMedia. Finally, the command used to remove the prompt that you get prior to overwriting a file is NoCopyPrompt.

Other Recovery Console commands
If at any time you need help with the recovery console, you can type the HELP command to display a list of valid commands. If you type HELP you will notice that the commands that I have just shown you are not listed. Remember though that those commands are preceded by the SET command and therefore, to get help on those commands, you would type HELP SET to get help on the SET command. Although online help is available for each command, here is a brief run down of the commands that are available and a short description of what those commands do:

  • ATTRIB - With the ATTRIB command, you can add or remove various file attributes, such as hidden or read only.
  • BATCH - This command is new to the Windows Server 2003 version of the Recovery console. It allows you to run a batch file.
  • BOOTCFG - This command is new to the Windows Server 2003 Recovery Console. It allows you to modify the machine's boot configuration by making changes to the BOOT.INI file.
  • CHDIR (or CD) - Allows you to change to a different directory.
  • CHKDSK - Checks the hard disk for errors and displays a status report. You can append the /F switch to get CHKDSK to fix the errors that it finds.
  • CLS - Clears the screen.
  • COPY - Copies files from one location to another.
  • DELETE (or DEL) - Erases the files specified.
  • DIR - Displays the directory's contents.
  • DISABLE - Disables a service or a device driver.
  • DISKPART - Allows you to create, delete, and manage partitions on your hard disk.
  • ENABLE - Enables a service or a device driver.
  • EXIT - Closes the Recovery Console and reboots the computer.
  • EXPAND - Allows you to extract individual files from the compressed files on the Windows 2003 CD. This command takes the place of the EXTRACT command found in the Windows 2000 Recovery Console.
  • FDISK - This command existed in the Windows 2000 Recovery Console but does not exist in Windows Server 2003's version.
  • FIXBOOT - Writes a new boot sector onto the system partition.
  • FIXMBR - Repairs the master boot record of the partition's boot sector.
  • FORMAT - Allows you to format a disk or a partition.
  • HELP - Displays all commands that are available through the Recovery Console.
  • LISTSVC - Lists all available system services.
  • LOGON - Allows you to log into the security system of the Windows installation of your choice.
  • MAP - Displays mappings for network drives.
  • MKDIR (or MD) - Creates a directory.
  • MORE - Displays a text file's output one screen at a time.
  • RMDIR (or RD) - Removes a directory. The directory must be empty before you can remove it.
  • RENAME (or REN) - Allows you to rename a file.
  • SET - This command is new to Windows Server 2003 and allows you to enable or disable the various protection mechanisms.
  • SYSTEMROOT - Sets the current folder to the systemroot folder of the system that you're currently logged into.
  • TYPE - Displays the contents of a text file.