Access the Command Prompt from Windows 8's Recovery Drive and use it to recover data. Greg Shultz shows you how it works.
In a recent series of blog posts, I showed you how to use the various tools on the Windows 8 Recovery Drive to revive an ailing Windows 8 installation. To refresh your memory here is a brief rundown on what I have covered so far:
- Create a Recovery Drive in Windows 8 - I showed you how to create a Recovery Drive in for both a flash drive and an optical disk.
- Be ready to use the Windows 8 Recovery Drive - I showed you how to use the Recovery Drive and exactly what to expect if you should ever need it.
- How the Windows 8 Automatic Repair feature works - I showed you how the access and use the Automatic Repair tool from the Recovery Drive.
- Refresh your Windows 8 system from a Recovery Drive - I showed you how to use the default mode of the Refresh your PC tool from the Recovery Drive.
- Create a custom recovery image for Windows 8's Refresh your PC tool - I showed you how to use the Recimg command line tool to create a custom recovery image for the Refresh your PC tool.
- Reset your PC from a Windows 8 Recovery Drive - I showed you how to use the Reset your PC tool from the Recovery Drive.
- Restore Windows 8 with System Image Recovery - I showed you how to create and use System Image Recovery tool from the Recovery Drive to restore your hard disk.
However, there is one more feature on the Recovery Drive that you can use to help you access and repair Windows 8 - the Command Prompt. From the Command Prompt, you'll find that there are numerous command line tools are at your disposal. In addition, the Recovery Drive Command Prompt allows you to run two GUI based applications: the Registry Editor, which you can use to edit the registry, and Notepad, which you can use to recover data.
In this edition of the Windows Desktop Report, I'll show you how to access the Command Prompt from Windows 8's Recovery Drive. I'll then show you how to, use the Registry Editor and Notepad.
Accessing the Command PromptTo boot up your system, just insert a USB Recovery Drive or an optical disc Recovery Drive and restart your system. After your system boots from the Recovery Drive and you are prompted to choose an option, select the Troubleshoot tile as shown in Figure A.
When you are prompted to choose and option, select the Troubleshoot tile.When you see the Troubleshoot screen, as shown in Figure B, select the Advanced options tile.
From the Troubleshoot screen, select the Advanced options tile.When you see the Advanced options screen, as shown in Figure C, select the Command Prompt tile.
From the Advanced options screen, select the System Command Prompt tile.Once you do, you will see the Command Prompt windows like the one shown in Figure D.
You can use a host of command line tools from the Recovery Drive's Command Prompt.
Available command line toolsOnce you have the Command Prompt up and running, you can of course access and use a host of standard command line tools to navigate, manage files, and perform certain types of repair and recovery tasks. A list of the most common command line tools is shown in Table A.
Table A: Command line tools available from the Recovery Drive's Command Prompt.
|Attrib||Changes the attributes of a file or directory|
|Bcdboot||Bcd boot file creation and repair tool|
|Bcdedit||Boot Configuration Data Store Editor|
|ChDir (Cd)||Displays the name of the current directory or changes the current directory|
|Chkdsk||Checks a disk and displays a status report|
|Cls||Clears the screen|
|Copy||Copies files or folders to another location|
|Delete (Del)||Deletes one or more files|
|Dir||Displays a list of files and subdirectories in a directory|
|Diskpart||Manages partitions on your hard drives|
|Exit||Exits the Command Prompt and returns you to the Recovery Drive menu|
|Expand||Extracts a file from a compressed file|
|Format||Formats a disk|
|Icacls||Display or modify access control lists (ACLs) or change file and folder permissions|
|Manage-bde||Configure BitLocker drive encryption on disk volumes.|
|Mkdir (Md)||Creates a directory|
|More||Displays a text file|
|Recover||Recovers readable information from a bad or defective drive|
|Rename (Ren)||Renames a single file|
|Rmdir (Rd)||Deletes a directory|
|Robocopy||Copies files or folders to another location|
|Sfc||Scans and checks the integrity of your Windows files|
|Set||Displays and sets environment variables|
|Type||Displays a text file|
|Xcopy||Copies files or folders to another location|
Editing the registry
If your Windows 8 system is failing to boot properly after a registry tweak or you need to extricate some nasty malware that has infiltrated the registry, you can launch the Registry Editor from the Recovery Drive's Command Prompt. However, because you have booted your system from the Recovery Drive, the Registry Editor will by default load the registry from the Recovery Environment, not the registry from your Windows installation. Fortunately, once you know how, you can manually load the registry from your Windows installation.
As you will notice, the default drive letter for the Recovery Environment is X. However, your Windows installation drive is still available and assigned to another drive letter. Most likely the Windows installation drive is D, but you can find out for sure by typing the following command:
bcdedit | find "osdevice"
When you run this command, it will display
Where the "?" is your Windows installation drive letter.
Now that you know the drive letter of your Windows installation, type the following command to launch the Registry Editor:
regeditWhen the Registry Editor launches, select HKEY_LOCAL_MACHINE. Now, pull down the File menu and select the Load Hive command, as shown in Figure E.
When the Registry Editor launches, it will display the registry from the Recovery Environment.When you see the Load Hive dialog box, use the Look in drop down to select the drive letter of your Windows installation that you found earlier. Then navigate to the Windows\System32\config folder, as shown in Figure F. Then, choose the hive that you want to load. Table B shows the available registry keys and the location of the hive files.
The config folder contains all of the registry hive files.
For example, if you suspect that the Run key in the registry is being used to launch malware, you would select the SOFTWARE hive.
Table B: The available registry keys and the location of the hive files.
Path to hive file
When you select a hive, you will be prompted to give that hive a name.At this point, the entire hive is loaded into the Registry Editor so that you can make any changes that you hope will allow your Windows 8 system to boot up normally. In my example, the entire HKEY_LOCAL_MACHINE \SOFTWARE hive has been loaded into the Registry Editor under the name Test, as shown in Figure H.
In my example, the entire HKEY_LOCAL_MACHINE \SOFTWARE hive has been loaded into the Registry Editor under the name Test.Continuing with my example, I would open the Test hive, remembering that it is the equivalent to HKEY_LOCAL_MACHINE \SOFTWARE and then navigate the rest of the way down to the Run Key (Microsoft\Windows\CurrentVersion\Run), as shown in Figure I.
In this example, the Test hive is the equivalent to HKEY_LOCAL_MACHINE \SOFTWARE hive.After you make changes, you will then need to navigate back up the tree and select the Test hive, just as shown in Figure H. Now, pull down the File menu and select the Unload Hive command, as shown in Figure J.
Once you are finishes, select your hive and then use the Unload Hive command.
At this point, any changes that you made are now incorporated in the registry from your Windows installation. To continue, close the Registry Editor and then close the Command Prompt window. When you do, you'll return to the main Recovery Disk menu where you can select the Continue tile, which will reboot the system and start Windows 8 with the changes that you made registry.
Backing up data
If your Windows 8 system stopped booting up normally before you had a chance to make a current backup of your data, chances are that the first thing that you would want to do is backup your data files. Well, if you look back at the command line tools shown in Table A, you'll find several commands that you can use to back up your data: Copy, Robocopy, and Xcopy.
However, if you're like most users, you'd rather work from a GUI than a command prompt when it comes to copying hundreds of files. Fortunately, the Windows Recovery Environment allows you to run Notepad. How is Notepad going to help you copy files you may be thinking? Well, in the majority of Windows applications, the Open and Save as dialog boxes are essentially pared down versions of File Explorer. As such, you can use the Open dialog box just like File Explorer and will be able to easily copy all of your data files to a backup drive.
Once you have booted into the Recovery Environment connect a flash drive or external USB drive to your system. Now, access the Command Prompt window and type notepad.exe on the command line. Once you have Notepad up and running, just press [Ctrl]+O to access the Open dialog box. Leave the File name box blank, select All Files (*.*) in the Files of type list, and just leave the Encoding setting as it is.Now, use the Computer icon to locate your Windows installation drive. (Refer to using the bcdedit | find "osdevice" command as described above.) To continue, navigate to your user profile folder, as shown in Figure K. Then, right click on the folder or folders containing the files that you want to backup and then select the Send to command. When you do, you can select your flash drive or external USB drive. When you do, your files will be safely copied.
Use the Send To command from the Open dialog box to copy files to a flash drive or external USB drive.
Keep in mind that you should not close the Open dialog box or Notepad until all the files are copied
What's your take?
Do you think that being able to edit the registry and backup files from the Windows 8 Recovery Drive Command Prompt are valuable tricks? As always, if you have comments or information to share about this topic, please take a moment to drop by the TechRepublic Community Forums and let us hear from you.