[WinMac] NT ERD info

Dan Schwartz(expresso[at]snip.net)
Thu, 11 Feb 1999 11:02:06 -0500

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Dan Schwartz: "[WinMac] Re: Network setup of Apple LW 810 Printer"
• Previous message: Bill Chapman: "[WinMac] Novell & Freezing Finder"

        The following is a quote from Lance Jensen of Executive Software... I hope
this helps!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<<FOCUS>> ON WINDOWS NT(r)
eLetter published by Executive Software
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        [cut]

######################################################

3. THE EMERGENCY REPAIR DISK, PART 1
By Lance Jensen, Executive Software Technical Support Director

A current Emergency Repair Disk (ERD) is one of the vital tools needed to
maintain a Windows NT system. Unfortunately, most Windows NT sites do not
maintain their ERDs because many administrators have never been taught how
to use them. We would like to help correct that situation.

In this article the designation, "%systemroot%" will refer to the system
folder. The default name is WINNT, but whoever actually installed Windows
NT on your system may have given it a different name.

Many of the files in the %systemroot% tree are hidden files, and many are
read-only. To see hidden files, start Windows Explorer, go to the Menu Bar
and click "View", "Folder Options", and the "View" tab. In the Advanced
Settings box, under "Hidden files", click the "Show all files" button, then
OK. You will now be able to see all files. Before you can copy or edit a
read-only file, you must right-click the file, then click "Properties".
Under the General tab, in the Attributes section, uncheck the Read-only box.

What Is the ERD?

The ERD is a floppy disk containing the files in the %systemroot%\repair
folder, that are the configuration files and Registry information. If your
Registry or startup environment become damaged in any way, the ERD will
usually be able to fix it. However, the ERD is not a substitute for a full
backup. It's more like a "Backup Lite" which can frequently save you from
having to do an entire restore from backup.

The files "sam._" and "security._" on the ERD are often not kept updated,
because they can be too big to fit on a floppy. You probably won't see this
except on a server with over a thousand users and groups. If these files
are too big for a floppy, you can back them up using your regular backup
utility or the regback.exe utility in the Windows NT Resource Kit, and you
can save copies in a special folder on the disk.

I strongly recommend keeping several ERDs for each machine. The first one
should be made when you first install Windows NT. If you did not make one
at that time, now is a good time to do so. Then make a second copy and
store one off-site. As you expand and change your Windows NT system, keep
these original ERDs as a safety measure. For convenience, you could also
create a second repair folder (let's call it \repair2) and copy the original
files from \repair into it.

If you do back up the "sam._" and "security._" files (which you should do if
you can), you may some day find that you can no longer fit all of the files
on a floppy disk. Remember that the entire contents of the
%systemroot%\repair folder are copied to the ERD, so you must keep its size
under 1.44MB. Should the folder grow too large, take the ERD from the
original Windows NT installation (or from \repair2) and copy ONLY the
"sam._" and "security._" files into the %systemroot%\repair folder. The
folder should now be small enough to make an ERD. If it's not, you need to
reduce the size of setup.log. Edit setup.log and locate the line
"[Files.WinNt]", which is followed by a long list of file names. You can
safely delete any of these file names that do not begin with
%systemroot%\SYSTEM32\. At some point in this list you may find a line
"[Files.InRepairDirectory]"; do not delete anything after this line!

There are two things you should keep in mind:

1. The files "sam._" and "security._" contain your security database. If
these files are included on the ERD, then your system could be invaded if a
criminal should get his hands on it. Keep all copies of the ERD safe and
secure, from theft as well as from damage.

2. When you do a repair from an ERD, the "sam._" and "security._" files may
be replaced with the ones from the ERD. If these files were too large to
fit on the ERD, you have to recover them from someplace else. The easiest
handling for this is a third folder, \repair3, in which you copy just the
"sam._" and "security._ files".

Making an ERD

The ERD is created using the RDISK utility. You should make a new one
whenever you make any significant change to the system, such as adding a new
application or Service Pack, or changing the Registry. This is the
procedure to use if you are including the security data on your ERD:

1. If you have not already done so, create \repair2 and copy the files from
\repair into it. If you do not have an original ERD, make one now by using
these steps, but leave off the /S switch in step 3.
2. Click Start, go to Programs, and click Command Prompt.
3. Type RDISK /S <ENTER>.
4. When prompted "Do you want to create an Emergency Repair Disk?", respond
"Yes".
5. Follow the prompts.
6. Label and date the ERD.

The /S switch in step 2 is necessary because the files in the
%systemroot%\repair folder are not updated when your system is modified; you
have use RDISK to do it manually. The /S switch tells RDISK to update the
repair files, including the "sam._" and "security._" files.

This is the procedure to use if you are not including the security data on
your ERD:

1. If you have not already done so, create \repair2 and copy the files from
\repair into it. If you do not have an original ERD, do steps 6 to 9 now to
make one.
2. Click Start, go to Programs, and click Command Prompt.
3. Type RDISK/S- <ENTER>. (The /S- switch updates the files, but does not
proceed to create an ERD.)
4. Copy the "sam._" and "security._" files from \repair into \repair3.
5. Copy the "sam._" and "security._" files from \repair2 into \repair.
6. Type RDISK <ENTER>.
7. Click the "Create Repair Disk" button.
8. Follow the prompts.
9. Label and date the ERD.

The ERD just created can be used to get your system running again if
something goes wrong while modifying your system. Now go ahead and make the
system changes. When you have finished and tested and you are satisfied
that the change is done, repeat the steps to update your system with your
new modifications, and make two new ERDs. The second ERD should be stored
with your offsite backups. If you don't keep offsite backups, you may not
want a second ERD; I like to have one in case the first copy gets damaged.

Is the ERD Really Needed?

You may never have made an ERD, or you might lose it, or it might get
damaged. If you ever have to do a repair without an ERD, you have several
options:

1. Sometimes you can do a repair without any ERD at all. If the repair
procedure can find your Windows NT install directory, it may be able to
directly access the repair directory. Sometimes it works, sometimes it
doesn't.

2. If that fails, you may be able to create a new ERD. First you need a
floppy disk that was formatted on a Windows NT system. If the
%systemroot%\repair folder is on a FAT partition, you can boot to a bootable
DOS floppy and copy the repair files to the new floppy. Some are hidden, so
be sure you get them all. The files are:

autoexec.nt
config.nt
default._
ntuser.da_
sam._
security._
setup.log
software._
system._

It's harder to access the folder if it's on an NTFS partition, but here are
some ways to do it:

A. There are applications available that run under DOS and can read NTFS
partitions. You can use one of these to create the floppy as described
above.
B. You could move the hard disk to another machine that is running Windows
NT and create the floppy there.
C. You could make another Windows NT installation on the same machine, boot
into it, and make your new floppy.

3. Last, you may be able to copy the files from a backup tape. You might
restore %systemroot%\repair folder, or copy it to another machine.

4. If all of this fails, you must reinstall Windows NT. As you can see,
it's a lot simpler to make sure you always have a current ERD.

Next

Part 2 of this series will be step-by-step instructions for repairing your
system using the ERD. If you have any questions, or any advice or tips
regarding the ERD which you would like to share, please send them in. I can
compile them into an additional article or two.

------------------------------

Lance Jensen is our ace Tech Support Director, and has great experience with
both Windows NT and Digital's OpenVMS operating systems. He can be reached
at dknt_support@executive.com. Please feel free to write to him with
questions or comments about this article.

######################################################

        [cut]

3. THE EMERGENCY REPAIR DISK, PART 2
By Lance Jensen, Executive Software Tech Support Director

In the first article of this series (EMERGENCY REPAIR DISK, PART 1, eLetter
Volume 4, Issue 2), we described making an Emergency Repair Disk (ERD). In
this article, we cover using it for Windows NT repair.

Running a Repair

Someday you may find your Windows NT system behaving oddly. Perhaps when
you boot up, it will fail, complaining that some system file is missing or
failed a check, or that it can't find the boot sector. Maybe you'll suffer
a power surge or a virus or hack attack and find your applications won't
start or you can't log in.

Now what do you do?

This is what Microsoft designed the ERD to handle. You could reinstall
everything, from Windows NT up through all of your applications and data
(hope it was backed up!), but it is much easier to do a repair, if you have
a current ERD. You will need the Windows NT Installation CD-ROM, the three
bootable Windows NT Setup floppy disks, and the ERD.

Insert Setup Disk #1 and turn on the computer. When prompted to do so,
insert Setup Disk #2. Now you will get the Welcome to Setup screen. This
gives you the options to Install Windows NT, Update Windows NT, or Repair
Windows NT. Press R to select Repair.

Next you get the Repair Options list. The options are:

- Inspect Registry Files
- Inspect Startup
- Verify Windows NT System
- Inspect Boot Sector

By default, all of these options are selected. You must de-select any you
do not want by highlighting it (or them) and pressing "enter". How do you
decide what to select? Well, here's what they do:

"Inspect Registry Files" is used to repair the Registry hives. If you don't
have a current ERD, do not select this option, because it will "roll you
back" to the date of the ERD. Any system changes you have done since the
ERD was made will disappear; any applications you have installed since that
time will lose their Registry entries and probably won't run any longer.

If you do select the "Inspect Registry Files" option, it will offer you a
sub-menu which is a list of Registry hives:

SYSTEM (System Key)
SOFTWARE (Software Key)
DEFAULT (Default User Profiles)
NTUSER.DAT (New User Profiles)
SECURITY (Security Key)
SAM (SAM Database)

If you know enough about the Registry, you may know that the problem you are
repairing is caused by a particular hive. If that's the case, select the
file or files for that hive. But watch out for the Security and SAM files.
Remember from the first ERD article that these files might not be backed up
on your ERD. If that is the case, do not select Security or SAM!

"Inspect Startup Environment" replaces Windows NT startup files as needed
from the Windows NT installation CD-ROM.

"Verify Windows NT System Files" does a CRC (Cyclic Redundancy Check) on the
Windows NT files. In essence, a CRC done on a file produces a number called
a Checksum. If the file is changed in any way, the Checksum will be
different. The correct Checksums for the files are stored in SETUP.LOG. If
the CRC produces a different Checksum, you will be told the file name and
asked if you want to replace it.

"Inspect Boot Sector" checks and repairs the boot sector. I've never come
across a situation where selecting this option would cause damage. In fact,
aside from the "Inspect Registry Files", these options should be safe to
select, as long as you don't skip the last step below, which is the
reinstallation of any Service Pack.

When you've finished selecting options, you highlight "Continue" and press
"enter". This brings you to the Mass Storage Detection menu. Just as it
says, this tells the repair to detect your mass storage devices. Even
though it does add a few minutes to the procedure, I recommend you always
select it. In many cases, if you do not select it, the repair process won't
be able to find your CD drive, and you'll have to start over.

Next you are prompted to insert Setup disk #3. After that you will be asked
if you have an ERD. Press Enter if you do, or Esc if you don't. Esc tells
the repair to try to locate %systemroot%\Repair folder and use the files
there in place of the ERD. This can be a lifesaver, but don't count on it
working. Many problems that require repair also make it impossible to
access these files.

If you have an ERD, you will now be prompted to insert it. The repair
process will then display a list of suspect Registry files which will be
replaced. You can override the selection of any file by removing the "X"
next to it, but don't make any changes unless you know what you are doing.

If you selected "Verify Windows NT", this is where it will be done. Just
follow the prompts. If any file does need to be replaced, you will be
prompted to insert the Windows NT Installation CD-ROM (Let it spin up to
speed before continuing, or you'll get an error message). When this
procedure finishes, you will be prompted to remove the floppy disk and
CD-ROM and restart.

When the system comes back up, there is one more important step that is very
commonly skipped. Reinstall your latest Service Pack. The repair replaces
files from the Windows NT Installation CD-ROM. These are the original
files, before any Service Packs. If you don't do the reinstall, you will
probably have a mix of file versions, some from the original build, some
from the Service Pack. System performance will be unpredictable.

Next

Response to the first article in this series was very gratifying. Thanks,
everyone! I have several automated ERD update procedures, shortcuts and
pitfalls, and a shareware utility I'm testing that looks very sweet! There
will be at least two more ERD articles to cover this material.

----------------------------------------------------------------

Lance Jensen is our ace Tech Support Director, and has great experience with
both Windows NT and Digital's OpenVMS operating systems. He can be reached
at dknt_support@executive.com. Please feel free to write to him with
questions or comments about this article.

 -----------------------------------------------------------------

        <mailto:expresso@snip.net, Dan@Hemnet.com>
         
        ALTERNATE: <mailto:expresso@workmail.com>

                Webmaster for <http://www.faulknerstudios.com>

        **Your Corel Solution Partner**

                **Your UltraBac Solution Source**

 -----------------------------------------------------------------

* Windows-MacOS Cooperation List *
* FAQ: <http://www.darryl.com/winmacfaq/> *
* Archives: <http://www.darryl.com/winmac/> *
* Subscribe: <mailto:winmac-on@xerxes.frit.utexas.edu> *
* Subscribe Digest: <mailto:winmac-digest@xerxes.frit.utexas.edu> *
* Unsubscribe: <mailto:winmac-off@xerxes.frit.utexas.edu> *

• Next message: Dan Schwartz: "[WinMac] Re: Network setup of Apple LW 810 Printer"
• Previous message: Bill Chapman: "[WinMac] Novell & Freezing Finder"

This archive was generated by hypermail 2.0b2 on Thu Feb 11 1999 - 08:08:58 PST