Haunting the MS Mansion

by Passdown

Microsoft sure does make life easy for the end user, but for those of us who are called to fix a down M$ system, life can be trying at times.

Let's face it, if you were one of the richest companies in the world, you wouldn't want to share your proprietary gimmicks either.  So, this leaves the technician holding a woefully empty bag of tools.

Ever have a laptop running an NTFS installed version of Windows XP Home?  No, I know you wouldn't, but your client probably does.  And of course... he's messed it up.

There are a myriad of possible problems, but let's assume that all you need to do is have a nice GUI interface to copy off or change some files.

At the time I started writing this, Knoppix NTFS write capability was still pre-Alpha.  Now it's out, but do you trust it?  Me neither.

I hate working on laptops and I certainly don't want to pull the hard drive out to put it in another machine.  All I need to do is move the SAM files, or edit an INI, or whatever.

Let's say that I'm even locked out of the administrator account when booting from the Windows XP Home CD.  (Let's assume that someone actually set a password.)  I know there are still ways around that but, hey, we like GUI.

Enter Norton GHOST 9.  (Serial Number: AY3A-PH7J-3D97-ND3Q-PAHN)

I was able to pick up a legit OEM copy from an online vendor for about $17.  Good deal.

GHOST images are quite nice for picking up the pieces after doomsday.  I highly recommend it.  The interesting thing is there are other features that they probably hope you don't notice.  The easiest way to work with a Windows system... is to use a Windows system.

The GHOST recovery CD boots into a stripped down live CD rigged version of Windows XP Pro.  It seems Symantec built their own shell.  I am uncertain if it is based on Explorer but, if it is, some functions are still available.  My favorite way to garner system access is the often overlooked Help menu.  There's not much in the GHOST shell menu, but if you click Help, you will find standard menu options, such as Open.

From here use the *.* option in the filename field and hit Enter to gain a complete list of files, drives, etc.

For an even bigger laugh, just hit F1 at the main screen.  The open interface seems to be a standard Explorer interface, however because of system limitations, all file interactions must take place in this window.

For easier use, browse over to the CD-ROM and up to the i386/System32 folder.  Here you should find TASKMGR.EXE.

Task Manager will give you a little nicer access than Help (default execute instead of open).

In order to run it, you will have to open it from the right-click menu, otherwise Help will think you are trying to "Select" a library.

Need to rename, copy, cut, paste a file?  It's all there.  Just be aware that you will not see your changes until you refresh your screen (get used to hitting F5 all the time).

Don't waste your time with moving specific files, move whole folders.  The Open menu only allows you to work with a single file or folder at one time.

So, trying to copy 15 files becomes a little tedious and error prone.  I've successfully been able to use USB storage devices, which certainly makes it convenient for backing up hard to reach data or importing a replacement file.

This process has been especially useful in removing unwanted DLLs that embed themselves at the boot (spyware).

The fun really begins when you try to execute different programs or system executables sitting on the hard drive.  CMD.EXE worked for me.

The build of Norton GHOST 9 that I have sits on Windows XP Pro SP1.  I am uncertain if this is why I have not been able to run Explorer from a hard drive or not, since I've probably made all my attempts on SP2 installations.

There are a lot of things that occur in the background of an MS boot sequence, so success may entail a lot of scripting and editing (beware of crippling an otherwise working test system).

I have dabbled extensively but been unable to bring up a more robust level of operation.  I hope that someone else can add to what I've discovered and maybe I'll have more good news for you when I eventually get around to buying Norton GHOST 10.