Recovering a System I: Restore and Recovery Console

From Proprofs

[edit section] Recovering a Windows XP System

As you are probably well aware, Windows XP does not always function correctly. Luckily, there are ways to recover an XP system that has gone astray or failed to function correctly. In this lesson, we will explore some of the tools available to recover a Windows XP system that has failed. Pay attention to this lesson! This topic constitutes the “heart” of the Windows XP (70-270) exam!

[edit section] System Recovery Console

In the case that your system is failing to boot, you may want to perform a System Recovery (not to be confused with System Restore or Automated System Recovery, both of which are covered elsewhere). To access the System Recovery Console, boot from CD and press R once all the drivers have loaded. You will need the password of an account with Administrator privileges to enter Recovery mode.

In the Recovery Console, you can perform various actions that can help you get the computer to a working state again or at least allow you to perform disk operations so that they are accessible again. We do not have time to cover all of the console commands, but here are a few important ones:

• CD/DIR/ATTRIB/DEL/RD/REN: These are all basic file system commands that you should be familiar with. Using the console to look for files in question or to copy system files requires that you are familiar with these commands. Respectively, these are Change Directory/List Contents/List Attributes/Delete File/Remove Directory/Rename File or Directory.
• FIXMBR: Fixes the MBR, or Master Boot Record, so that the Windows partition is again accessible. Used in cases of boot sector viruses or bad partitioning
• FIXBOOT: Fixes the Windows boot record, or the list of boot partitions that are accessible to XP. Used in cases of viruses, bad partitioning, or when multiple boot records point to incorrect or the same logical boot volume
• DISKPART: Allows you to perform disk partitioning operations on a failed or bad disk drive
• FORMAT: Wipes clean a logical volume (be very careful!)

Note that the Recovery Console is not used to backup files. The exam will often include questions in which an answer choice is basically to “log into Recovery Console and copy the needed files to removable media.” This is not really possible through Recovery Console and is certainly not the intended use of the console.

[edit section] The Boot Screen

If your computer fails to boot normally, or you having problems with it that inhibit your ability to affect changes on a normal boot, you may consider using the boot screen to perform a special boot. To launch the boot screen, repeatedly tap the F8 key before the Windows logo appears but after your BIOS has posted. If you are successful, the Windows boot menu will appear. Note that if your computer fails to boot normally (for example, if you pull the power while it is performing a normal boot) the boot screen will appear by default. Here are some options concerning the boot screen:

[edit section] Boot normally

This is the default option, and causes Windows to boot normally. Windows will not make an attempt to perform any kind of recovery to the operating system, nor will it check for errors or changes to the kernel.

You should note that you can choose to “Enable VGA Mode” in order to load the standard VGA (VGA.sys) driver in the case that you had set your graphics settings too high for the monitor to display and cannot change them because you cannot see the output.

[edit section] Safe mode(s)

Windows allows you to boot into three different kinds of “Safe Modes.” Safe Mode is a Windows feature that allows the PC to boot into XP with the most limited driver set available so that problems can be easily pinpointed and corrected and so that the computer may be used in the case of a normal boot failure. In addition to the limited driver set, Safe Mode boots only employ a limited set of system services and background applications that Windows XP deems essential to operation. It is easy to determine if a PC has booted into safe mode because the resolution will be an ugly 640X480 with 16 colors (standard VGA).

In addition to the standard Safe Mode, XP includes the Safe Mode with Networking option, which adds the ability to network with other computers while in Safe Mode. This may be useful in cases in which you need to access the Internet while in Safe Mode or back up files to the network. Also, the Safe Mode with Command Prompt option allows you to access a standard command prompt (CMD) instead of Explorer.

You should note that you can choose to Enable Boot Logging, which saves a log of the boot process during Safe Mode to Ntbtlog.txt

[edit section] Last Known Good Configuration Mode

In Last Known Good Configuration Mode, Windows XP will try to boot normally, but to the registry file (system state) that was last known to be successful in booting the OS. Specifically, the HKLM\System\CurrentControlSet is saved every time a user successfully logs on and proceeds to log out. Last Known Good Configuration Mode would not be useful in a situation in which you log on and then off of a PC with a bad configuration, as the bad configuration would have been saved.

[edit section] Debugging Mode

Debugging mode allows you to send information about the state of the bootup process to another computer connected via serial connection. It is a rare topic on the 70-270 examination.

[edit section] System Restore

One of the best features of Windows XP, especially for technicians, is System Restore. It allows you to revert a system to the state it was in at a previous time with minimal data loss (only registry information is changed). It can be especially useful after a user has installed malicious software, such as Adware and Spyware, or has installed a harmful or incorrect driver. System Restore’s saved states are called Restore Points, which are by default created at a certain time each day or before any significant change to the state (installation of new hardware or software, for example). As mentioned, by default, Restore Points are created automatically. In addition, they can be created manually through the System Restore tool located in System Tools of the Accessories folder.

[edit section] Performing a System Restore

A System Restore can be performed in two ways – through the System Restore tool in the System Tools folder, or through logging in Safe Mode. At any rate, the tool itself is the same – only the method used to access the tool is different. When you choose to perform a restoration, you will be asked to choose the date and/or time you wish to restore the system to. After doing so, you will wait a bit for the restore to take place. The computer will restart, and upon login, System Restore will run a bit longer and proceed to give you an option to undo the restore.

[edit section] System Restore Properties

XP gives you the ability to configure System Restore properties through the System Restore tab on the System applet in the Control Panel. In this tab, you can choose to increase or decrease disk space allocated to restore points, schedule additional restores, or even choose to turn off System Restore all together.

[edit section] Rolling Back a Bad Device Driver

In the rare case that you actually install an incorrect or defective device driver, you can roll back the driver to an earlier version (or to the default version) so that the hardware continues to function or at least does not give you any significant problems. To do this, click the Roll Back Driver button on the Properties dialogue for the hardware in question in Device Manager.

[edit section] Moving Along

In our next lesson, we will explore Backup and Recovery. You will learn more about the details of system recovery in XP and what is really involved in creating a backup. You will also learn about the two types of recovery that we did not cover in this lesson, ASR and System Recovery.

[edit section] Quick Review

1. You log onto a computer and notice that much of the desktop is clogged up with bogus icons. You also notice that the colors and themes have changed and that the system is noticeably slower than usual. You logout and restart the computer. Which of the following modes would be best to start in for troubleshooting?

a. Last Known Good Configuration

b. Debugging

c. VGA Mode

d. Safe Mode

e. Boot normally

2. Which of the following is a true statement regarding restore points and System Restore functionality in XP?

a. Restore points can only be created through the System Restore applet

b. System Restore can be disabled on all partitions and volumes except for the system partition

c. System Restore can only restore files and data; it cannot restore System State Data

d. Restore points contain a backup of the volume that the restore point was created for

e. System Restore can restore System State Data to a previous time without any loss of data

3. You have a top-of-the-line video card with an older driver that is working well in your PC and receive an email containing a new driver for the card. You install the driver and restart, only to find that the driver is incompatible with most of the games and software that you own. What is your next logical step?

a. Return the video card to the manufacturer because it is defective

b. Use the Properties applet for the hardware in Device Manager to locate the driver on the disk drive and delete it in Safe Mode so that the VGA.sys driver is loaded instead. Add the older driver the directory, giving it the same name as the newer driver.

c. Boot from CD and use the System Recovery Console to restore your computer to the day before you installed the driver

d. Remove and re-insert the video card, making sure it is properly seated. Then, proceed to install a second video card. Disable the original video card

e. Use the Properties applet for the hardware in Device Manager to roll back the driver

[edit section] Answers

1. Because you have logged in and out, you cannot use Last Known Good Configuration Mode (it will just load the state data with the bad configuration). Debugging and VGA mode will not help because they are not related to actually recovering the system. Booting normally will also do nothing to solve the problem because the normal boot is what you are incurring a problem with in the first place. Therefore, the only logical choice is to load Safe Mode and work from there. The answer is D.

2. The only correct statement is that System Restore allows you to restore system state data to an earlier time without the loss of any data. Because state data is independent of other data, no actual data is lost in the process. The answer is E.

3. Since the old driver worked well, you need to replace the new driver with the old driver. Therefore, choices A, C, and D can be eliminated. Choice B seems like it would work, but it is very cumbersome and has a high potential for failure. Choice E, on the other hand, makes perfect sense as rolling back the driver is an easy way to revert to a previous driver. Thus, the answer is E.