NTRecover
User’s Guide
Winternals Software LP
3101 Bee Caves Road, Suite 150
Austin, Texas 78746
(512) 330-9130
(512) 330-9131 Fax
www.winternals.com
Copyright © 2002 Winternals Software LP
NTRecover
Table of Contents
1 Introduction................................................................................... 1
2 Overview of Use............................................................................2
3 Establishing Communications Parameters................................3
4 Creating a Client Boot Floppy.....................................................4
4.1 Using a MS-DOS Boot Floppy........................................................4
4.2 Creating a Native NTRecover Boot Floppy.....................................5
5 Establishing a Communications Link......................................... 6
6 Using NT Recover: Host .............................................................. 7
6.1 The Connection Dialog...................................................................7
6.2 The Statistics Dialog......................................................................8
7 Using NT Recover: Client .......................................................... 11
7.1 Starting the Client ........................................................................11
7.2 The Connection Screen ...............................................................12
7.3 The Statistics Screen...................................................................14
7.4 Connecting to Another Client.......................................................15
8 Troubleshooting......................................................................... 16
8.1 Frequently Asked Questions........................................................16
8.2 Checklist for Common Problems..................................................18
9 Technical Support...................................................................... 19
Winternals Software LP Page i
NTRecover
1 Introduction
NTRecover is an advanced Windows NT/2000© dead-system recovery utility.
Windows NT/2000 machines that fail to boot because of data corruption,
improperly installed software or hardware, or faulty configuration, can be
accessed and recovered using standard administrative tools, such as
CHKDSK, with NTRecover.
NTRecover consists of host and client sof tware, where the host software is
run on a functioning Windows NT or W indows 2000 system, and the client
software is executed on a target dead system. T he host and client machines
must be connected with a standard null-modem serial cable.
The NTRecover host sof t ware creates virtual disk drives on the host m achine
that represent the drives present on the client computer. When native file
systems, such as NTFS and FAT, access the drives, the NTRecover device
driver manages communications over the serial cable to the client soft ware to
transfer disk data back and forth between the two machines. As far as
Windows NT/2000 on t he host machine is concerned, the drives created by
NTRecover are indistinguishable from the local drives present on the host,
and so they can be manipulated with Windows NT/2000 disk utilities,
including high-level tools like the W indows NT Explorer, and low-level tools
such as CHKDSK.
When used in conjunct ion with Locksmith, NTRecover allows you to bypass
the security system and replace lost or forg ot t en administrative passwords.
Winternals Software LP Page 1
NTRecover
2 Overview of Use
The following steps are requir ed for NTRecover operat ion. Each is described
in detail in subsequent chapters of t his guide:
♦= Connect the host and client machines with a null-modem serial cable
♦= Identify the serial ports that are connected
♦= Run the NTRecover host software, NTRecover, on the host computer
♦= Create a client boot floppy
♦= Boot the client machine from t he boot floppy and execute the client
software
♦= Enter the communications parameters int o the host and the client
software
♦= Press the mount button on the host
♦= Pull down the drives menu in the host software to see which host
drives correspond to client drives
♦= Access the drives as you would standard drives
♦= Dismount the client drives
Winternals Software LP Page 2
NTRecover
3 Establishing Communications Parameters
The first step in using NTRecover is determining which serial ports on the
host and client machines are to be connected via the null-modem serial
cable. This involves picking a free serial port connection on each computer,
and ascertaining whether it is serial port 1, 2, 3, or 4. Refer to your
computer’s hardware reference manual for help in this determination.
Once the serial ports have been chosen and connected, you must decide on
the serial communications speed that NTRecover will use over the cable.
Most recent computers and serial cables can sustain rates of 115200 baud,
which is the maximum supported rate for NTRecover. If the rate you choose
is too high, the NTRecover client will indicate a high number of retry
operations, or not register any communications activity from the host. In these
cases dismount the drives and reconnect at a lower rate.
After the communications parameters have been established and the two
computers in question have been connected with the cable, you are ready to
run NTRECOVER.EXE, the host front-end. Its connection window must be
filled in with the chosen communications settings, and, if desired, a drive
letter preference which NTRecover will tr y to use as t he first drive letter in its
mapping of client drives on the host.
Winternals Software LP Page 3
NTRecover
4 Creating a Client Boot Floppy
NTRecover client operation requires that you make a client boot disk for t he
client computer. This is accomplished through the NTRecover connection
dialog [figur e 4-1], which is the fir st window presented whenever NTRecover
is executed on the host machine.
Figure 4-1
4.1 Using a MS-DOS Boot Floppy
MS-DOS-based boot disks are required when the client machine’s disks are
not accessible via standard or extended interrupt 13 BIOS service, such as
when the drives are non-IDE compatible SCSI. Such drives require special
MS-DOS-based drivers, which must be added to a MS-DOS boot floppy that
will also contain the NTRecover client program.
For these systems, you must first create a MS-DOS system boot floppy from
stand-alone MS-DOS (any version), Windows 3.1, or Windows 95. (MS-DOS
boot floppies cannot be created fr om W indows NT.) To f ormat a system MSDOS boot floppy, use the command “f ormat /s”. The boot floppy should then
be populated with the required disk drivers. NTRecover can be directed to
copy the client onto the floppy via the “Create Boot Floppy” dialog . [Figure 42].
Winternals Software LP Page 4
NTRecover
To execute the client from this set up, you must boot the client computer from
the MS-DOS disk, ensuring that the drivers are appropriately installed (via
entries in the disk’s CONFIG.SYS or AUTOEXEC.BAT files), and then invoke
the client with the command, “client”.
Note that in some cases the client computer’s BIOS may have floppy-boot
capability disabled, so you may have to configure the client’s BIOS to allow
for booting f r om the floppy drive.
Figure 4-2
4.2 Creating a Native NTRecover Boot Floppy
Native NTRecover boot floppies should be created in cases where no special
DOS drivers are needed to access client drives. Choosing the selection that
directs NTRecover to create a native boot floppy has it copy boot code and
the client software onto a floppy disk. The floppy must be pre-formatted, but
any data on it will be lost . When a client machine is booted off of a native
NTRecover floppy, the client is automatically executed.
Winternals Software LP Page 5
NTRecover
5 Establishing a Communications Link
A communications link can be established between the host and the client
after the following:
♦= Serial ports through which the connection will be made on the host
and client have been selected and identified
♦= A communications baud rate has been chosen
♦= The host and client have been connected with a null-modem serial
cable
♦= The communications parameters have been entered into t he
connection dialog on the host, and the client software on the client
machine
A connection is initiated via the mount button on the host connection dialog.
The host will notif y you when a link has been made and both the host and the
client will begin displaying communications statistics.
Drive letters that have been mapped on the host for the client drives are
identified in the statistics window on the host, and selecting one will display
communications statistics for the particular drive.
After a successful connection, you will be able to access the mapped client
drives as you would local or network drives on the host, through the Explorer,
from the com mand line prom pt, and f r om ot her applications. Furt her, you can
run low-level disk utilities, namely CHKDSK, on the drives.
Winternals Software LP Page 6
NTRecover
6 Using NT Recover: Host
6.1 The Connection Dialog
The connection dialog [Figure 6-1] is the first window presented when the
host software, NTRecover, is executed. This dialog is used to create the
client boot disk, specify host communications parameters, and establish a
connection.
Figure 6-1
6.1.1 Drive Letter
This is an optional entry that is used to indicate which drive letter NTRecover
should begin with when it assigns drive letters to client drives it maps onto the
host. Drive letters are selected by starting with the one specified and
scanning for available letters. I f ther e are not enough unused let ter s following
the starting letter t o map all client drives, unmapped client drives will not be
accessible from the host.
6.1.2 Comm Port
The logical serial communications port NTRecover will use for
communications on the host is selected with this pull-down menu. It is
extremely important to note that the port chosen represents a Windows
NT/2000 logical port, rather than a physical port. Logical ports are mapped
onto physical ports using the serial port Setup applet in the control panel.
Winternals Software LP Page 7
NTRecover
Refer to your computer’s hardware manual f or the correspondence between
I/O port numbers that are used by the applet, and serial connections on the
back of the computer.
6.1.3 Baud Rate
Specify the communications rate that is t o be used between the host and the
client. Most computers can support the maximum serial r ate of 115200 baud,
but this is dependent on variables such as the quality of the serial cable, the
speed of the host computer, and t he type of serial controllers present on the
two computers.
If the client software displays a high number of retry operations (several
dozen over a few seconds), or if no communications is established when a
connection is attempted, you will need to lower the baud rate the next time
you connect.
6.1.4 Read-Only
This check box is present in the write-capable version of NTRecover.
Checking it results in a read-only mount of client dr ives, which is useful if you
want to ensure that the client drives are not changed in any way during an
NTRecover session.
6.1.5 Mount
After communications paramet ers have been entered, use the mount button
to make a connection between the host and the client. It is recommended that
you start the client before you direct NTRecover to attempt a mount, but it is
not necessary. If an error is repor t ed, see the troubleshooting section.
6.2 The Statistics Dialog
Once a connection has been established, NTRecover will present a statistics
window [Figure 6-2] that allows you to monitor NTRecover communications
activity with cumulative statistics on all mapped client drives, or on a
Winternals Software LP Page 8
NTRecover
particular client drive. Use the drives pull-down list to choose which drive to
watch, with ‘*’ representing all the drives. The menu can also be used to see
which of the host drive letters map client drives.
Figure 6-2
The statistics presented include the tot al number of reads and writes, as well
as the number of bytes read or written. For your reference, the serial port and
baud rate of the connection are also displayed. Additional NTRecover boot
floppies can be created from t his dialog as well.
6.2.1 Activity Light
The light above the buttons funct ions like a standard hard disk activity light,
becoming lit when the client drive is being accessed. If the client drives are
mounted for read/write access, the drive light will be green during disk
accesses. If the drives are mounted for read-only access, the light will be
yellow. The activity light is present so that you can monitor client disk traffic.
Exiting the statistics dialog causes it to become inactive, but it can be recalled
at any time by clicking on the NTRecover icon in the task bar. If you are using
NT 3.5, click on the icon title to r eactivate the window.
Winternals Software LP Page 9
NTRecover
6.2.2 Unmount
The only button unique to the Statistics Dialog window is the UNMOUNT
button. W hen you have finished accessing a client drive, use the UNMOUNT
button to disconnect from it . After the client connection has been terminated
and the mapped client drives have been unmapped, control returns to the
main connection dialog.
Winternals Software LP Page 10
NTRecover
7 Using NT Recover: Client
7.1 Starting the Client
Before the host is directed to mount client drives, it is recommended
(although not necessary) that the client software be started on the client
machine. This means booting off of the boot floppy, and executing the client
program, CLIENT.COM, if the floppy is a DOS boot floppy. The client must be
told the selected communications parameters. Note that t he baud rate on the
host and client must be identical. The serial port will be specific to each
computer, of course.
If desired, t he client software can be started af ter the host tries to connect,
but it must be active before the host time-out period for the connection
attempt to succeed. If the connection fails due to a time-out, simply retry the
connect command from the host.
Winternals Software LP Page 11
NTRecover
7.2 The Connection Screen
The client connection dialog [Figure 7-1] is similar to the host connection
dialog in its functionality. Use the arrow keys to move the selection cursor
from entry to entry. Left and right arrow keys move it horizontally from
selection to selection.
Figure 7-1
7.2.1 Comm Port
The physical serial communications port NTRecover will use for
communications on the client is selected with this menu. Refer to your
computer’s hardware reference for the correspondence between port
numbers and connections on the back of the com put er .
Winternals Software LP Page 12
NTRecover
7.2.2 Baud Rate
Specify the communications rate that is t o be used between the host and the
client. Most computers can support the maximum serial r ate of 115200 baud,
but this is dependent on variables such as the quality of the serial cable, the
speed of the host computer, and t he type of serial controllers present on the
two computers.
If the client software displays a high number of retry operations (several
dozen over a few seconds), or if no communications is established when a
connection is attempted, you will need to lower the baud rate the next time
you run NTRecover. In the current version of NTRecover, you must reboot
the host to try another rate if a connection has already been made.
7.2.3 Disk
Choose the physical hard drive t hat you want to access from the host. Only
one disk, which can contain multiple logical drives, can be accessed at one
time.
Once you have entered your selections for the above settings, press enter to
have the client wait for a connection attempt from the host.
Winternals Software LP Page 13
NTRecover
7.3 The Statistics Screen
After a connection is made, the client displays a statistics screen [ Figure 7-2]
which shows the number of reads and writes, as well as bytes read and
written, from and to the client drives. At any time, press escape to have the
client exit, or return to the connection screen if it was started from a native
NTRecover boot floppy.
Figure 7-2
After you have finished accessing a client disk from the host, you must
dismount it. When a dismount operation is complete, you can enter the
escape key to have the client return to the connection screen, where you can
select different communications parameters or a diff erent client disk.
Winternals Software LP Page 14
NTRecover
7.4 Connecting to Another Client
The usage model assumed by NTRecover is that you may wish to connect
with more than one client during a host session (i.e. a session lasts unt il the
next reboot of the host). To connect to a new client, dismount the current
client from the statistics window. Wait until the main connection dialog
reappears, and then disconnect the serial cable from the current client and
connect it to the next client. Run the client software on the new client as you
did for the first client . On the host computer, direct NTRecover to mount the
client drives once the cable is in place and the client soft ware is waiting for a
connection.
In this way, you may service multiple clients from the same NTRecover
session. When you are done, dism ount the last client and exit NTRecover.
Winternals Software LP Page 15
8 Troubleshooting
8.1 Frequently Asked Questions
Here are some common questions about NTRecover:
NTRecover
Why can't I get NTRecover to connect to the client?
This is most often caused by an incorr ectly configured serial port on the
host or client machine.
On the host machine:
♦= Verify the comm port is enabled. You may need to delet e and
re-add the port if it is not configured correctly.
♦= Verify the comm port is operational by establishing a
connection to another machine using HyperTerm inal or other
program.
On the client machine:
♦= Ensure plug-and-play is disabled for the comm por t.
The client program blanks the screen when run, and I can't make a
connection. What is the problem?
This is caused by an incompatibility with some SCSI drives. Download
our update to the Client program, available at:
http://www.winternals.com/support/updates.shtml
Why do the statistics shown by the client and host dif fer?
The statistics may not match exactly because the client counts all
accesses to it, whereas the host only counts reads and writes t hat occur
after drives have been mounted. In addition, the client counts retry
attempts, whereas the host does not.
Why do I see disk writes when I’m not writing anything to the client drives?
Because the host file systems are updating access times on the client
files and directories that are accessed.
Winternals Software LP Page 16
.
NTRecover
How can I make directory browsing fast er ?
Accessing client drives from Explorer in NT 4. 0 can be slow because it
reads file contents to obt ain icon data. T his can be avoided by accessing
the drives from the file manager browser (Winfile) or an MS-DOS
command prompt window.
I make changes to files on the client machine, but aft er I reboot it the files are
the same as before. Why is this happening?
If you installed the trial version of NTRecover on the host before
installing the retail version, you must reboot the host before the retail
version will work correctly.
Why does it take so long to unmount?
Unfortunately, NTRecover has to obtain a handle to each mapped drive
before it can disconnect cleanly. This causes the host file system drivers
to access the root directories of the mapped client drives, which can lead
to delays.
How do I edit the registry on a machine I ' m connected to?
This should be considered an expert-user procedure, to be
performed by experienced users only.
You can edit registry values on the remote machine by following the
following steps:
1. Ensure that your host and client machines are running the
same version of Windows NT, including identical Service
Packs.
2. Start REGEDT32 on the host.
3. Highlight the HKEY_LOCAL_MACHINE key.
4. Select the Registry|Load Hive... menu item.
5. Navigate to the registry hive you wish to edit on the remote
machine. It will be located in the \WINNT\SYSTEM32\CONFIG
directory as one of the following f iles:
♦= SAM - sam hive
♦= SOFTWARE - software hive
Winternals Software LP Page 17
♦= SECURITY - security hive
♦= SOFTWARE - software hive
♦= SYSTEM - system hive
6. Open the hive and name it something obvious (e.g .
"clientSoftware").
7. You can now edit the contents of the registr y k eys within the
new hive directory normally, as they are now part of the host
machine's registry.
8. When f inished, select the hive again, and use the
Registry|Unload Hive menu item to write the hive back to the
client machine.
8.2 Checklist for Common Problems
NTRecover
If you have trouble making a connection between a host and a client, check
the following list for comm on problems. I f you still cannot make a connection,
please contact our Technical Support for additional assistance.
♦= Is the serial cable a null-modem cable and is it properly connected t o
both machines?
♦= Have you correctly identified and entered the serial ports on t he host
and the client?
♦= Do the baud rates you entered on the host and the client mat ch?
♦= Have you tried lowering the baud rate and trying again?
♦= Have you verified that you can make a connection with the terminal or
hyperterminal applet between the host and another computer, using
the same communications parameters set for NTRecover?
♦= Have you verified that the host communications port you selected is
an actual NT logical port by opening the Port s applet in the NT control
panel?
♦= Did you check the event log to see if the Ser ial device driver
encountered any errors during its initialization that may have
prevented the logical ports from being created?
Winternals Software LP Page 18
9 Technical Support
♦= If you encounter a problem while using NTRecover that requires
technical support, please e-mail us at:
support@winternals.com
♦= You can also view our Frequently Asked Questions and download
free updates from our web site at:
http://www.winternals.com
♦= For urgent matters, please call the following number and request
Technical Support:
512-330-9861
NTRecover
Winternals Software LP Page 19
Loading...