Taking a closer look at the Windows NT emergency repair disk

Thursday Jun 8th 2000 by Brien M. Posey

You probably have an emergency repair disk--but have you updated it recently? And do you know what's on it, in case a real emergency strikes?

During Windows NT Setup, the Setup program gives you the option to create an emergency repair disk (ERD). Many administrators create this disk and then throw it into a drawer, never to be seen again. However, creating and routinely updating the ERD can save you lots of time and heartache during a disaster recovery situation. Although the ERD is no substitute for a full backup, it's often much quicker and easier to repair a damaged server with the ERD than to reload Windows NT and restore a backup from tape. In this article, I'll take a closer look at the contents of this disk and the disk's capabilities.

What's on the ERD?

"Creating and routinely updating the ERD can save you lots of time and heartache during a disaster recovery situation. "

The ERD contain several files. Many of these files are compressed Registry trees. Because these trees are stored individually on the ERD, it's possible to repair a particular aspect of the Registry rather than restore the entire Registry. This is a good feature for a couple of reasons. First, as everyone knows, a floppy disk has a limited capacity. Storing only critical sections of the Registry conserves space (although these sections still may not always fit on the disk). Second, it lets you focus on a specific problem. For example, let's suppose that your server crashes because of an invalid hardware setting.

Now, suppose that your ERD is really old, but your system's hardware hasn't changed since the disk was created. You can restore only the hardware-specific portion of the disk without overwriting things like user accounts with ancient security information. On the other hand, if the security information on your system is damaged, an ancient ERD will be worthless. You'll have to resort to restoring the entire Registry from backup. Needless to say, you should frequently update your ERD via the RDISK command.

Now that we've taken a look at how the ERD works, let's examine the actual contents of the disk. Here's a list of each file on the disk, followed by a brief description of the file's purpose:

  • AUTOEXEC.NT--A copy of the \WINNT\SYSTEM32\AUTOEXEC.NT file, which is used to initialize the DOS environment.

  • CONFIG.NT--A copy of the \WINNT\SYSTEM32\CONFIG.NT file, which is used to initialize the DOS environment.

  • DEFAULT_--A compressed copy of the HKEY_USERS|Default Registry key, which is used to store the defaults that apply to all users unless otherwise specified.

  • NTUSER.DA_--A compressed copy of the default user profile. It can be used to rebuild the WINNT\SYSTEM32\PROFILES\DEFAULT USER\NTUSER.DAT file.

  • SAM._--A compressed copy of the Registry keys related to the security accounts manager. These keys are found under the Registry key HKEY_LOCAL_MACHINE|SAM.

  • SECURITY._--A compressed copy of the HKEY_LOCAL_MACHINE|Security Registry key, which relates to the various security permissions.

  • SETUP.LOG--A hidden, read-only file. You'll have to reset its attributes to look for it. It contains a list of all installed system files and their CRC information. This information is used in searching for damaged system files.

  • SOFTWARE._--A compressed copy of the HKEY_LOCAL_MACHINE\Software Registry key, which relates to all of the software that's installed on the machine.

  • SYSTEM._--A compressed copy of the HKEY_LOCAL_MACHINE|System Registry hive. This portion of the Registry contains information on such system configuration items as the services that are installed.

  • Share:
    Mobile Site | Full Site
    Copyright 2017 © QuinStreet Inc. All Rights Reserved