Recovering remote NT/W2K/XP desktops with a network boot CD/DVD - Port 25: The Open Source Community at Microsoft

Port 25 - Communications from the open source community at Microsoft
< Back to Blogs
Recovering remote NT/W2K/XP desktops with a network boot CD/DVD by admin on April 27, 2006 07:46PM

Question:
re: Welcome to Kishi's Korner
Monday, April 17, 2006 8:04 AM by Les Kobiernicki

When can we expect to see M$ produce a composite Win/Linux real boot recovery CD/DVD like Bart PE & Ultimate Boot CD for Win ?  I have many legacy systems to keep up & running til we get the scheduled Tech Refresh that gets put back further & further.  A network boot CD/DVD with multicasting server ability to recover remote NT/W2K/XP desktops would be most helpful.  The answer is not necessarily always new technology, but more precisely targetted troubleshooting tools for what we already have deployed out there ..

Answer:
If you are looking for a good Open Source solution for Imaging and recovery one way to do this is by using:  g4u (Ghost for UNIX) http://www.feyrer.de/g4u/ . Based on NetBSD, G4u is a bootable floppy/CD for cloning and imaging hard disks and partitions.

If you have a mixed environment, which most of us do, you might wonder what file or operating systems it can handle.  The answer is all of them. G4u reads the disks bit by bit starting with byte #0. This includes any MBR, boot record, partition table and the partitions themselves.  G4u can as easily clone a Windows XP disk as a Linux or Solaris/X86 disk. By moving the hard disks to a PC, g4u can even deploy or image operating systems for non-PC based SCSI machines such as HP-UX, Solaris, Irix, and AIX. You can image a drive or partition locally, IE disk to disk, or have the image uploaded to an ftp server. The cloned images can be compressed to save space, however the compression isn’t nearly as good as some of the commercial alternatives so make sure your ftp server has plenty of space!  If space is a concern, be sure to check out the FAQ on G4u’s website. http://www.feyrer.de/g4u/#hints

Here is a quick example.  I recently imaged my Fedora Core 5 laptop to a local ftp server here in my office.  

Once I booted my laptop up with the g4u CD, I was at the main menu and the command prompt.

 g4u>

The laptop only has one hard disk. I used the ‘disks’ command to see it.

g4u> disks

wd0: at atabus0 drive 0: <FUJITSU MHT2060AT PL>

wd0: drive supports 16-sector PIO transfers, LBA addressing

wd0: 57231 MB, 116280 cyl, 16 head, 63 sec, 512 bytes/sect x 117210240 sectors

I wanted to image the IDE disk (wd0) to my ftp server (192.168.1.1) using the ftp account ‘images’. I typed the following command.  

 g4u> uploaddisk images@192.168.1.1 fc5laptop.gz wd0

I entered in my password when prompted.

This took a while on a 100MB connection, a couple hours or so.  I think I went and got coffee while it was running. Ok, so now on my ftp server I have the file fc5laptop.gz.

 $ ls –l
-rw------- 1 images images 20259936597 Apr 18 12:18 fc5laptop.gz

To recover the image I booted again with the g4u CD and at the command prompt typed:

 g4u> slurpdisk images@192.168.1.1 fc5laptop.gz wd0

Again I entered my password for the ftp server when prompted and went for coffee (anytime is a good time for coffee J )

After about an hour my laptop was restored. I ejected the g4u cd and rebooted.

G4u doesn’t try to do everything but what it does do, it does very well.

 

Comments RSS
  1. fluke said:

    g4u is a very interesting project.  I have been using Novell's ZEN Image which boots a light (less than 12MB) version of SuSE to do imaging.  And just like g4u, it supports be started via CD boot or PXE network boot.

    However, you did not answer the question about *RECOVERY* of an existing installation at all.

    At the University, we have several students that are getting hit with the "Blackworm."  Several of these Dell laptop users don't even have a Windows install CD, but rather a Ghost boot CD that puts the drive back to OEM default (in some cases also without SP2).  It would be nice to have a "Live CD" based on the XP kernel.  This way, even if the user has hardware not supported by alternative OSes, a recovery enviroment could be booted that is ensured not automatically start any rootkits from the hard drive.  We could then use network access to the "Live CD" enviroment to try to remove the infection or at least remotely back up critical data files.

    But the problem is one of license terms instead of any technical issue.  While several people claim that Windows is simply a victim of it's own popularity and if Mac OS or Linux became the popular desktop then it would also be the target of malware.  To some extent that might be true but the people that make this claim do not seem to take into account what methods of recovery could be made available to the different personal desktop users.

    If a Mac OS port of Blackworm came out, we could create a bootable recovery CD based on Darwin that uses Apple's offical HFS+ file system code and is able to support all the same hardware drivers as the hard drive installed OS.  Once such a recovery CD is created, we could then redistribute it to the students under the licensing terms of Darwin.

    If a GNU/Linux port of Blackworm came out, we could create a bootable recovery CD based on the GNU/Linux distribution that uses the distribution's offical file system code and is able to support all the same hardware drivers as the hard drive installed OS.  Once such a recovery CD is created, we could then redistribute it to the students under the licensing terms of the GNU/Linux distribution.

    But now that XP version of Blackworm is out, we have tried creating a bootable BartPE CD that uses the offical MS kernel, NTFS driver and other XP drivers.  But, then the terms of redistribution on any work derived using the XP kernel and other resources prohibits us from redistributing it to the students.

    We don't want to cheat Microsoft but we don't want to cheat our students either.  Ultimately, copyright law wins out and our ability to help the students is greatly hindered.  Our Microsoft sales rep will only confirm that we don't have any reasonable method of redistributing BartPE CDs regardless of what our intentions are.

    Much like you, Dell and Microsoft's answer involves re-imaging the laptop which does not address keeping any of the data they need to pass their classes.


    "and went for coffee (anytime is a good time for coffee J )"

    Well... if you can recommend any good coffee, it might at least make our students feel better about loosing to the Blackworm their end of semester papers that are due today.

    If only malware authors where restricted by the same laws that hinder us from fighting their creations.

    posted at 12:58PM 04/28/2006
  2. remdotc said:

    While I am not going to go into the DCMA, which is a good example of congress representing big buiness over the people, I will stick the to matter at hand, recovering anything via remote

    The problem with G4u is that it relies upon the fact you have the same disk geometery, ie SIZE. It does not work with any raided system, and each drive or file system has to be backed up manually. While that presents more of a problem on  POSIX based systems, the opererable word is recovery, not replacement.

    While any administrator worth a grain of salt backs everything up, most home users, small buinesses and students  rarely do so. So a complete reimaging of a drive is not what  they want, as they want the files intact, as the case pointed out by the above poster

    For remote recovery, not reimaging, I suggest the following
    1. Create a linux boot disk image with networking support, and custom compile the kernel with ntfs support and any one of the following dependent upon your network
    samaba (nt networks)
    ssh (any ssh enabled ftp server)
    ftp (any ftp server)
    or NIS

    Next login to the machine and copy the contents of the user data to a file server.  Since most viruses whilst they do crash the system to the point of non boot, most do not delete user data, and the ones that do, usually do not overwrite the deleted data , so most files are recoverable. While there are many comerical, freeware and opensource products for this, usually when a Windows machine goes down, its do to one of the following
    1. MBR set wrong
    2. Virtual driver deleted or registery value changed to point to an invalid location
    3. Corrupt or missing system files

    Just copy the users data to a file server.
    after this is complete you can either reimage the machine or  spend your time attempting to recover the machine by downloading various os dependent files.

    posted at 02:36PM 04/28/2006
  3. eitan said:

    I was having trouble a while back using g4l because of a certain lack of drivers, don't remember which. Anyway, I picked up g4l (Ghost For Linux) and it seemed to do the job. Linux seems to be ahead of NetBSD when it comes to hardware support. Something interesting I noticed is that those two Open Source projects had certain copyright disputes:
    http://software.newsforge.com/print.pl?sid=05/08/18/1557202

    posted at 04:56PM 04/28/2006
  4. Wesley Parish said:

    I had a similar problem recently with a disk becoming almost inoperable because of drive electronics problems.  Following the proverbial night in the freezer, I was able to recover most of my data - an almost full 160 GB partition - by booting with a Knoppix disc and using 'cp -r /dev/unhealthy-hard-disk/partition /dev/healthy-hard-disk/partition' .

    Point is, I seriously doubt Microsoft has the cojones to risk a minor loss of earnings due to a policy - permitting free copying for techies maintaining Microsoft (operating and office) systems - and a major loss of face - being proved wrong in a matter in which they have spent a major part of 25 years arguing that unrestricted or semi-restricted copying is wrong.

    It's far better to forget Microsoft when matters this serious come up -
    "The cabins that they give us,
    "They say are mighty fine,
    "Built to keep the rain out,
    "But only when it's fine!"

    "But I still wanna stay a camper here,
    "Please Mum, I wanna stay(x3) here!"

    posted at 07:50AM 04/29/2006
  5. ringerc said:

    A Windows Live CD for recovery (and kiosks) would be amazing. I woudn't want to be in charge of coming up with an appropriate licensing scheme for it though.

    That's not really an available (legal) option right now. Your best bet is probably a CD like systemrescueCD (http://sysresccd.org/) that includes the reverse-engineered read-only NTFS driver for Linux, as well as disk imaging tools. This at least offers some facility for data recovery prior to re-imaging a machine, because we all know how good users REALLY are at keeping backups.

    I use sysresccd and a Sysprep'd OS image with the drivers for all the common hardware at work to handle most failures. Usually it's not necessary to pull anything off the local disk because we use network home directories with the domain, but sometimes users manage to find ways to stash files on the machine despite all instructions. [Insert foaming rant about apps that must run as Admin]. Once I've mounted the disk and their network home dir I just copy any files across, unmount, reimage the machine and reboot.

    posted at 03:05PM 04/30/2006
  6. Port 25 said:

    We're interested in hearing about your biggest - and smallest - IT challenges. Send them in - your toughest pains, trivial pet peeves - and we'll try &amp; answer them....

    posted at 03:49PM 10/12/2006
Post a Comment
*
*  

Server Center

Search
About admin

admin More...

Read admin's Posts Subscribe toadmin's Posts
Recent Posts by admin
 
Archive