Windows 2003 Server - Worst-Case Scenarios - Useful Tip

Do you know what a System Administrator fears the most when it comes to Windows Server 2003? The infamous Blue Screen of Death (BSoD). An appropriate name. But, there is something worse. You ask, 'what could be worse than the infamous BSoD?

A system corruption.

Yes, a system corruption is vastly worse than the BSoD - unless you've actually taken the time and effort to provide yourself with some useful disaster recovery tools in a worse-case scenario.

The worst part of a system corruption is actually when a file in the Windows System 32 folder has been destroyed.

The System32 folder is the guts of the Windows OS. Without it... well, it won't work.

Let me give you an example.

----------Start Example------------

The other day, I got this message when I had to do a cold restart on a computer:

Windows could not start becuase the following file is missing or corrupt:
[windows_root]\system32\ntoskrnl.exe.  Please reinstall a copy of the above file.

Okay, something missing? Well, that's a job for Windows Recovery Console (WRC)! Okay, just pop in your CD, press the key to boot to it... and press 'r' when prompted... okay, now what I have to do is type a specific code, to copy the file from the CD over to the System32 folder. Since the file stored on the server is in the i386 folder, it is non-executable (extension is *.ex_ - if you don't understand this, don't worry about it, it's not important). Therefore the 'copy' command is useless.

You need to use 'expand'.

expand [CD]\i386\ntoskrnl.ex_ [System]\windows\system32
In my case:
expand d:\i386\ntoskrnl.ex_ c:\windows\system32
Then press enter.
Access is Denied
WHAT? (I shouted to the heavens) That cannot be true, for I am Admin, god of the server! How is it possible? So, I pressed the 'up' arrow on the keyboard, tried to enter the command again.
Access is Denied
Then I typed 'set'. This is what I saw:
AllowWildCards = FALSE
AllowAllPaths = FALSE
AllowRemovableMedia = FALSE
NoCopyPrompt = FALSE
On different versions of Windows, this command does different things. On Windows Server 2003, it lists a bunch of settings that is created in the group policy editor in the Windows environment. What that means is that unless you have access to the system, you cannot change these settings. Which means, if you system is corrupt, as it was for me, you cannot do anything about it. As you can see, 'AllowAllPaths = FALSE'. that means that the path to Windows/System32 is not allowed, which means, even as Administrator, I cannot have access to this folder. So, I cannot fix the problem with the simple 'expand' key, which would have fixed it by the time you stopped reading this paragraph.

----------End Example------------

But noooooooooooooo. Windows wants to make it difficult.

What I had to do was restore from a backup, but if I had done proper preparations, then this would have been solved in about 2 minutes! So, to prevent you from suffering my gruesome fate, follow these easy steps.

In order to prevent this absurdity, you must set these properties to be true while your Windows 2003 is running. This setting should be ENABLED by default, not the other way around. Why would they disable such a vital and important command! It's ridiculous! I understand that it's about security, but a malicious user would need to be physically on your machine, and then there are numerous other ways to bypass a system than using the WRC! Stupid, stupid, stupid.

So, this is what you have to do.
  1. Go to: Start > Run > Type 'gpedit.msc'
  2. In the left-pane, expand 'Local Computer Policy'
    • click on the small + button to expand the menus
  3. Expand 'Computer Configuration'
  4. Expand 'Windows Settings'
  5. Expand 'Security Settings'
  6. Expand 'Local Policies'
  7. Select 'Security Options' on the left
  8. On the right, double click the entry 'Recovery Console'
  9. Select 'Allow Floppy Copy And Access To All Drives And All Folders'
  10. Click OK
If you have done this correctly, open a command line (Start > Run > Type 'cmd') and type 'set'.

You should see:
AllowWildCards = TRUE
AllowAllPaths = TRUE
AllowRemovableMedia = TRUE
NoCopyPrompt = TRUE
If you do not see this, then there is high probability you will need to restart your machine (as sometimes group policies are updated upon a restart).

Trust me. This is useful. If you're worried about someone using the recovering console to take over your system, then do yourself a favor and put the server in a vault or a secure room, because this isn't going to do anything to stop someone who knows what they're doing.


Popular Posts