-
-
You would also need some type of registry editing utility!!!!!!!!!!!! That is major if you are going to attempt to repair windows, from viruses, spyware, and other annoying problems.
-
there is a windows registry editor that is native to linux but it is so cryptic that i don't even bother...
the question then becomes if you can rescue the client data from the machine with in a few minutes...why not just reimage the hard drive with ghost and restore the client data...?
in most cases it is a faster solution than going through the registry and deleting spyware and worrying about virus'...
thats why its called a rescue instead of a repair
but you just gave me another good idea! i'll leave the knoppix install to hd script intact JUST in case we get some believers
-
Senior Member
registered user
Very well thought out.
I can see this woule be very useful. Plus the auto creation of the cd and iso I think is just plain cool.
Are you the same one who said that you were already doing something like this?
-
Originally Posted by
bizarro
there is a windows registry editor that is native to linux but it is so cryptic that i don't even bother...
the question then becomes if you can rescue the client data from the machine with in a few minutes...why not just reimage the hard drive with ghost and restore the client data...?
in most cases it is a faster solution than going through the registry and deleting spyware and worrying about virus'...
thats why its called a rescue instead of a repair
but you just gave me another good idea! i'll leave the knoppix install to hd script intact JUST in case we get some believers
If you are imaging data thats infected with viruses using ghost and you restore the image, your not getting rid of the problem. For instance if you fixing the famous windows logon problem, in which the userinit is missing or pointing to some random location, Its much easier to go into the registry and fix the proper key that to do a format and restore. I fix registry issues with bartPE all of the time, I was just wondering if the same could be done with linux. Also, you say that why its called a rescue instead of repair, same thing to me, as fixing an os is just as good as restoring one if you know what you are doing, but it your post, so let me sotp hijacking it.
-
Junior Member
registered user
bizarro,
This sounds like a cool project. Instead of just limiting it to your company have you considered shaing it with all of us?
As far as security and password resetting you sounded worried about I am sure most here have seen
The Offline NT Password and Registry Editor
http://home.eunet.no/~pnordahl/ntpasswd/
It does sound like you have enough Linux knowledge that you could even take things to the next step and offer disk backup, cloaning/imaging.
Knoppix comes with Mondo Rescue http://mondorescue.org/ . However that won't run on a RAM drive i.e. Knoppix Live CD. The author even says he has two lines of C code that could be changed by "anybody" to make it work on a RAM drive etc. Unfortunatly the Author does not want to create an open source project that supports closed suource work.
If you or someone could add backup/cloaning/imaging support it would truly make a strong rescue disk.
Here are a few references to the Mondo/Windows issue:
http://forum.mondorescue.org/viewtop...indows+knoppix
http://forum.mondorescue.org/viewtop...indows+knoppix
http://forum.mondorescue.org/viewtop...noppix+2+lines
-
Are you the same one who said that you were already doing something like this?
Dunno which thread you are referring to...but I do currently have a debian based rescue cd that is distributed through my company...
If you are imaging data thats infected with viruses using ghost and you restore the image, your not getting rid of the problem.
The rescue cd backs up data via zip or just plain copy...there is no imaging...the servers we connect to on our network are all antivirus managed so whatever files we copy up to or zip up to the server is cleaned or blocked
The company standardizes on Ghost so no imaging on the rescue cd although I have played with partimage before and even recommended it to the company...
This sounds like a cool project. Instead of just limiting it to your company have you considered shaing it with all of us?
I am...as soon as I have a working aioscript I will post it here for everyone to use and work and fix and clean up and add to...etc etc etc
As far as security and password resetting you sounded worried about I am sure most here have seen
The Offline NT Password and Registry Editor
shhhhh!!!!! don't tell anyone!!! actually like I said before...the tech in my company are mostly Windows savy and have no clue on Linux...in the documentation that I have for the cd I give credit to the actual developers and reference their links...
Thing is there is no one in my company that can take all of the tools and put them together in a working fashion as I have done...
If you or someone could add backup/cloaning/imaging support it would truly make a strong rescue disk.
I'm assuming when you speak of imaging you speak of ghost or partimage or something like that...if so...I haven't figured out how to run Ghost within the linux session...if anyone here has figured it out using dosemu please let me know
Partimage does work but its not part of my tools since my company doesn't standardize on that.
-
Senior Member
registered user
dd should make great "image" backup of partitions or whole drives.
if you flag it with dd conv=ignerror. and/or conv=noerrors and bs=X where X is 512, 1024, 2048...
or perhaps dd-rescue (never used by me)
-
Okay guys...here is what i've been working on so far...
Here is what I have so far to give to the forum...
Run the following command to see if you have some of the tools needed.
That test is complete though...once you look inside the script you'll see the files it checks.
So far its the console section I've been working on...once the console section is complete I will work on the X version which will be inside the same script...
Just cut and paste the file into /usr/bin/aioscript and chmod +x to make it executable and remaster...
Some things are still buggy I'm sure...just let me know or post corrections...thanx!
Code:
#!/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/etc/xdscripts
IP=`ifconfig | grep inet | grep -v 127\.0\.0\.1 | cut -f2 -d':' | cut -f1 -d' '`
if [ ! -d /mount ]; then
mkdir /mount
fi
case "$1" in
## Main Menu Section
menu)
MAP=`mount | grep smbfs | cut -f1 -d' '`
FUNCTION=`dialog --stdout --no-cancel \
--title "Rescue CD Console" \
--menu "IP: $IP - Mapped to: $MAP" 0 60 0 \
1 "Map to Network Share" \
2 "Backup local drive to ... $MAP" \
3 "Run NTFS Check Disk" \
4 "NTFS Undelete" \
5 "Reset Admin Password" \
6 "Set Static IP" \
7 "Exit"`
if [ $FUNCTION = 1 ]; then
aioscript map
aioscript menu
elif [ $FUNCTION = 2 ]; then
aioscript backup
aioscript menu
elif [ $FUNCTION = 3 ]; then
aioscript checkdisk
aioscript menu
elif [ $FUNCTION = 4 ]; then
aioscript ntfsundelete
aioscript menu
elif [ $FUNCTION = 5 ]; then
aioscript ntpasswd
aioscript menu
elif [ $FUNCTION = 6 ]; then
aioscript staticip
aioscript menu
elif [ $FUNCTION = 7 ]; then
echo "Returning to login..."
fi
exit 1
;;
## Map to network share section
map)
if mount | grep smbfs > /dev/null; then
SMBMOUNTS=`mount | grep smbfs | cut -f1 -d' '`
for i in $SMBMOUNTS; do
umount $i
done
fi
USERNAME=`dialog --no-cancel --stdout --title "Map to Network Share" \
--inputbox "Enter your Domain Username" 0 0`
DOMAIN=`dialog --no-cancel --stdout --title "Map to Network Share" \
--inputbox "Enter your Domain" 0 0 ""`
SERVER=`dialog --no-cancel --stdout --title "Map to Network Share" \
--inputbox "Enter just the server name" 0 0`
SHARE=`dialog --no-cancel --stdout --title "Map to Network Share" \
--inputbox "Enter the share name" 0 0`
if ! nmblookup $SERVER > /dev/null; then
dialog --infobox "Cannot lookup server, starting over" 0 0
sleep 2
aioscript map
fi
if dialog --yesno "Username: $USERNAME \n Domain: $DOMAIN \n Server: $SERVER \n Share: $SHARE" 0 0; then
if [ ! -d /mount/$SERVER.$SHARE ]; then
mkdir -p /mount/$SERVER-$SHARE
fi
if ! mount -t smbfs -o username=$DOMAIN\\$USERNAME //$SERVER/$SHARE /mount/$SERVER-$SHARE; then
dialog --infobox "Cannot map to share, starting over" 0 0
sleep 2
aioscript map
fi
else
dialog --infobox "Lets try again..." 0 0
sleep 2
aioscript map
fi
exit 1
;;
## Backup hard drive section
backup)
if dialog --yesno "Due to having no GUI this script will copy the ENTIRE hard drive.
\nThis may take a long time, please be patient. \nContinue?" 0 0; then
if ! mount | grep smbfs; then
dialog --infobox "You must be mapped to a network share to use this tool..." 0 0
sleep 1
aioscript map
else
MAPDIR=`mount | grep smbfs | cut -f3 -d' '`
DIRNAME=`dialog --stdout --no-cancel --inputbox "Enter a unique directory name for the backup..." 0 0`-`date +%d%m%y`
MOUNTS=`fdisk -l | grep -i "ntfs\|fat" | cut -f3 -d'/' | cut -f1 -d' '`
for i in $MOUNTS; do
if [ ! -d /mount/$i ]; then
mkdir /mount/$i ; mount /dev/$i /mount/$i
fi
done
if [ -e /mount/$SERVER-$SHARE/$DIRNAME ]; then
if dialog --yesno "SAME DIRECTORY NAME EXISTS, CONTINUE?" 0 0; then
for i in $MOUNTS; do
dialog --infobox "Copy in progress..." 0 0
cp -auv /mount/$i/* /$MAPDIR/$DIRNAME/. >> /dev/null
dialog --msgbox "HardDrive backup completed.\nPress OK to return to Main Menu" 0 0
done
else
dialog --infobox "Lets try this again..." 0 0
sleep 2
aioscript backup
fi
else
mkdir $MAPDIR/$DIRNAME
for i in $MOUNTS; do
dialog --infobox "Copy in progress..." 0 0
cp -auv /mount/$i/* $MAPDIR/$DIRNAME/. >> /dev/null
dialog --msgbox "HardDrive backup completed.\nPress OK to return to Main Menu" 0 0
done
fi
fi
fi
exit 1
;;
## Run ntfsfix section
checkdisk)
if dialog --yesno "This option will unmount all partition(s), run a checkdisk then automatically reboot.\n\nContinue?" 0 0; then
PARTS=`fdisk -l /dev/hd[a-z] /dev/sd[a-z] | grep "NTFS" | cut -f1 -d' '`
umount -t ntfs /dev/hd[a-z][1-9] /dev/sd[a-z][1-9]>/dev/null 2>/dev/null
for i in $PARTS; do
clear
ntfsfix $i
clear
done
dialog --infobox "Rebooting now..." 0 0 & sleep 2
echo reboot
fi
exit 1
;;
## Run ntfsundelete section
ntfsundelete)
if ! mount | grep smbfs; then
dialog --infobox "You must be mapped to a network share to use this tool..." 0 0
sleep 1
aioscript map
fi
if dialog --yesno "This will undelete all files from a chosen partition that are 90% undeletable and copy them to a network share. \n\nContinue?" 0 0; then
PART=`fdisk -l /dev/hd[a-z] /dev/sd[a-z] | grep "NTFS" | cut -f1 -d' '`
PART1=`echo $PART | awk --source 'BEGIN { FS=" " }' --source '{ print $1 }'`
PART2=`echo $PART | awk --source 'BEGIN { FS=" " }' --source '{ print $2 }'`
PART3=`echo $PART | awk --source 'BEGIN { FS=" " }' --source '{ print $3}'`
PART4=`echo $PART | awk --source 'BEGIN { FS=" " }' --source '{ print $4}'`
umount -t ntfs /dev/hd[a-z][1-9] /dev/sd[a-z][1-9]>/dev/null 2>/dev/null
UNDELETE=`dialog --stdout --separator " " \
--radiolist "Select a partition and press SpaceBar:" 0 0 0 \
"$PART1" "" "on" \
"$PART2" "" "" \
"$PART3" "" "" \
"$PART4" "" ""`
echo $UNDELETE
fi
exit 1
;;
## Run NT password reset section
ntpasswd)
##Creating expect script!!!
echo '#!/usr/bin/expect -f
#
set timeout -1
spawn chntpw -u 0x1f4 /tmp/.ntpasswd/SAM
match_max 100000
expect -exact "Please enter new password: "
send -- "*\r"
expect -exact "Do you really wish to change it? (y/n) \[n\] "
send -- "y\r"
expect -exact "Write hive files? (y/n) \[n\] : "
send -- "y\r"
expect eof' > /tmp/chntpw.exp
chmod +x /tmp/chntpw.exp
if dialog --yesno "This will reset the administrative password to blank, \
run NTFS Check and automatically reboot.\n\nContinue?" 0 0; then
dialog --infobox "Blanking out admin password" 0 0
if [ -d /tmp/.ntpasswd ]; then
umount /tmp/.ntpasswd > /dev/null 2>/dev/null ; rm -rf /tmp/.ntpasswd
fi
if [ -d /tmp/ntfsdrive ]; then
umount /tmp/ntfsdrive > /dev/null 2>/dev/null ; rm -rf /tmp/ntfsdrive
fi
mkdir /tmp/.ntpasswd
mkdir /tmp/ntfsdrive
mount -t tmpfs tmpfs /tmp/.ntpasswd
mount -t ntfs `fdisk -l /dev/hd[a-z] /dev/sd[a-z] 2>/dev/null | grep NTFS | \
grep "\*" | cut -f1 -d' '` /tmp/ntfsdrive
DEFROOT="winnt windows"
if [ -d /tmp/ntfsdrive/winnt ]; then
DEFDIR="/tmp/ntfsdrive/winnt"
elif [ -d /tmp/ntfsdrive/windows ]; then
DEFDIR="/tmp/ntfsdrive/windows"
fi
cp $DEFDIR/system32/config/SAM /tmp/.ntpasswd
expect /tmp/chntpw.exp >> /dev/null
rm -f /tmp/chntpw.exp
mount -o remount,rw /tmp/ntfsdrive
cp /tmp/.ntpasswd/SAM $DEFDIR/system32/config/.
umount /tmp/ntfsdrive
dialog --infobox "Running NTFS fix on mondified partition" 0 0
ntfsfix `fdisk -l /dev/hd[a-z] /dev/sd[a-z] 2>/dev/null | grep NTFS | \
grep "\*" | cut -f1 -d' '` > /dev/null
dialog --infobox "REBOOTING" 0 0 && sleep 2
echo init 6
fi
exit 1
;;
## Set static IP section
staticip)
if dialog --yesno "This option will setup a static IP \
for sites without DHCP.\nContinue?" 0 0; then
IP=`dialog --stdout --title "example: 321.123.321.123" \
--no-cancel --inputbox "IP Address" 0 0`
IPGW=`echo $IP | cut -f-3 -d'.'`.1
SUBNET=`dialog --stdout --no-cancel --inputbox "Subnet Mask" 0 0 255.255.255.0`
GW=`dialog --stdout --no-cancel --inputbox "Defautl Gateway" 0 0 $IPGW`
DNS=`dialog --stdout --no-cancel --inputbox "DNS" 0 0 ""`
SUFFIX=`dialot --stdout --no-cancel --inputbox "Suffix Search Order \
(separated by spares)" 0 0 \
""`
if dialog --yesno "Is this information correct? \n
IP Address: $IP \n
Subnet Mask: $SUBNET \n
Default Gateway: $GW \n\n
Suffix Search Order:\n$SUFFIX" 0 0; then
ETH=`ifconfig | grep eth| grep -v 0.0.0.0 | cut -f1 -d' '`
ifconfig $ETH $IP
ifconfig $ETH netmask $SUBNET
route add default $ETH
route add default gw $GW
echo search $SUFFIX > /etc/resolv.conf
echo nameserver $DNS >> /etc/resolv.conf
else
aioscript staticip
fi
fi
exit 1
;;
*)
echo "Usage: aioscript {menu|backup|map|checkdisk|ntfsfix|ntpasswd|ntfsundelete|staticip|checkdisk|?}"
exit 1
;;
esac
exit 0
-
Senior Member
registered user
I belive there is an attempt to create linux usable Ghost image program
Last I saw it, it work with unecrpyted, un compressed. That was a while ago so they might have it working now. I don't have a link.
Similar Threads
-
By bizarro in forum Customising & Remastering
Replies: 2
Last Post: 05-22-2005, 06:06 AM
-
By bizarro in forum MS Windows & New to Linux
Replies: 9
Last Post: 11-13-2004, 02:11 AM
-
By spiwokv in forum Customising & Remastering
Replies: 0
Last Post: 05-28-2004, 08:36 AM
-
By HK in forum General Support
Replies: 4
Last Post: 11-14-2003, 05:34 PM
-
Replies: 8
Last Post: 03-28-2003, 08:43 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
A-Tech 8GB DDR3 1600 PC3-12800 Laptop SODIMM 204-Pin Memory RAM PC3L DDR3L 1x 8G
$13.99
Crucial DDR3L 16GB 1600 2x 8GB PC3-12800 Laptop SODIMM Memory RAM PC3 16G DDR3
$21.50
HyperX FURY DDR3 8GB 16GB 32GB 1600 MHz PC3-12800 Desktop RAM Memory DIMM 240pin
$16.50
Crucial DDR3L 16GB 1600 2x 8GB PC3-12800 Laptop SODIMM Memory RAM PC3 16G DDR3
$13.50
Samsung 8GB 2Rx8 DDR3 PC3L-12800S LAPTOP SODIMM RAM MEMORY
$8.00
A-Tech 8GB PC3-12800 Desktop DDR3 1600 MHz Non ECC 240-Pin DIMM Memory RAM 1x 8G
$13.99
32GB ECC DDR3 RAM 2x16GB PC3L-12800R Desktop/Server Memory
$11.99
HyperX FURY RAM DDR4 16GB 8GB 32GB 4GB 3200 2666 2400 2133 Desktop Memory DIMM
$9.64
A-Tech 128GB 8x 16GB 2Rx4 PC4-19200R DDR4 2400 ECC REG RDIMM Server Memory RAM
$175.92
A-Tech 128GB 4x 32GB 2Rx4 PC4-21300R DDR4 2666 ECC REG RDIMM Server Memory RAM
$199.96