You would also need some type of registry editing utility!!!!!!!!!!!! That is major if you are going to attempt to repair windows, from viruses, spyware, and other annoying problems.
I'm remastering Knoppix to act as a dedicated Windows Rescue CD. Here are my ideas so far on what it can perform on broken Windows PC's.
1. Backup client data to a network share or USB/Firewire drive using Samba
2. Blank out the administrative password using chntpw
3. Force a scandisk on next windows boot using ntfsfix
4. Restore data onto an NTFS drive using captive-ntfs
5. Test the PC's memory using memtest86
6. Test the PC's hard drive using Drive Fitness Test
7. Test the PC's hardware using Aida16
8. Undelete files from an NTFS partition using ntfsundelete
9. Resize partitions using QTParted
10. Have limited rescue tools in a console menu for PC's with low memory.
11. Have the ability to setup static IP's for sites with no DHCP or crossover cable connections.
12. Use icewm and nautilus as the GUI portion and place an XP theme on it.
13. Set expirations and login passwords on the CD itself
14. Use isolinux and memdisk to allow for booting other boot image files like DOS bootdisks
Although all of this can be done with the current Knoppix CD it cannot be done easily by a Microsofty tech
With the Microsofty in mind I've customized the GUI to resemble XP and placed all of the rescue tools under the start button. The rescue tools in the past were a set of scripts but for future portability I'm consolidating all of them into one script called "aioscript" (All In One script
The script can run the different functions by just setting the function after its name...for example...if you would like to reset the admin password to blank then just type:
this calls the ntpasswd) function inside the script. So you get the idea.Code:aioscript ntpasswd
The project is for my dept in the company I work for. Being that it can get any data and reset any admin password some security has been placed into the CD to avoid loss or misuse:
1. Expiration date using the time off of NTP servers
2. Username and passwords using /bin/login or GDM
Since there around 300 Microsofty's in my company I had to devise a way of distribution with customization...thats where the web came in...
Currently the old version of the RCD can be requested from our internal website. The website requires you to authenticate, once authenticated the website knows your email address, company ID # (HRID) and other little tidbits about the tech requesting...
The requesting tech can customize some features of the CD before compilation:
1. Username - extracted from authentication into the website, tech cannot change this.
2. HRID stamped into the bootscreen
3. Creation date stamped on the bootscreen
4. Account expiration - tech cannot change this
4. Password - given by the requesting client.
5. Other internal customizations for our dept.
Once requested the website ftp's a file with the clients info inside over to the Rescue CD Server...from there a cron job runs each minute to check if there is a request in its queue...once a request is entered the server then process' that info into an uncompressed copy of the CD then creates the ISO from it. This part is yet to be done so I may need some help
Once compiled the server will email the client stating that their CD is available for download, also another job is entered to lock the tech from being able to request another CD for 5 months and yet another email set to be emailed to the tech 5 months from creation date notifying the tech that they have 30 days to request another. The site is also able to email forgotten passwords to the techs
Obviously the current version right now is not releasable to this forum since there are alot of internal customizations done so it would work on our network environment but with my current rewrite hopefully I'll be able to release the "aioscript" for input, improvement and corrections...
The aioscript is written entirely in bash and requires the following on top of your base linux live-cd:
Samba
Captive-NTFS
expect
smbclient
ntfsprogs
I may be missing some things but thats the bulk of it...
Another thing I'm aiming to do with this release is to make every CD able to act as a distribution server. Just another script that will prep the hdd, ftp and mail and done
This is my first real linux project that I'm making public and wanted to gauge interest on it...so far 2 other member expressed interest...
I also consider myself an intermediate linux user and I'm sure you'll see that in my script so please be gentle on the criticism
I'll be posting the script as soon as I have a more complete version of it...
In the mean time if you have any ideas of what to add please post here.
You would also need some type of registry editing utility!!!!!!!!!!!! That is major if you are going to attempt to repair windows, from viruses, spyware, and other annoying problems.
there is a windows registry editor that is native to linux but it is so cryptic that i don't even bother...
the question then becomes if you can rescue the client data from the machine with in a few minutes...why not just reimage the hard drive with ghost and restore the client data...?
in most cases it is a faster solution than going through the registry and deleting spyware and worrying about virus'...
thats why its called a rescue instead of a repair
but you just gave me another good idea! i'll leave the knoppix install to hd script intact JUST in case we get some believers
Very well thought out.
I can see this woule be very useful. Plus the auto creation of the cd and iso I think is just plain cool.
Are you the same one who said that you were already doing something like this?
If you are imaging data thats infected with viruses using ghost and you restore the image, your not getting rid of the problem. For instance if you fixing the famous windows logon problem, in which the userinit is missing or pointing to some random location, Its much easier to go into the registry and fix the proper key that to do a format and restore. I fix registry issues with bartPE all of the time, I was just wondering if the same could be done with linux. Also, you say that why its called a rescue instead of repair, same thing to me, as fixing an os is just as good as restoring one if you know what you are doing, but it your post, so let me sotp hijacking it.Originally Posted by bizarro
bizarro,
This sounds like a cool project. Instead of just limiting it to your company have you considered shaing it with all of us?
As far as security and password resetting you sounded worried about I am sure most here have seen
The Offline NT Password and Registry Editor
http://home.eunet.no/~pnordahl/ntpasswd/
It does sound like you have enough Linux knowledge that you could even take things to the next step and offer disk backup, cloaning/imaging.
Knoppix comes with Mondo Rescue http://mondorescue.org/ . However that won't run on a RAM drive i.e. Knoppix Live CD. The author even says he has two lines of C code that could be changed by "anybody" to make it work on a RAM drive etc. Unfortunatly the Author does not want to create an open source project that supports closed suource work.
If you or someone could add backup/cloaning/imaging support it would truly make a strong rescue disk.
Here are a few references to the Mondo/Windows issue:
http://forum.mondorescue.org/viewtop...indows+knoppix
http://forum.mondorescue.org/viewtop...indows+knoppix
http://forum.mondorescue.org/viewtop...noppix+2+lines
Dunno which thread you are referring to...but I do currently have a debian based rescue cd that is distributed through my company...Are you the same one who said that you were already doing something like this?
The rescue cd backs up data via zip or just plain copy...there is no imaging...the servers we connect to on our network are all antivirus managed so whatever files we copy up to or zip up to the server is cleaned or blockedIf you are imaging data thats infected with viruses using ghost and you restore the image, your not getting rid of the problem.
The company standardizes on Ghost so no imaging on the rescue cd although I have played with partimage before and even recommended it to the company...
I am...as soon as I have a working aioscript I will post it here for everyone to use and work and fix and clean up and add to...etc etc etcThis sounds like a cool project. Instead of just limiting it to your company have you considered shaing it with all of us?
shhhhh!!!!! don't tell anyone!!! actually like I said before...the tech in my company are mostly Windows savy and have no clue on Linux...in the documentation that I have for the cd I give credit to the actual developers and reference their links...As far as security and password resetting you sounded worried about I am sure most here have seen
The Offline NT Password and Registry Editor
Thing is there is no one in my company that can take all of the tools and put them together in a working fashion as I have done...
I'm assuming when you speak of imaging you speak of ghost or partimage or something like that...if so...I haven't figured out how to run Ghost within the linux session...if anyone here has figured it out using dosemu please let me knowIf you or someone could add backup/cloaning/imaging support it would truly make a strong rescue disk.
Partimage does work but its not part of my tools since my company doesn't standardize on that.
dd should make great "image" backup of partitions or whole drives.
if you flag it with dd conv=ignerror. and/or conv=noerrors and bs=X where X is 512, 1024, 2048...
or perhaps dd-rescue (never used by me)
Here is what I have so far to give to the forum...
Run the following command to see if you have some of the tools needed.
That test is complete though...once you look inside the script you'll see the files it checks.Code:aioscript test
So far its the console section I've been working on...once the console section is complete I will work on the X version which will be inside the same script...
Just cut and paste the file into /usr/bin/aioscript and chmod +x to make it executable and remaster...
Some things are still buggy I'm sure...just let me know or post corrections...thanx!
Code:#!/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin:/etc/xdscripts IP=`ifconfig | grep inet | grep -v 127\.0\.0\.1 | cut -f2 -d':' | cut -f1 -d' '` if [ ! -d /mount ]; then mkdir /mount fi case "$1" in ## Main Menu Section menu) MAP=`mount | grep smbfs | cut -f1 -d' '` FUNCTION=`dialog --stdout --no-cancel \ --title "Rescue CD Console" \ --menu "IP: $IP - Mapped to: $MAP" 0 60 0 \ 1 "Map to Network Share" \ 2 "Backup local drive to ... $MAP" \ 3 "Run NTFS Check Disk" \ 4 "NTFS Undelete" \ 5 "Reset Admin Password" \ 6 "Set Static IP" \ 7 "Exit"` if [ $FUNCTION = 1 ]; then aioscript map aioscript menu elif [ $FUNCTION = 2 ]; then aioscript backup aioscript menu elif [ $FUNCTION = 3 ]; then aioscript checkdisk aioscript menu elif [ $FUNCTION = 4 ]; then aioscript ntfsundelete aioscript menu elif [ $FUNCTION = 5 ]; then aioscript ntpasswd aioscript menu elif [ $FUNCTION = 6 ]; then aioscript staticip aioscript menu elif [ $FUNCTION = 7 ]; then echo "Returning to login..." fi exit 1 ;; ## Map to network share section map) if mount | grep smbfs > /dev/null; then SMBMOUNTS=`mount | grep smbfs | cut -f1 -d' '` for i in $SMBMOUNTS; do umount $i done fi USERNAME=`dialog --no-cancel --stdout --title "Map to Network Share" \ --inputbox "Enter your Domain Username" 0 0` DOMAIN=`dialog --no-cancel --stdout --title "Map to Network Share" \ --inputbox "Enter your Domain" 0 0 ""` SERVER=`dialog --no-cancel --stdout --title "Map to Network Share" \ --inputbox "Enter just the server name" 0 0` SHARE=`dialog --no-cancel --stdout --title "Map to Network Share" \ --inputbox "Enter the share name" 0 0` if ! nmblookup $SERVER > /dev/null; then dialog --infobox "Cannot lookup server, starting over" 0 0 sleep 2 aioscript map fi if dialog --yesno "Username: $USERNAME \n Domain: $DOMAIN \n Server: $SERVER \n Share: $SHARE" 0 0; then if [ ! -d /mount/$SERVER.$SHARE ]; then mkdir -p /mount/$SERVER-$SHARE fi if ! mount -t smbfs -o username=$DOMAIN\\$USERNAME //$SERVER/$SHARE /mount/$SERVER-$SHARE; then dialog --infobox "Cannot map to share, starting over" 0 0 sleep 2 aioscript map fi else dialog --infobox "Lets try again..." 0 0 sleep 2 aioscript map fi exit 1 ;; ## Backup hard drive section backup) if dialog --yesno "Due to having no GUI this script will copy the ENTIRE hard drive. \nThis may take a long time, please be patient. \nContinue?" 0 0; then if ! mount | grep smbfs; then dialog --infobox "You must be mapped to a network share to use this tool..." 0 0 sleep 1 aioscript map else MAPDIR=`mount | grep smbfs | cut -f3 -d' '` DIRNAME=`dialog --stdout --no-cancel --inputbox "Enter a unique directory name for the backup..." 0 0`-`date +%d%m%y` MOUNTS=`fdisk -l | grep -i "ntfs\|fat" | cut -f3 -d'/' | cut -f1 -d' '` for i in $MOUNTS; do if [ ! -d /mount/$i ]; then mkdir /mount/$i ; mount /dev/$i /mount/$i fi done if [ -e /mount/$SERVER-$SHARE/$DIRNAME ]; then if dialog --yesno "SAME DIRECTORY NAME EXISTS, CONTINUE?" 0 0; then for i in $MOUNTS; do dialog --infobox "Copy in progress..." 0 0 cp -auv /mount/$i/* /$MAPDIR/$DIRNAME/. >> /dev/null dialog --msgbox "HardDrive backup completed.\nPress OK to return to Main Menu" 0 0 done else dialog --infobox "Lets try this again..." 0 0 sleep 2 aioscript backup fi else mkdir $MAPDIR/$DIRNAME for i in $MOUNTS; do dialog --infobox "Copy in progress..." 0 0 cp -auv /mount/$i/* $MAPDIR/$DIRNAME/. >> /dev/null dialog --msgbox "HardDrive backup completed.\nPress OK to return to Main Menu" 0 0 done fi fi fi exit 1 ;; ## Run ntfsfix section checkdisk) if dialog --yesno "This option will unmount all partition(s), run a checkdisk then automatically reboot.\n\nContinue?" 0 0; then PARTS=`fdisk -l /dev/hd[a-z] /dev/sd[a-z] | grep "NTFS" | cut -f1 -d' '` umount -t ntfs /dev/hd[a-z][1-9] /dev/sd[a-z][1-9]>/dev/null 2>/dev/null for i in $PARTS; do clear ntfsfix $i clear done dialog --infobox "Rebooting now..." 0 0 & sleep 2 echo reboot fi exit 1 ;; ## Run ntfsundelete section ntfsundelete) if ! mount | grep smbfs; then dialog --infobox "You must be mapped to a network share to use this tool..." 0 0 sleep 1 aioscript map fi if dialog --yesno "This will undelete all files from a chosen partition that are 90% undeletable and copy them to a network share. \n\nContinue?" 0 0; then PART=`fdisk -l /dev/hd[a-z] /dev/sd[a-z] | grep "NTFS" | cut -f1 -d' '` PART1=`echo $PART | awk --source 'BEGIN { FS=" " }' --source '{ print $1 }'` PART2=`echo $PART | awk --source 'BEGIN { FS=" " }' --source '{ print $2 }'` PART3=`echo $PART | awk --source 'BEGIN { FS=" " }' --source '{ print $3}'` PART4=`echo $PART | awk --source 'BEGIN { FS=" " }' --source '{ print $4}'` umount -t ntfs /dev/hd[a-z][1-9] /dev/sd[a-z][1-9]>/dev/null 2>/dev/null UNDELETE=`dialog --stdout --separator " " \ --radiolist "Select a partition and press SpaceBar:" 0 0 0 \ "$PART1" "" "on" \ "$PART2" "" "" \ "$PART3" "" "" \ "$PART4" "" ""` echo $UNDELETE fi exit 1 ;; ## Run NT password reset section ntpasswd) ##Creating expect script!!! echo '#!/usr/bin/expect -f # set timeout -1 spawn chntpw -u 0x1f4 /tmp/.ntpasswd/SAM match_max 100000 expect -exact "Please enter new password: " send -- "*\r" expect -exact "Do you really wish to change it? (y/n) \[n\] " send -- "y\r" expect -exact "Write hive files? (y/n) \[n\] : " send -- "y\r" expect eof' > /tmp/chntpw.exp chmod +x /tmp/chntpw.exp if dialog --yesno "This will reset the administrative password to blank, \ run NTFS Check and automatically reboot.\n\nContinue?" 0 0; then dialog --infobox "Blanking out admin password" 0 0 if [ -d /tmp/.ntpasswd ]; then umount /tmp/.ntpasswd > /dev/null 2>/dev/null ; rm -rf /tmp/.ntpasswd fi if [ -d /tmp/ntfsdrive ]; then umount /tmp/ntfsdrive > /dev/null 2>/dev/null ; rm -rf /tmp/ntfsdrive fi mkdir /tmp/.ntpasswd mkdir /tmp/ntfsdrive mount -t tmpfs tmpfs /tmp/.ntpasswd mount -t ntfs `fdisk -l /dev/hd[a-z] /dev/sd[a-z] 2>/dev/null | grep NTFS | \ grep "\*" | cut -f1 -d' '` /tmp/ntfsdrive DEFROOT="winnt windows" if [ -d /tmp/ntfsdrive/winnt ]; then DEFDIR="/tmp/ntfsdrive/winnt" elif [ -d /tmp/ntfsdrive/windows ]; then DEFDIR="/tmp/ntfsdrive/windows" fi cp $DEFDIR/system32/config/SAM /tmp/.ntpasswd expect /tmp/chntpw.exp >> /dev/null rm -f /tmp/chntpw.exp mount -o remount,rw /tmp/ntfsdrive cp /tmp/.ntpasswd/SAM $DEFDIR/system32/config/. umount /tmp/ntfsdrive dialog --infobox "Running NTFS fix on mondified partition" 0 0 ntfsfix `fdisk -l /dev/hd[a-z] /dev/sd[a-z] 2>/dev/null | grep NTFS | \ grep "\*" | cut -f1 -d' '` > /dev/null dialog --infobox "REBOOTING" 0 0 && sleep 2 echo init 6 fi exit 1 ;; ## Set static IP section staticip) if dialog --yesno "This option will setup a static IP \ for sites without DHCP.\nContinue?" 0 0; then IP=`dialog --stdout --title "example: 321.123.321.123" \ --no-cancel --inputbox "IP Address" 0 0` IPGW=`echo $IP | cut -f-3 -d'.'`.1 SUBNET=`dialog --stdout --no-cancel --inputbox "Subnet Mask" 0 0 255.255.255.0` GW=`dialog --stdout --no-cancel --inputbox "Defautl Gateway" 0 0 $IPGW` DNS=`dialog --stdout --no-cancel --inputbox "DNS" 0 0 ""` SUFFIX=`dialot --stdout --no-cancel --inputbox "Suffix Search Order \ (separated by spares)" 0 0 \ ""` if dialog --yesno "Is this information correct? \n IP Address: $IP \n Subnet Mask: $SUBNET \n Default Gateway: $GW \n\n Suffix Search Order:\n$SUFFIX" 0 0; then ETH=`ifconfig | grep eth| grep -v 0.0.0.0 | cut -f1 -d' '` ifconfig $ETH $IP ifconfig $ETH netmask $SUBNET route add default $ETH route add default gw $GW echo search $SUFFIX > /etc/resolv.conf echo nameserver $DNS >> /etc/resolv.conf else aioscript staticip fi fi exit 1 ;; *) echo "Usage: aioscript {menu|backup|map|checkdisk|ntfsfix|ntpasswd|ntfsundelete|staticip|checkdisk|?}" exit 1 ;; esac exit 0
I belive there is an attempt to create linux usable Ghost image program
Last I saw it, it work with unecrpyted, un compressed. That was a while ago so they might have it working now. I don't have a link.
HPE BL460c G9 ProLiant Blade | 2x Xeon E5-2620V3 | NO RAM | P244BR | 2xHDD Tray
$179.00
HPE BL460c G9 ProLiant Blade | 2x Xeon E5-2630V3 | 32GB | P244BR | 2x300GB 15K
$299.00
HPE BL460c G10 ProLiant Blade | 2x Silver 4110 | 32GB | P204I | 2x900GB 10KRPM
$1499.00
HPE BL460c G10 ProLiant Blade | 2x Silver 4110 | 16GB | P204I | 2x300GB 10KRPM
$1419.00
DELL PEM640 POWEREDGE M640 BLADE SERVER
$539.95
HP ProLiant BL460c G9 (Gen9) 2x E5-2670V3 12 Core 3.1GHz No Ram or No Drives
$59.98
Dell PowerEdge M620 0F9HJC Blade Server 2*E5-2670 2.60GHz 192GB RAM 2*300GB SAS
$103.99
DELL M630 BLADE SERVER x2 XEON E5-2660V3 @ 2.6GH H730 PERC HDD CADDIES 16GB FC
$50.00
DELL PowerEdge M630 Blade 2x E5-2683v4 2.1GHz =32 Cores 256GB H330 2x10Gb X520
$500.00
Cisco UCSB-B200-M4 UCS B200 M4 Blade Server NEW
$299.99