As I will show you later though, there is a way to get wild card functionality back. Another way that the Recovery Console protects Windows is by controlling access to removable media.
Remember, removable media is one of the four things that the Recovery Console gives you access to. However, the default access level to the removable media is read only. This prevents a consultant from copying pieces of your server's registry to a floppy in an effort to later use the stolen information to crack passwords. Again, the restrictions on removable media can be circumvented through a technique that I will show you later.
The final security measure that the Recovery Console uses to protect you from yourself is copy protection. In my opinion, this feature isn't really a big deal. The copy protection doesn't stop you from overwriting a file on your hard disk. It simply prompts you to confirm that you really do want to overwrite the file. If this is too much of a nuisance to you though, this protection too can be disabled. To disable all of the Recovery Console's security features, you have to begin by modifying either the Domain Controller Security Policy or the Local Security Policy, which ever applies to the server.
To do so, boot the server into Windows you might want to do this before your system has a crash, since normally if you are using the Recovery Console, Windows is not accessible. The pane to the right contains many different security policy options. Scroll through the list to the policies related to the Recovery Console. If you enable this option, it will allow you to access the Recovery Console without having to enter a password. This is handy if you have a consultant who does your server repairs and don't want to give out your Administrator account password.
At the same time though, this setting does represent a significant security risk, and I personally think that it's a bad idea to enable it. This option is actually a bit misleading. If you enable this security setting, it doesn't do away with any of the restrictions that I discussed earlier. Instead, it simply gives you the option to turn those restrictions on or off.
When you do, you will see a dialog box appear. Finally, reboot the computer and enter the Recovery Console. Once the system boots into the Recovery Console, you can use a series of commands to enable or to disable the various security mechanisms.
I should point out that this command is case sensitive and the spacing is also very important. If you don't include the space on each side of the equals sign then the command will not work.
There are similar commands for enabling or disabling the other security functions. The syntax for all of the commands is the exact same as it is for the AllowWildCards command. The command for removing restrictions on what directories can be accessed is AllowAllPaths. The command for removing restrictions on removable media is AllowRemovableMedia.
Finally, the command used to remove the prompt that you get prior to overwriting a file is NoCopyPrompt. Other Recovery Console commands If at any time you need help with the recovery console, you can type the HELP command to display a list of valid commands.
Although online help is available for each command, here is a brief run down of the commands that are available and a short description of what those commands do:. Remove the entry for the Recovery Console, which will look something like this:. After you have installed the Recovery Console, you can boot the system and select Microsoft Windows Recovery Console from the startup menu. The loading takes significantly longer from the CD-ROM, but the resulting Recovery Console is identical to that installed on the local system.
Once the Recovery Console has started, as shown in Figure , you will be prompted to select the installation of Windows to which you wish to log on. You will then be asked to enter the Administrator password.
You must use the password assigned to the local Administrator account, which, on a domain controller, is the password configured on the Directory Services Restore Mode Password page of the Active Directory Installation Wizard.
You can type help at the console prompt to list the commands available in the Recovery Console, and help command name for information about a specific command. Most are familiar commands from the standard command-line environment. Several of the commands deserve particular attention. This is a useful way to discover the short name for a service or driver before using the Enable and Disable commands.
If a service or driver is preventing the operating system from starting successfully, use the Recovery Console's Disable command to disable the component: Then restart the system and repair or uninstall the component.
You can then use the Format command to configure a file system for a partition. Del operates in the system directories of the current Windows installation, in removable media, in the root directory of any hard disk partition, or in the local installation sources. By default, you cannot use wildcard characters.
Disable disables a Windows system service or a Windows driver. The servicename argument is the name of the service or the driver that you want to disable. It is a good idea to note the original startup type so that you can use the enable command to restart the service. Enable enables a Windows system service or a Windows driver. The startup type uses one of the following formats:. Expand expands a compressed file. The source argument is the file that you want to expand.
The destination argument is the directory for the new file. By default, the destination cannot be removable media and cannot be read-only. You can use the attrib command to remove the read-only attribute from the destination directory. This option permits wildcard characters. Fixboot writes a new boot sector on the system partition.
The fixboot command is only supported on xbased computers. Fixmbr repairs the boot partition's master boot record MBR. The device-name argument is an optional name that specifies the device that requires a new MBR. Omit this variable when the target is the boot device.
The fixmbr command is only supported on xbased computers. Format formats a disk. Help lists all the commands that the Recovery Console supports. Logon displays detected installations of Windows and requests the local Administrator password for those installations. Use this command to move to another installation or subdirectory.
Map displays currently active device mappings. ARC is the format that is used for the Boot. Md Mkdir creates a directory. The command operates only in the system directories of the current Windows installation, in removable media, in the root directory of any hard disk partition, or in the local installation sources.
Rd rmdir removes a directory.
0コメント