Previously in this series about Windows XP Recovery Console, I described the Recovery Console as a handicapped version of the Windows command prompt because so many of the normal features and capabilities associated with the command prompt have been disabled. Fortunately, administrators can regain some of the missing functionality.
Before I begin
In spite of the fact that so many of the Recovery Console's capabilities have been disabled, there are still quite a few valid DOS commands remaining. A comprehensive discussion of all of the available commands is beyond the scope of this article, but if you are curious as to which commands you can use, I recommend checking out Microsoft KB article 307654.
Taking back some functionality
In order to regain access to some of the lost functionality through the Windows XP Recovery Console, you have to make some changes to the machine's local security policy. Sadly, you have to do this while Windows is functional, because you can't make the changes directly through the Recovery Console.
To do so, enter the GPEDIT.MSC command at the Run prompt. When the Group Policy Object Editor opens, expand the Local Computer Policy and navigate through the console tree to Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options. Next, locate and enable a policy setting named "Recovery Console: Allow Floppy Copy and Access to All Drives and Folders" as shown in Figure A. If you have a lot of machines running Windows XP, then I would recommend enabling this policy at the domain level rather than on each individual machine.
It is important to realize that simply enabling this Group Policy setting alone will not give you access to all the files or folders, nor will it allow you to copy data to removable media. You still have to tell the Recovery Console that you want access to some of the things that have been restricted.
Doing so involves using the Set command. Simply boot the machine into the Recovery Console and then enter the Set command followed by an environment variable, the equals sign and either true or false. Setting an environment variable to True enables the option to which the variable corresponds, while setting the variable to false disables the option. For example, suppose you wanted the ability to write data to removable media. The environment variable that controls removable media access is AllowRemovableMedia. Therefore, the command would look like this:
Set AllowRemovableMedia = TrueKeep in mind that you cannot use the Set command unless you first enable the Group Policy setting that I showed you above. Otherwise, when you enter the Set command you will receive the following error message:
The SET command is currently disabled. The SET command is an optional Recovery Console command that can only be enabled by using the Security Configuration and Analysis Snap-In.Now that you know how to use the Set command, you can see which environment variables you can use with it by taking a look at the table below.
Environment variables for the Set command
|AllowWIldCards||Setting this environment variable to TRUE allows you to use wildcard characters in conjunction with some of the commands. The wildcard characters consist of * and ?.
The * character indicates that you want to use any item that matches the specified pattern, regardless of length. For example, if you want to see all of the .EXE files found in the current directory, you could use the DIR *.EXE command.
The ? character allows you to tell the command that you don't know what a specific character is going to be. For instance if you want to see all of the files in the current directory that end in BK1, BK2, BK3, etc., you could enter DIR *.BK?
|AllowAllPaths||Setting this environment variable to TRUE gives you access to every folder on the hard disk.|
|AllowRemovableMedia||If you set this environment variable to TRUE, Windows will allow you to copy files from the hard disk to removable media.|
|NoCopyPrompt||Setting this variable to TRUE allows you to overwrite files without being prompted each time. This is handy if you need to overwrite a large number of files. Otherwise, it is usually best to leave this option disabled to prevent accidental data loss.|
So while the Windows XP Recovery Console does have many restrictions, there are workarounds, and knowing how to use the Group Policy Object Editor and the Set command is the key to accessing them.
|Brien M. Posey, MCSE, has received Microsoft's Most Valuable Professional Award four times for his work with Windows Server, IIS and Exchange Server. He has served as CIO for a nationwide chain of hospitals and healthcare facilities, and was once a network administrator for Fort Knox. You can visit his personal Web site at www.brienposey.com.|