Live Windows Bootable CDs for Sysadmins

WhoDaresWins writes "Ever wonder how to make a Knoppix-like live Windows bootable CD (or DVD)? Well its now possible using Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD. It's basically an expansion of the Microsoft's own Windows PE (Preinstallation Environment) idea which is a minimal Windows (XP/2K3) based bootable live CD with a command prompt and the ability to run some basic Windows GUI. Bart's PE allows anyone to make a bootable CD using their own Windows XP/2K3 media with Bart's PE Builder. What's more many people have contributed quite a few plugins that allow you to use the BartPE discs as quite a nifty system administration tool and with some work an almost usable quick system."

Slashdot... Bring you the news a year late

This has been available for over a year....

Bart's pebuilder meetup day

[caston]

One thing I would like to mention is that there is also a meetup site for Barts Pebuilder:

http://pebuilder.meetup.com

Also don't forget the slashdot meet.

http://slashdot.meetup.com

PXE Boot Images

[VoidEngineer]

Ah, this stuff has been around for like 4 years, at least. We were using this kind of technology at the University of Chicago back in 1999 with WindowsNT images. (The department I worked in was responsible for supporting all of the public-use workstations throughout campus, and we naturally relied on disk imaging technologies.)

If you buy a product like Altiris LabExpert or Norton Ghost and are very clever, you can jury rig an entire operating system environment onto a CD.

Oddly enough, we stumbled on how to do this kind of thing while researching Wake-Over-LAN and PXE technologies. Apparently, the system BIOS just needs to be smart enough that it can look at something other than a PCI/IDE/SCSI hard drive for information with which to load a kernel into memory. If your BIOS is PXE enabled, it's smart enough to tell the system bus to look for a kernel on the network card (in the case of a Wake-On-LAN network boot) or on a CD drive (in the case of a CD boot).

FYI, PXE is Intel's Preboot Execution Environment specification, and is therefore working at the hardware level underneath Microsoft PE (Preinstallation Environment).

Nonetheless, the hardware capabilities which have allowed Windows to be booted from a CD have been around since 1999, at least, as they are part of Intel's PXE specification.

Just my two cents...

Last i heard of this

[DaLiNKz]

was on a Windows trading website (they trade old/new beta's of windows software for tinkering).. This little project isn't very legal at all, if anything, this attention its getting may get them a nice little memo for Microsoft. They are basically stripping down a piece of the new installer for windows and turning it into a small OS for simple applications.. I mean, a good idea and all and sounds fun but its just going to piss off Microsoft..

Re:ESCD (?) as a rescue platform

[insecuritiez]

You are probably thinking of ERD commander from Winternals http://www.wininternals.com/products/repairandreco very/erdcommander2002.asp?pid=erd

Re:The only thing

[Endive4Ever]

Be careful about throwing stones. I remember using the Yggdrasil 'Plug and Play Linux' bootable CD back in 1993. It booted and ran rather nicely on a 486DX-33 with 16 megs of RAM.

The current Linux systems are bloatware pigs, just like Windows.

Re:Can it edit an already installed winxp registry

Have you tried booting into the recovery console? If that's possible, you can use the console registry tool, reg.exe, to make changes.

It's not meant to be a full system

[Sancho]

Among other things, the PE environment (or at least, the ones made with PE builder) are limited to 6 processes. They also reboot after 24 hours (intentionally, no less!), resolution is limited to 800x600, 16 bit color, etc. What this tool is really good for is scanning for viruses, doing repairs that otherwise would be difficult (or impossible) under your normal operating environment, etc. In fact, one thing I just saw PE builder used for was to flash a firmware on a machine that only had Linux on it.

Re:It's not meant to be a full system

[WhoDaresWins]

No its definetly not limited to 6 processes (both WinPE and BartPE). Also you can use a commandline resolution utility like SetRes.exe to set a higher resolution. Basically it will set it to the highest possible VESA mode that your video card supports. There is however a limitation of 24 hours with WinPE. If you use XPE plugin with BartPE it almost allows you to have quite a Windows like environment with a working browser and all. If you take the time to cusomise your BartPE with all the app plugins you need then it can a quite useful thing.

And Oh yes I submitted this story so I should know something :)

Re:Licensing?

[TheMadPenguin]

Maybe I spoke too soon... looks like this is not an MS product, but even still, how does this all tie in to the Windows OS? Or is it even a form of Windows OS? I am tired and confused ;)

"Fear the penguin"

Re:Why didn't we have this sooner?

[dasunt]

Can anyone think of alot of uses for this that would beat out knoppix? Cause I can't.

Knoppix is Linux. Linux writing to NTFS is a VERY BAD IDEA. Windows tends to use NTFS now. Windows gets viruses which REALLY SCREWS UP THE SYSTEM. Windows needs to have viruses removed, but the installation cannot be trusted, or else there isn't a licenced copy to put on it.

Congratulations, BartsPE as a A/V plugin.

That's only one use, but its a damn common task for Microsoft Windows.

BartsPE > Knoppix for virus removal.

Re:ESCD (?) as a rescue platform

[Achmed]

How about Offline NT Password & Registry Editor - saved my life more than once.

http://home.eunet.no/~pnordahl/ntpasswd/

Bart's incorporates the user's Windows XP files.

[Futurepower(R)]

When building a Bart's CD, the program just finds the user's own Windows XP operating system files, and incorporates them into the Bart's CD. No knowledge of the NTFS file system is required, because the actual, real NTFS file system is included.

Re:Cannot be used for general purpose like knoppix

[0x1337]

Yes - if you boot WinPE, you will see some background (moon and blue mountains, something like that)- and then you will see a CMD.EXE Window open up. Thats GUI, since it just drew a window :-D.

Re:What is this?

sid is the story id. formkey is a random string that is needed to make posts. A new one is created everytime someone clicks "Reply to This". My guess is a script is parsing each story looking for these formkeys and generating either trolls or posts intended for karma whores. If you noticed the original poster's homepage, it links to anti-slash.org. They specialize in disrupting Slashdot, through the use of "jihad" tactics. These karma whores will make posts that are generated from anti-slash's extensive +5 score database. Later they'll use these accounts to spew trolls, flamebaits, and crapfloods.

RTFA

If you read the page linked to you'll see that he belives it is completely legal. He steps through the various versions and acknowledges that some of them was in fact illegal in some way or another, but he says that this latest version is completely legal.

OTOH, I am sure that some random guy won't have much of a chance against a horde of MS lawyers if they decide they want to shut him down.

Re:RTFA

[Wtcher]

Bart had had his tool shut down by Microsoft before. In fact, he had to redo some work and submit it to Microsoft for them to okay it; I'm assuming that approval hasn't changed, assuming his continuing work is also very much original.

Re:Yeah...

[WhoDaresWins]

Yes it uses a RAM Drive as well the support built into Windows XP onwards for booting of readonly media as part of the components in Windows XP used in XP Embedded. XP Embedded basically just uses the same XP components but with different config (registry, ini file etc). See this -
http://msdn.microsoft.com/library/en-us/xpehelp/ht ml/xetbswindowspreinstallationenvironment.asp
for more information about WinPE and its related XP Embedded technologies.

Re:Go live, windows...

[ctr2sprt]

That's not a problem with "Win-Live CD," it's a problem with anything that installs on any readonly medium. All patches are applied by making a copy of the image, applying the patch, and then making a new disc of the patched version. And Windows supports that just fine.

If all you want is read-only access, use NTFS. Explicitly deny write permission to the Everyone pseudo-group. Deny supersedes permit, as it should, and not even Administrators can bypass it automatically. They have to take ownership of the file and grant themselves the permissions they need. It's about as secure as mounting writeable hardware readonly (or nosuid or noexec) in Linux.

Dell Server Assistant

[pe1chl]

The Dell Server Assistant CD, a CD-ROM you get with any Dell server, is a booting CD that loads Windows NT and then runs a GUI program that lets you select a disk layout, an operating system, parameters for the operating system (system name, IP address etc) and then prepares an unattended installation file for that operating system. It asks for the OS installation CD, copies it to the disk, and hands over the installation process.

This CD uses some commercially available software kit, the name I now cannot recall, to load a Windows NT system into RAMdisk and let it run from there.
Unfortunately there is no apparent way to exit the installation GUI and go to the NT desktop.
This CD has existed for many years, and I sometimes wondered if we should make the effort to "hack" it and use it as a system repair tool for NTFS based systems.

I don't think this CD is anyway related to Microsoft WinPE technology, but I wonder why it does not stop and say "we must now reboot for the changes to take effect" all the time. It runs on a wide range of Dell servers and I don't think they are completely hardware compatible in the strict sense that Windows often requires.

ERD Commander

[trezor]

As far as I am conserned... ERD Commander from Winternals has allways been my tool of choice.

You can boot up a stripped version of Windows. Unlock admin-accounts. Access local-net, make backups of documents on an otherwise f**ked up harddrive... And yes, there is a command prompt.

And no, I am not affiliated with Winternals, but ERD Commander has been around since NT4.0-days, if I remember correctly.

Maybe this is some kind of free tool, unlike ERD Commander, but it isn't news.

Re:ERD Commander

[ahaning]

If you just need to unlock accounts (if, say, you forgot Administrator's password), try this. There are bootable ISOs and floppy disk images.

It's not the most intuitive thing to use, but it is pretty easy if you follow the command prompts. It could probably be extended to include more tools like KNOPPIX.

Actually, something with that, KNOPPIX, and MemTest86 would be really nice and alleviate the need for 3 CDs for performing diagnostic tests on wonky PCs.

Re:MOD PARENT DOWN - LINUX ZEALOT WITH RHETORICS

Yeah, and the whole point of this article is that not every distribution of windows requires you to install everything...

You point was... again?

How to do it on a Mac

OS 9 and older...
put any Mac installation CD in, restart while holding down the C key.

OS X
use Carbon Copy Cloner. This is just a GUI for the UNIX utilities built in. After making a clone CD, follow OS 9 instructions.

german article in c't

[^ZuLu^]

There has also been an article in german's well-known c't magazin that covers the process to create your very own live-windows-xp-cd. Just look at c't 02/04 p.180 and following.

Re:Go live, windows...

[pe1chl]

The problem with using this technique is that some Windows programs require write access in unexpected places. Admittedly this is becoming less of a problem, but there still are older programs around that store configuration data and/or temporary files under their C:\Progra~1\Progname subdirectory :-(

Worse, when they do and they cannot perform the write, the error information is often useless.
The program fails in an unclear way (like, nothing happens when you click something) or an error message like "cannot create file" (without filename) appears.

We run Windows 2000 Pro, and ordinary users of the system have no write access to anything on C: except their profile directory. This often results in lengthy debugging sessions and searches on the Internet to resolve problems. Even Office 2000 has problems running on such a system (the orgchart program does not work when C:\WinNT is not writable).
Similar problems arise when programs try to write to the registry.

There have been many times when I wished there was a tool like "strace" on these boxes so that it would be possible to quickly determine what the application tried to do, and why that failed.
(actually, an strace for Windows appears to exist. next time I have to debug something like this I will try it)

Re:Knoppix without the good stuff?

[noyren]

>If Win2k or XP are unstable, your computer is a >piece of shit. Your poor choices in hardware >arent Microsoft's responsibility; stop buying >Packard Bell.

I repair a LOT of computers, and you have no idea how often I've had to turn off ACPI. To remove that during install you have to use undocumented stuff (press f5 when it says press f6 to install third party drivers).

3) It's Windows. Forget "drivers" without a dozen driver install disks...

>A. d00d, turn off the 8-track; drivers come on >CD's these days
>B. Again, get out of the 60s. On Win2k/XP you >rarely need drivers which arent provided >(especially XP).

yeah, and those are really easy to use when your booting from cd...

4) It's Windows. Forget "Source code".

>A. I beg to differ [iht.com]
>B. See statements regarding #1.

let me get this straight, your backing up a "windows does not release source code" with the source code leak?.....

And your forgetting an important point here, anyone ever tried to install windows on a computer and then for example switch chipset/motherboard?

Making a generic windows install is as far as I know impossible. Most will work on one hardware configuration and fail horribly if you try it on another. (or you'll end up with 10 of one device in the device manager or something charming like that).

*fixed, damn I hate html default, heh*

Re:Why didn't we have this sooner?

>Knoppix is Linux. Linux writing to NTFS is a VERY >BAD IDEA. Windows tends to use NTFS now.

Linux writing to NTFS partitions is safe by now. At least the kernel 2.6.1 menu config states:

"While we cannot guarantee that it will not damage any data, we have so far not received a single report where the driver would have damaged someones data so we assume it is perfectly safe to use. ...

Note: While write support is safe in this version (a rewrite from scratch of the NTFS support), it should be noted that the old NTFS write support, included in Linux 2.5.10 and before (since 1997), is not safe.

Re:Why didn't we have this sooner?

[man_of_mr_e]

Ummm.. because Windows *DID* have this quite a few years ago?

Windows PE is just an extension of the XP embedded tool system, which is just an extension of the NT4 embedded tool system available since about 1998.

NT embedded has always been able to boot from a CDRom and run a complete system, MS just formalized this into something called "Windows PE" that Bart copied (actually, about 2 years ago).

Re:No, he missed the point.

[WhoDaresWins]

He apparently doesn't realize that Sysprep is not available to most users of Windows XP

Huh? Who said everyone cannot get sysprep? Look here to download the Win2K sysprep and here for the Windows XP sysprep (part of XP support tools). It is also available on each and every Windows XP CD at \SUPPORT\TOOLS\DEPLOY.CAB\sysprep.exe. BTW I thought the question was about creating Windows images so sysprep is quite useful since anyone can use it. I'm now wondering how much you have really explored these aspects of Windows.
As regards the complete system backup, well have you tried using the bultin Windows backup utility to do an Automated System Restore? From what I can gather it allows you to do a complete automated system restore from a backup by booting off the Windows CD and it actually writes partition layout and other information to a seperate floppy (or some other media) and the system part of the backup can be written out to a network/external disk or DVD etc. I haven't tried it but I have heard some people talk about it. I'm assuming they were able to use it to good effect. You might want to check it out. AFAIK that should do what you are looking for.
BTW just because that person was angry or he had an attitude problem doesn't mean that everything he said was wrong.

it's costs...

but it's rather indispensable to me.... www.wininternals.com sell an ERD (Emergency Recovery Disc) it's a bootable CD that boots into WinXP and gives full access to NTFS partitions. With tools for changing passwords (unknown ones) and file recovery. It has pulled my nuts out of the fire in teh past.

Re:Why didn't we have this sooner?

[1u3hr]

the great thing about live linux cds is they are packed with utilities that can help with diagnostics. This is just a stripped down version of windows.

This is not "just a stripped down version". It DOES contain "utilities that can help with diagnostics". More, since you have to burn your own disk (the author can't redistribute the MS files needed) you can add other stuff than the default utilities.

Re:Speaking of ram disk drivers...

It's a complete piece of crap. It has like an 8MB limit. That's far too small to do anything with.

Interestingly enough, Microsoft provides the source code for their ramdisk driver. If you don't like the limits it imposes, why don't you modify the source? That's what open source advocates always say.

Re:Go live, windows...

Surely you must know about the sysinternals's filemon and regmon tools?

Linux writing to NTFS is a VERY BAD IDEA: NOT!!!!

[sofayam]

That problem seems to have been solved, maybe not with great performance but at least safely usable for emergencies. Its called "captive" and works by emulating a windows kernel and reusing the windows drivers. For more info look at:

http://www.jankratochvil.net/project/captive/

(haven't used it myself but CT, the local german computer mag, says it's OK and they seldom miss a trick)

Re:The only thing

[elronxenu]

I beg to differ. I'm running Debian Woody on, among other things, a 486SX notebook computer (that's SX as in no math coprocessor!) with 8 megs ram and about 200 megs of hard drive.

Though it's not fast, it runs correctly and it is modern code which is being maintained for security bugs. The kernel is 2.4.24 and I can use it with my pcmcia wifi card just fine.

Re:ESCD (?) as a rescue platform

[DrSkwid]

Unless your file system is encrypted then it is better that you assume that anyone with access to the hardware can have access to any data on the disk.

Otherwise you are living in a dreamworld.

Re:ESCD (?) as a rescue platform

[Hadean]

Maybe you're thinking of the once popular Russian made "Emergency Boot CD"? I can't find a working website for it anymore (unofficial site here.)

I still have a copy of the CD. It was quite a useful CD, especially since it had some tools/programs that were obviously not supposed to be on there, like Symantec tools ;-)

Retrospect from Dantz :We *did* have this sooner?

[coats]

We did have this earlier, but had to pay for it as part of the Retrospect Professional backup/utility package from Dantz: see http://www.dantz.com/index.php3?SCREEN=kbase&ACTIO N=KBASE&id=27814

It even allows you to prepare a boot CD for one machine from a backup-set, hosted by another...

Re:Why didn't we have this sooner?

[bayerwerke]

We did.

http://www.heise.de/ct/english/99/11/206/

They described how to do this with 95 in 1999.

[bayerwerke]

They described how to do this with Windows 95 in 1999.

http://www.heise.de/ct/english/99/11/206/

The information is at this link, c't magazine 1999

[bayerwerke]

The information is at this link, c't magazine 1999.

http://www.heise.de/ct/english/99/11/206/

I love Bart PE

[Lord+Kano]

I use it to defrag my windows system. Delete the hyberfil.sys and pagefile.sys and the defrag goes much smoother and faster.

I discovered it about two months ago. It's fantastic. There are plugins for antivirus software so if you suspect that a machine is infested you can clean it out.

LK

Apple's been doing this forever

[unborracho]

Is it just me or haven't you been able to boot from the Mac OS CDs for years? I even remember Norton Utilities for Mac booting into its own Mac OS that ran from the CD. I'm actually surprised that Windows hasn't implemented this feature, because back in my Mac days, it saved me from having to format my hard disk quite a few number of times.

Finally?

"Finally?"

Prototypes of this were done as early as 2001 folks ... they even had WinPE available as of 2002... Why is it that Slashdot, in it's oft-admitted-but-bashfully-trying-to-hide linux zealotry often publishes articles about the 'evil empire' technology "finally arriving" without checking up on facts, et al.

When the real linux movement takes over, I hope it's not staffed with the 'glory-days-are-still-here-isn't-linux-cool' types I see here often. Do some research, STFU a little bit, and enjoy the ride dudes.

Re:Why didn't we have this sooner?

[damiam]

It does. That doesn't mean it works right.

Re:Chicken and egg...

[ub3r]

you can get virtual desktops by installing one of the power toys that you can download from windows... just like what i use in suse

Re:Why didn't we have this sooner?

[00420]

Yes, but you can only write to files if you're not changing the file size. You also cannot rename or delete files.