Windows Recovery Environment (RE): The Solution When A Computer Won’t Boot

by Daniel Petri - April 19, 2010

Windows Recovery Environment (Windows RE) is an extensible recovery platform based on Windows Preinstallation Environment (Windows PE). When the computer fails to start, Windows automatically fails over into this environment, and the Startup Repair tool in Windows RE automates the diagnosis and repair of an unbootable Windows Vista, Windows 7, Windows Server 2008 or Windows Server 2008 R2 installation.

Windows RE provides two main functionalities:

1. Automatic diagnosis and repair of boot problems using a tool called Startup Repair.

2. A centralized platform for advanced recovery tools.

Benefits

Windows RE provides the following benefits:

• Can help reduce support costs through automatic repair of common root causes of unbootable operating system installations.

The Startup Repair will try to repair computers that are unbootable because of the following reasons:

• registry corruption
• missing or damaged system and driver files
• disk metadata corruption (MBR, partition table, and boot sector)
• file system metadata corruption
• installation of problematic or incompatible drivers
• installation of incompatible Windows service packs and patches
• corrupt boot configuration data
• bad memory and hard disk hardware (detection only).

Startup Repair will not repair unbootable systems caused by the following issues:

• malfunctioning firmware and other hardware components
• problems with clean Windows installations or Windows upgrades (for example, from Windows XP to Windows Vista or to Windows 7)
• Windows logon errors and viruses and malicious software.

The following table describes possible repair actions:

Repair Action
Description

BCDMD
Repairs the MBR, partition table, or boot sector.

ChkDsk
Runs ChkDsk in repair mode.

File Repair
Replaces the corrupt system file with a backup copy.

BootCfg
Reconstructs the BCD

System Restore
Rolls back the system state by using System Restore.

ACLs fix
Sets the ACLs of the specified file with a backup copy.

Change Crash on Audit Failure setting
Disables Windows auditing. Only an administrator can log on to Windows.

Memory Diagnostics
Runs the Windows Memory Diagnostics tool.

For example, if a user installs a bad drivers that causes the computer to crash and an error message appears on a blue screen because of the driver. The computer then automatically restarts. The user gets a message telling him or her that the computer failed to start and that Windows will attempt to repair it. Once in Windows RE, the Startup Repair wizard will automatically diagnoses the problem. The user can then choose to repair the driver, and the computer restarts after the repair.

• Can add customized recovery tools to Windows RE, such as Anti-Virus or Anti-Spam tools.

• Can be used as the platform for image recovery. In an event of a computer that cannot be booted, the administrator can use Windows RE to initiate a full system recovery from a previous backup. After restoring the operating system, the computer can be booted into the now functional operating system. Also see:

Windows RE Notes : Creating Window RE Using Windows AIK
http://blogs.msdn.com/winre/archive/2006/12/12/creating-winre-using-waik.aspx

• Supports mass-storage drivers and language packs through Windows PE tool.

• Can run automatically or manually by usage of various scripts.

• Provides diagnostic and repair logs.

Security Considerations

Please note that when working with Windows RE:

• When launching Windows RE from hard disk by using the F8 advanced boot options screen, users are required to use a local user name and password for authentication. To gain access to the Command Prompt window, the built-in administrator account must be used. Any local user can gain access to tools such as System Restore and the customized recovery application from the list of manual tools.
• By default, networking is turned off in Windows RE, but can be turned on dynamically if needed.
• Because Windows RE does not include the security infrastructure present in the Windows Vista operating system, manufacturers and system administrators should not install Windows RE on hard disks of high-security risk computers, such as public kiosk computers running Windows Vista/7.

Furthermore, since any user can burn a DVD with the Windows Vista/7/2008 installation media, and since any user can reboot their computer either by using the "Restart" option or by simply pressing the power button on their computer, this means that any user can in fact boot their computer to the OS installation media, and gain access to the file system and operating system files by choosing the "Repair" option. When doing so, the user is NOT prompted to enter any credentials!

If that is a concern, make sure you protect the computer's BIOS and prevent users from being able to change the computer's boot order. Also, in public computers, make sure you physically protect the computer from the user's access by locking it in a closed compartment, and leaving just the keyboard, mouse and screen outside.

Starting Windows RE

You can access Windows RE by pressing F8 while the computer is booting and select the Recovery Environment entry, which boots the computer into Windows RE. However, if the boot partition/files or configuration was somehow messed up, you could use the operating system's bootable DVD media to launch it.

After a few moments, you will be prompted to select the language of your choice.

When using locally, you will be prompted to enter your user name and password.

If you enter wrong credentials, you will not be able to move on.

If properly authenticated, you will get to the Windows RE tools.