- PowerToys for Windows 10 and Windows 11 - Mon, Jan 30 2023
- Azure Recovery Services vault: Ironing out the confusion - Fri, Jan 20 2023
- Regex in VSCode - Tue, Jan 17 2023
Revealing the System Reserved Partition
During a clean installation, Windows 10 creates a simple, basic, 500 MB, unlettered, NTFS partition called, as you probably know, the System Reserved Partition. Open the Disk Management MMC console and add a drive letter to the SRP; without a drive letter, we can't see the partition in File Explorer. The following screen capture shows you the Disk Management interface.
I found that my Windows 10 Enterprise Edition test system behaved just fine with a drive letter, including with BitLocker Drive Encryption enabled on my system drive. That said, I strongly suggest that you repeat my experiments today only on a non-production virtual machine.
Making the SRP visible in File Explorer is only half the battle. We also need to edit the volume's NTFS permissions to allow your user account to have at least write access to the drive's contents.
This is more difficult than you might think because the SRP's contents don't inherit permissions from a higher level. As shown in the following screenshot, right-click the SRP and choose Properties from the shortcut menu. In the resulting Properties sheet, navigate to the Security tab, click Advanced, and try to take ownership of the volume.
When you edit the access control list, make sure to select Replace all child permission entries with inheritable permissions entries for this object to at least attempt to force permissions inheritance throughout the volume.
Analyzing the System Reserved Partition contents
Now that we can actually view the SRP from the Windows 10 File Explorer, we can begin to learn all about its contents. If you've used the Folder Options Control Panel to show hidden and system files, then the SRP will contain the following items:
- $RECYCLE.BIN: The per-drive Windows Recycle Bin
- Boot: The Boot Configuration Database (BCD) location on BIOS-based systems
- Recovery: The Windows Recovery Environment (RE) boot image
- System Volume Information: The folder used to store System Restore restore points
- bootmgr: The orchestrator of the Windows boot process; it replaced NTLDR used in old Windows versions
- BOOTNXT: This small, mysterious file is believed to be involved in Windows startup options for USB, such as Windows to Go; see this reference for more details
- BAK: The backup of the drive's boot sector; used in master boot record (MBR)-based disks
Because bootmgr orchestrates the Windows boot process and the BCD data store is located on the SRP, we can conclude that the System Reserved Partition is crucial to Windows startup and therefore should never be altered or deleted by the user.
Recall that we can interact with the BCD by using the BCDEdit command-line tool, the Registry Editor, WMI, or third-party GUI tools like EasyBCD, Visual BCD, and others. I show you my Windows 10 computer's BCD system store as seen in Visual BCD in the following image.
Windows RE and BitLocker Drive Encryption
I remember the "bad old days" when any Windows repair operations occurred only in an MS-DOS-like command prompt environment. Hey, I'm a PowerShell guy and enjoy the power of the command line. That said, I also enjoy the ease of use that Windows Recovery Environment (Windows RE) brings to the table.
In Windows 10, we don't have to do the "F8 dance" to invoke Windows RE. As long as you're within Windows Explorer, simply hold down SHIFT while choosing the Restart option from the Start menu. This action restarts the system into Windows RE, the first screen of which is shown here:
Where is the Windows RE .wim image file stored? You guessed it—the SRP! Because in RE we've booted into a RAM virtual disk, we can "hover above" the system drive to perform any diagnostic and/or recovery actions we need without worrying about file-open locks and such. Here's a view of the Windows RE .wim from Windows 10 File Explorer:
Guess what other Microsoft technology uses Windows RE from the SRP? Yep—BitLocker Drive Encryption! Don't worry; BitLocker doesn't store encryption keys on the SRP. Instead—and I hope this makes intuitive sense to you—BitLocker needs to boot from a non-system drive initially because the system drive is already encrypted with BitLocker.
The blue background on the BitLocker drive unlock screen is a tip-off that BitLocker's using Windows RE:
Please note that the Microsoft System Reserved Partition is a completely separate entity from the EFI System Partition that's used on Unified Extensible Firmware Interface (UEFI)-based systems.
Subscribe to 4sysops newsletter!
If you're booting Windows 10 with UEFI, then there's a chance that your system disk uses the GUID Partition Table (GPT) layout instead of the Master Boot Record (MBR) layout. What I want you to focus on today is that UEFI and BIOS both accomplish the same task (locating a bootable disk partition) but do so in different ways. In other words, BIOS uses the boot sector, and UEFI uses direct calls to OS loader files.