- Install Ansible on Windows - Thu, Jul 20 2023
- Use Azure Bastion as a jump host for RDP and SSH - Tue, Apr 18 2023
- Azure Virtual Desktop: Getting started - Fri, Apr 14 2023
Revealing the System Reserved Partition
During a clean installation, Windows 10 creates a simple, basic, 500 MB, unlettered, NTFS partition called, as you probably know, the System Reserved Partition. Open the Disk Management MMC console and add a drive letter to the SRP; without a drive letter, we can't see the partition in File Explorer. The following screen capture shows you the Disk Management interface.
Add a drive letter to reveal the System Reserved Partition contents
I found that my Windows 10 Enterprise Edition test system behaved just fine with a drive letter, including with BitLocker Drive Encryption enabled on my system drive. That said, I strongly suggest that you repeat my experiments today only on a non-production virtual machine.
Making the SRP visible in File Explorer is only half the battle. We also need to edit the volume's NTFS permissions to allow your user account to have at least write access to the drive's contents.
This is more difficult than you might think because the SRP's contents don't inherit permissions from a higher level. As shown in the following screenshot, right-click the SRP and choose Properties from the shortcut menu. In the resulting Properties sheet, navigate to the Security tab, click Advanced, and try to take ownership of the volume.
When you edit the access control list, make sure to select Replace all child permission entries with inheritable permissions entries for this object to at least attempt to force permissions inheritance throughout the volume.
I don't suggest changing the SRP's permissions on a production computer
Analyzing the System Reserved Partition contents
Now that we can actually view the SRP from the Windows 10 File Explorer, we can begin to learn all about its contents. If you've used the Folder Options Control Panel to show hidden and system files, then the SRP will contain the following items:
- $RECYCLE.BIN: The per-drive Windows Recycle Bin
- Boot: The Boot Configuration Database (BCD) location on BIOS-based systems
- Recovery: The Windows Recovery Environment (RE) boot image
- System Volume Information: The folder used to store System Restore restore points
- bootmgr: The orchestrator of the Windows boot process; it replaced NTLDR used in old Windows versions
- BOOTNXT: This small, mysterious file is believed to be involved in Windows startup options for USB, such as Windows to Go; see this reference for more details
- BAK: The backup of the drive's boot sector; used in master boot record (MBR)-based disks
Because bootmgr orchestrates the Windows boot process and the BCD data store is located on the SRP, we can conclude that the System Reserved Partition is crucial to Windows startup and therefore should never be altered or deleted by the user.
Recall that we can interact with the BCD by using the BCDEdit command-line tool, the Registry Editor, WMI, or third-party GUI tools like EasyBCD, Visual BCD, and others. I show you my Windows 10 computer's BCD system store as seen in Visual BCD in the following image.
Tools like Visual BCD allow us to interact with the BCD in a graphical format
Windows RE and BitLocker Drive Encryption
I remember the "bad old days" when any Windows repair operations occurred only in an MS-DOS-like command prompt environment. Hey, I'm a PowerShell guy and enjoy the power of the command line. That said, I also enjoy the ease of use that Windows Recovery Environment (Windows RE) brings to the table.
In Windows 10, we don't have to do the "F8 dance" to invoke Windows RE. As long as you're within Windows Explorer, simply hold down SHIFT while choosing the Restart option from the Start menu. This action restarts the system into Windows RE, the first screen of which is shown here:
Windows Recovery Environment (RE)
Where is the Windows RE .wim image file stored? You guessed it—the SRP! Because in RE we've booted into a RAM virtual disk, we can "hover above" the system drive to perform any diagnostic and/or recovery actions we need without worrying about file-open locks and such. Here's a view of the Windows RE .wim from Windows 10 File Explorer:
The Windows RE .wim file
Guess what other Microsoft technology uses Windows RE from the SRP? Yep—BitLocker Drive Encryption! Don't worry; BitLocker doesn't store encryption keys on the SRP. Instead—and I hope this makes intuitive sense to you—BitLocker needs to boot from a non-system drive initially because the system drive is already encrypted with BitLocker.
The blue background on the BitLocker drive unlock screen is a tip-off that BitLocker's using Windows RE:
BitLocker relies upon the System Reserved Partition and Windows RE
Final notes
Please note that the Microsoft System Reserved Partition is a completely separate entity from the EFI System Partition that's used on Unified Extensible Firmware Interface (UEFI)-based systems.
Subscribe to 4sysops newsletter!
If you're booting Windows 10 with UEFI, then there's a chance that your system disk uses the GUID Partition Table (GPT) layout instead of the Master Boot Record (MBR) layout. What I want you to focus on today is that UEFI and BIOS both accomplish the same task (locating a bootable disk partition) but do so in different ways. In other words, BIOS uses the boot sector, and UEFI uses direct calls to OS loader files.
“In Windows 10, we don’t have to do the “F8 dance” to invoke Windows RE.”
This is the thing the I hate the MOST on Win10.
Take a no-booting BIOS machine. No boot.
We can go to… nowhere. There is NO F8!!
So I have to keep booting and pull the power cable, booting and pull the power cable… to a point that the OS will discover that there is something wrong (smart!!!) and finally give me recovery options.
Now all I have to do is pray that I didn’t fucked up even more pulling the cable….
Hey Aristofeles. We have options. If you CAN get into Windows, however briefly, you can hold down SHIFT when you invoke the Restart command; that will put you in Windows RE. You can also boot from a recovery USB stick or DVD. More details here: http://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10 Cheers, Tim W.
Interesting article! While creating some images of Windows 10, I somehow built a test machine that didn’t have the SR partition, but booted anyway (with seemingly no ill effects). Is the partition absolutely necessary, or can you rely on a USB recovery stick or DVD to repair a system without a SRP, especially for systems that have very small disks? Keeping in mind the system will not be able to use System Restore etc.
Hey Jason. Please read Vadim’s comment, below. He pretty much answered your question. 🙂 -Tim
“The long story short is that we need the SRP and the bootmgr/BCD files regardless of the firmware interface or disk type.”
No, we don’t, sans BitLocker.
On MBR, Windows will be perfectly fine without SRP. You can move RE to system32 by turning off RE with reagentc. SRP is not even created, if you partition the drive before installation and setup can’t create the required partition structure.
On GPT, boot files are not even on SRP, but on EFI.
Hi Vadim, thanks for the clarification. I’ll update the article. -Tim
You have added the drive letter to the SRP, but I want to remove it. Can I just indicate “None” instead of adding /changing letter in Disk Management? And more importantly, can the removed drive letter then be used freely for other drives? MS installed my Windows 10 1151 from an ISO via remote, but put a letter on the SRP. It’s annoying….Thanks, Mark Rowland
When you go into the ‘Change Drive Letter and Paths’ utility for a drive from Disk Management, there is an option (it’s own button) to ‘Remove’ the drive letter assignment.
“As long as you’re within Windows Explorer” – most likely people who need F8 are already have broken system and can’t boot. So “as long is” – put that option to the dumpster…
How do I get to the Windows when it won’t boot?
Google “boot recovery disk” they use Linux or WinPE as a RAM-based OS which allows you to make certain repairs to Windows.
Disk Management shows that my primary drive has a 450MB Recovery Partition, a 99MB EFI System Partition, neither having a drive letter–and the rest of the drive space is the C: Primary Partition (Boot, Page File, Crash Dump). But no SRP.
I am unable to install the new version of Win10 because it says “We couldn’t update the system reserved partition.”
Your advice would be appreciated. Thank you.
I am building Windows 10 Enterprise machines with UEFI enabled, Legacy Disabled, GPT Partition, Secureboot Enabled and Bitlocker Enabled.
Apparently I need the 100MB partition.
Can I safely change the drive letter in Windows? I imagine I can since on some computers it’s D: and others it E:.
The reason I ask is I’m looking to deploy encrypted flash drives which require two adjacent drive letters and we map a network drive to f: so I need D: and E: open.
Thanks for an interesting article
Robert
COuple years ago, Windows Backup wouldn't work because SRP was full. I eventually learned that there was a hidden log file that could get very large. Added a drive letter, and I used a few commands, I believe Powershell based, to see the file size, reset /recreate the log empty, got rid of the massive bloat, and everything worked normally again. Happened again, now it won't allow updating to 2004. But now I can't find or remember the commands.