Windows doesn’t start: Recover partitions, copy files, and reset password with SystemRescue

• Author
• Recent Posts

Brandon Lee

Brandon Lee has been in the IT industry 15+ years and focuses on networking and virtualization. He contributes to the community through various blog posts and technical documentation primarily at Virtualizationhowto.com.

Latest posts by Brandon Lee (see all)

• What’s your ENow AppGov Score? Free Microsoft Entra ID app security assessment - Thu, Nov 30 2023
• Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
• dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023

SystemRescue supports most major file systems, including EXT4, XFS, BTRFS, VFAT, and NTFS. You can also interact with network-based file systems, including Samba and NFS. It includes the following:

• GNU Parted for creating, resizing, moving, and copying partitions and filesystems (and more)
• GParted is a GUI implementation using the GNU Parted library and allows working with disk partitions
• FSArchiver for system and data recovery
• ddrescue attempts to make a copy of a block device that has errors and compensates for the bad spots in input
• File systems tools: Various tools that allow formatting, resizing, and debugging hard drive partitions
• Ntfs3g: When working with NTFS volumes, this utility enables read/write access to NTFS partitions
• Test-disk checks for deleted partitions; supports reiserfs, ntfs, fat32, ext3/ext4 and others
• Memtest is a good tool to run after a system crash to ensure memory is not the culprit
• Rsync has long been used for remote backups
• Network tools include Samba, NFS, ping, nslookup, and others to troubleshoot and back up your data to network storage

Booting from the SystemRescue ISO

Getting started with the SystemRescue ISO is simply booting from the ISO image on a virtual machine or writing the ISO image to a USB drive using a tool like Rufus. When the tool initially boots, you will see the default menu, allowing you to choose from multiple options.

Booting the SystemRescue utility

When choosing the default option, it will first boot to a command line. You can type startx to initiate the GUI.

SystemRescue GUI

Copying files from a PC that won't start

If you simply want to copy your files off your Windows machine that won't start before performing a fresh install of the operating system, you can do so with SystemRescue. For Windows PCs, you can mount NTFS volumes and copy your files across the network.

First, you will need to find the device containing your Windows partition and mount it to a mount point. To find your Windows partition, use the following command:

fsarchiver probe -v

Finding a Windows partition using SystemRescue

Finding a Windows partition using SystemRescue

After you find the device name of the Windows partition, you need to mount it. First, create a directory for the mount point, and then use the ntfs-3g command to mount the NTFS partition to the mount point.

Mkdir /mnt/windows

ntfs-3g -o ro /dev/sda3 /mnt/windows

Mount your Windows partition to a mount point

Once mounted, you can browse your Windows files and folders.

Browsing Windows files and folders

Now that we have the Windows directory mounted, we need to ensure that the SystemRescue network settings are configured to copy files from the environment. Below, we are doing the following:

1. Making sure SSH is running in SystemRescue:
   systemctl is-active sshd
2. Turning off the firewall:
   systemctl stop iptables ip6tables
3. Ensuring the firewall is off:
   systemctl is-active iptables

Setting up the SystemRescue network settings for network copy

We should now be able to connect to the IP address autoconfigured with SystemRescue from DHCP. Below, we are using WinSCP to connect to our SystemRescue session, and we can browse to the mounted Windows directory on the crashed PC. Once connected, you can copy any files needed before reloading the operating system or restoring it to a previous state.

Connecting using an SCP program like WinSCP to back up your files using SystemRescue

Using tools to troubleshoot crashing or inaccessible PCs

You may attempt to repair or troubleshoot your crashing PC before reloading it. For example, you can run the testdisk tool to attempt to repair a crashed drive due to file corruption, bad blocks, or faulty software.

Running testdisk to attempt data recovery due to failed software or corruption

Suppose a Windows PC is inaccessible due to a bad or forgotten password. In that case, SystemRescue allows mounting the SAM file and clearing the configured password for your account.

Listing user accounts in Windows using SystemRescue

To get the username you want to reset, use this command:

chntpw -l /mnt/windows/Windows/System32/config/SAM

Now, you can use the following command to configure a specific user password:

chntpw -u <username> /mnt/windows/Windows/System32/config/SAM

SystemRescue also contains another powerful little open-source utility called GParted, which is a GUI disk and partition editor. It also has a feature to Attempt Data Rescue.

Attempt data rescue using GParted

Once you launch the data rescue feature of GParted, it will run a full disk scan to find file systems. After the scan, you can mount the discovered file systems and then copy the data to another device.

Scanning the file system with GParted in SystemRescue

Wrapping up

The tools described are only a few of the ones contained in the disk for troubleshooting Windows that doesn't start. Using SystemRescue, you have access to many open-source tools that can help diagnose, repair, and copy data from an unbootable PC before resetting it to factory or reinstalling the operating system. You can download the SystemRescue disc here.