Jump to content











Photo
- - - - -

Running disk2vhd from winpe


  • Please log in to reply
17 replies to this topic

#1 Uneitohr

Uneitohr

    Frequent Member

  • Advanced user
  • 219 posts

Posted 31 August 2015 - 08:06 AM

Hi guys. I need some help from PE experts.

 

Is there a way to run disk2vhd from an x86 winpe image?

I want to backup all fixed drives of a computer when winpe is loaded. I tried this command:

disk2vhd * Z:\Backup\%computername%.vhd

However it outputs an error about visual c++ libraries, which winpe obviously does not have. Is there a way to run it? Or maybe an alternative that will run on PE?

 

Thank you.



#2 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 31 August 2015 - 08:31 AM

You mean this one?

https://technet.micr...y/ee656415.aspx

 

The actual "plus" of that tool is that it can run on a "live" system using Shadow Copies, which are normally not useful/used when imaging from a PE.

 

Which PE version are you using?

 

Usually it's just a matter of adding the missing C++ dependencies,  but depending on why you want to make an image of the disk(s) involved there may be tens of alternatives.

 

Also it is important that you detail what you expect as a result, is that a backup, a forensic sound image/clone or a bare metal recovery, an actual physical to virtual, etc.

 

:duff:

Wonko



#3 Uneitohr

Uneitohr

    Frequent Member

  • Advanced user
  • 219 posts

Posted 31 August 2015 - 08:43 AM

We use a WDS server that we use to deploy windows to our machines. Very often, people come to us to re-image their machines, format and install windows. However, most of them forget to mention they still have data to save, most of the time it is very time consuming to find that data so a full backup of everything in a format easy to mount would come a long way. If anyone asks for their files, we would just open the file and give them the data.

 

Their data is not always in C:\Users. They can be anywere, C:\, D:\, subfolders etc. So a full backup would be required.

 

The PE is 5.1 from ADK 8.1. And yes, that is the program.

 

I just need to copy user files and folders but sadly I cannot separate them-can't make it exclude all system folders and include only C:\Users and every other non-system folder.


Edited by Alexander Ceed, 31 August 2015 - 08:52 AM.


#4 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 31 August 2015 - 09:08 AM

 

I just need to copy user files and folders but sadly I cannot separate them-can't make it exclude all system folders and include only C:\Users and every other non-system folder.

Well, then you are using the "wrong" (in the sense or not particularly suited to the desired result) tool.

You should use instead a tool like Robocopy (or Strarc) through a .script (and you will also save tens or hundreds of Gb of storage space).

 

:duff:

Wonko



#5 Uneitohr

Uneitohr

    Frequent Member

  • Advanced user
  • 219 posts

Posted 31 August 2015 - 09:13 AM

I know robocopy but haven't used strarc yet. Still, how to separate the files/folders?

It should be able to copy everything off every fixed drive/partition and only copy C:\users off the boot partition.



#6 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 31 August 2015 - 09:33 AM

Well, this is where batch (or powershell or any other kind of scripting) becomes useful, as an example to dynamically analyze the filesystem and auto-generate a set of commands, but the Robocopy has the /XF and /XD switches (among a zillion other ones):

http://ss64.com/nt/robocopy.html

and strarc has the -e and -i parameters:

http://www.ltr-data....iles/strarc.txt

 

From what you posted before seemed like you wanted to backup everything from all disks but (of course ;)) pagefile.sys, hyberfil.sys (if any) and the C:\Windows\ system directory, which should be not a problem to obtain.

 

:duff:

Wonko



#7 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 31 August 2015 - 01:14 PM

Hi,

 

If I understood correctly and if we are talking about backuping datas offline from WinPE, an alternative could be imaging the logical drive to an EWF : 

-all files will be backuped

-the file will be compressed, thus saving  disk space (so even better compared to a dynaminc VHD)

-the file can be opened or even mounted (just like a VHD or any standard disk imaging format).

-and disk saving is really important, I would even zeroed out unused cluster before backuping for better compression but this is probably deviating from the objective / discussion ...

 

it is a different approach thus compared to scripting using robocopy/strarc.

 

Regards,

Erwan



#8 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 31 August 2015 - 01:52 PM

Well, for all that matters one could rather use WIM as a format or since it is a "local" (though on network) copy that is not to be "moved/copied" a sparse file might do as well and/or NTFS compression.

 

The EWF is IMHO better suited for "forensic sound" images, which is not what is the declared objective (which is a simple backup, i.e. just the data, not the filesystem,.let alone unused clusters or similar), and given the use there is also not real *need* that the "destination" should be a volume or volume image, a simple folder or a compressed archive would do nicely without needing to mount the volume/filesystem on restore.

 

:duff:

Wonko



#9 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 31 August 2015 - 01:57 PM

WIM is indeed better !

 

Only the files will be backuped and compressed and one can still open or mount that image.

And that WIM file can also be used for a full system restore if needed (thus having to restore/rebuild the MBR and BS).

And one can also exclude some specific files while backuping if needed.

 

Defo the best choice to me :)



#10 Uneitohr

Uneitohr

    Frequent Member

  • Advanced user
  • 219 posts

Posted 07 September 2015 - 07:42 AM

I gave up on copying files using command-line options, like robocopy and strarc simple because I ended up having a huge list of files to exclude. Ugly, slow and sloppy, not to mention hard to maintain.

 

As I understand it, Enhance Write Filter (EWF) is somekind of driver/filter that stores the changes done to a system in a backup file. Leaving the system unchanged. Is that correct? How would this work, boot winpe, load this application, and just starts the backup?

 

Also, sorry for not replying any sooner guys. 


Edited by Alexander Ceed, 07 September 2015 - 07:44 AM.


#11 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 07 September 2015 - 08:01 AM

I gave up on copying files using command-line options, like robocopy and strarc simple because I ended up having a huge list of files to exclude. Ugly, slow and sloppy, not to mention hard to maintain.

 

As I understand it, Enhance Write Filter (EWF) is somekind of driver/filter that stores the changes done to a system in a backup file. Leaving the system unchanged. Is that correct? How would this work, boot winpe, load this application, and just starts the backup?

 

Also, sorry for not replying any sooner guys. 

 

EWF is not meant to run on a WINPE but to an installed system (preferably an embedded system).

That installed system will revert to original state at each reboot if EWF is enabled.

 

In your case, I would boot winpe, and do my backup to WIM (using any GUI out there).



#12 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 07 September 2015 - 10:12 AM

 

As I understand it, Enhance Write Filter (EWF) is somekind of driver/filter that stores the changes done to a system in a backup file. Leaving the system unchanged. Is that correct? How would this work, boot winpe, load this application, and just starts the backup?

Not really. :(

The idea of EWF is to protect files from being written permanently, consider it as a "volatile" filesystem, all in all it behaves a lot like a Ramdisk, what you write is never committed (let alone backed up) to anything "reusable" and is lost as soon as the system is switched off.

As the good MS guys put it it creates an "overlay":

https://msdn.microso...bedded.60).aspx

 

:duff:

Wonko



#13 Uneitohr

Uneitohr

    Frequent Member

  • Advanced user
  • 219 posts

Posted 07 September 2015 - 10:17 AM

So, it's just like DeepFreeze? But free, of course.



#14 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 07 September 2015 - 11:57 AM

So, it's just like DeepFreeze? But free, of course.

Similar to (though different) and definitely NOT free, as a matter of fact it is licensed only on Embedded versions of Windows, which are far from being "cheap".

 

And for the record the good ol' XP EWF did have a mode that allowed commits to the overlay:

https://msdn.microso...mbedded.5).aspx

which were changed in 7 Embedded in the Ram Reg mode (though I believe it is not exactly the same):

https://msdn.microso...bedded.60).aspx

 

There used to be (still for XP) something *very like* DeepFreeze and actually free (that worked nicely and as such the good MS guys decided to discontinue it ;)) called SteadyState:

https://en.wikipedia...ows_SteadyState

that had discard, persist and commit mode, and replaced it with this crap:

https://technet.micr...676(WS.10).aspx

http://www.microsoft...s.aspx?id=24373

 

If you want to play with it it can still be found, like here:

http://ccm.net/downl...ws-steady-state

 

:duff:

Wonko



#15 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 07 September 2015 - 12:07 PM

Wow, I did know about this steadystate legacy xp feature !

Nice :)

 

Who needs google when you have Wonko !



#16 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 07 September 2015 - 12:12 PM

.... legacy xp feature !

Nice :)

Yep :) yet another proof that legacy is not a pejorative:

http://homepage.ntlw...pejorative.html

 

Anyway (still for the record) the good Mark Minasi :thumbsup: made a good nice, working replacement for 7 which is free, "Steadier State" ;) or "Roll Back Windows":

http://www.steadierstate.com/

 

which is nothing but a nice set of simple batch files (which should mean something in times when *anything* is a stupid .Net app) using "native" Windows 7 .vhd booting (it has to be seen if using non-native grub4dos+Winvblock/Firadisk) it can be modified for the non "native booting enabled" versions :unsure:.

 

 

:duff:

Wonko



#17 nicolbiden

nicolbiden
  • Members
  • 1 posts
  •  
    United Arab Emirates

Posted 21 December 2015 - 07:14 AM

Well, this is where batch (or powershell or any other kind of scripting) becomes useful, as an example to dynamically analyze the filesystem and auto-generate a set of commands, but the Robocopy has the /XF and /XD switches (among a zillion other ones):

http://ss64.com/nt/robocopy.html

and strarc has the -e and -i parameters:

http://www.ltr-data....iles/strarc.txt

 

From what you posted before seemed like you wanted to backup everything from all disks but (of course ;)) pagefile.sys, hyberfil.sys (if any) and the C:\Windows\ system directory, which should be not a problem to obtain.

 

:duff:

Wonko

 

Check this one, more about.....Robocopy

 

Biden



#18 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 21 December 2015 - 02:41 PM

Check this one, more about.....Robocopy

 

Biden

 

That is actually "less" (when compared to the already given resource http://ss64.com/nt/robocopy.html(or *almost any* related article on the web, including its Wikipedia entry: https://en.wikipedia.org/wiki/Robocopy )

 

More exactly it appears like a not edited/reviewed assembly of generic informations on the tool, on a "very generic" site that a new user at his/her first post is trying to promote by senselessly reviving this thread ...

 

... and spamming other boards with the same content, *like*.

http://www.kvraudio....c.php?p=6333453

https://gbatemp.net/...on-help.373165/

 

:duff:

Wonko






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users