Windows file protection on damaged partition.

I've got a PC that will not allow windows to boot correctly (BSOD every time). I've extracted the HDD and anylized the error. It is a flaw in windows and the customer has agreed to a re-format rather than a repair of the OS. I know the account's password, but I cannot extract files from the locked folders (Documents and Settings>#User Name#). Any ideas what utility I can use, or what I can do to extract the info?

Thanks!!
war6763Asked:
Who is Participating?
 
Rich RumbleSecurity SamuraiCommented:
Take ownership? http://technet2.microsoft.com/WindowsServer/en/library/6f097abe-d1d9-4d16-93c5-7326aa1f33791033.mspx?mfr=true
You can also try an OS that doesn't care about NTFS rights, you can mount NTFS drives with linux and copy files with no regard for NTFS rights...
-rich
0
 
ksbalamuralikrishnaSenior ManagerCommented:
Try connecting the HDD  as secondary harddisk to another system running Windows XP/2000 operating system. Log in using administrator account and copy datas from the secondary HDD.  Later re-format the hdd, install OS and restore the datas.
0
 
InfoStrangerCommented:
Solution 1:
You can SLAVE the machine and do what richrumble says. (This is easiest with a desktop.)  Don't use the login on the HDD.  Use your Admin account when doing the Take Ownership.  (I did similar Take Ownership.  It works great.)

Solution 2:
Use Knoppix. http://www.knoppix.org/     (NOTE: You need a network connection.)
Yeah, I know it is for FAT32. (It worked for WIN XP NTFS, as well)  
1) Download from the mirror closes to you.
2) Create an ISO CD from your burner
3) pop it in and load it up
4) You can then SMB:\\ to the location of the computer you want the files stored (Make sure the destination machine is setup.)
Macs are easiest for this cuz they tell you.  WIN, you need the name of the Computer and the folder name that is shared.

I have transferred to WIN XP and Mac OS X through this method.  But each setup is different you will need to find yours.  I had laptops, so it was a bit trickier since I was only allowed one HDD.

You remember the XP SP2.  :P
0
 
jakosysadminCommented:
InfoStranger, what about the xp sp2?

war6763, both, the ownership takeover and custom NTFS drivers (for Linux), which richrumble already suggested, ought to work, but if the client of yours would have used EFS* and you had no backup certificates of his/her login (which is often the case), then you would definitely need to log in as the client.
Throwing out all the unnecessary hardware, drivers and software might help to overcome the BSOD and therefore help you to log in as customer. Refer to the M$KB article: http://support.microsoft.com/kb/314058 on how to use the recovery console to disable unnecessary drivers and services to get rid of the BSOD.

*The Microsoft(tm) Windows(tm) EFS encrypts files, just as it's name suggests with a key pair associated to a user SID. User which is deleted and recreated will use new SID and a new cert and will not be able to open files from the EFS volume encrypted by the previous user.
_
jako
0
 
InfoStrangerCommented:
jakopriit,

I guess you may not have remember about the incident of the WIN XP.  When it went to SP2 from SP1, it rendered some computers into infinite loops.  I had one.  Most just slow down.  I had another that you can not past splash screen.

It just reminded me of what happened.  Even though M$ said to delete the file and go back, it only worked sometimes.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.