-
Notifications
You must be signed in to change notification settings - Fork 76
Windows disaster recovery with WinPE and burp
- Wai Keong Phan: First completed a bare metal restore on Windows 7 and wrote the first draft.
- Graham Keeling: Edits to the original draft, with help from Wai Keong Phan and Michael Da Cova.
- Peter Maloney: First completed a bare metal restore on Windows 8, updated the instructions and converted them to the wiki.
- jirib: Restructured, updated and confirmed this howto working on Windows 2016 R2 (2018-03-01).
INFO: If you completed successfully bare metal restore of a Windows OS version with WinPE and burp, please update Validated on section.
- Doing backup
- Preparing WinPE bootable media
- WinPE doc
- Download files for WinPE
- Deployment and Imaging Tools Environment
- WinPE image customization
- Adding additional drivers into WinPE environment
- Adding burp to WinPE environment
- Testing if burp works from WinPE environment
- Create WinPE bootable medium
- Booting WinPE for disaster recovery
- partitioning, making volumes
- getting backup sw config files from a network share
- restoring files onto just created filesystem
- repairing MBR and boot loader
- reboot
- Post-restore testing
- Validated on
Follow Windows client installer for details and initialize backup if none exists.
- (https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install)
- (https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-mount-and-customize#span-idmounttheimagespanmount-the-windows-pe-boot-image)
- download ADKSetup.exe
- (optional) if you would be building WinPE on a computer disconnected from Internet, run ADKSetup.exe and select 'offline' mode to get all files for WinPE building
- run ADKSetup.exe, it will download remaining data from Internet
- (optional) run ADKSetup.exe from download directory
- select features (Deployment Tools, Windows Preinstallation Environment or other as needed)
Start the 'Deployment and Imaging Tools Environment' as an administrator
copype amd64 C:\WinPE_amd64
Above command will copy WinPE files into defined directory.
Mouting the image (boot.wim)
Dism /Mount-Image /ImageFile:"C:\WinPE_amd64\media\sources\boot.wim" /index:1 /MountDir:"C:\WinPE_amd64\mount"
Above command will mount boot.wim image file as C:\WinPE_amd64\mount
Copying burp files.
xcopy /E "C:\Program Files\Burp" "C:\WinPE_amd64\mount\Burp"
del install
del Uninstall*
notepad burp.conf
Modify burp.conf so C:/Program Files/Burp is changed to X:/Burp.
subst X: C:\WinPE_amd64\mount
X:
cd Burp
bin\burp.exe -c burp.conf -a l
Save local changed and unmount WinPE bootable image file.
Dism /Unmount-Image /MountDir:"C:\WinPE_amd64\mount" /commit
If we have a disk represented as F:.
MakeWinPEMedia /UFD C:\WinPE_amd64 F:
TODO: needs clarification, recently untested.
cd "C:\WinPE_amd64\mount\Burp"
oscdimg -n -betfsboot.com media %HOMEPATH%\winpe_amd64.iso
Create file system for original C:, it will be represented as F: for now.
Note: I could not assing C: to destination disk on Windows 2016 R2 inside WinPE environment, thus F: is choosen above.
You should know your original disk layout!
> diskpart
DISKPART> list disk
DISKPART> select disk 0
DISKPART> clean
DISKPART> create partition primary size=500
DISKPART> create partition primary
DISKPART> select partition 2
DISKPART> active
DISKPART> assign letter=F
DISKPART> format fs=ntfs quick
DISKPART> detail disk
DISKPART> exit
X:
cd "X:\Burp"
burp.exe -a r -b <backup_number> -c burp.conf -d F:\ -s 1 -f
Note: This was tested only on Windows 20016 R2. Older version of this 'howto' mention commands like bootrec /rebuildbcd and recommend booting original installation medium and repairing MBR.
cmd /C F:\Windows\System32\bcdboot.exe F:\Windows /s F: /f ALL /v
wpeutil reboot
tbd
- Windows 2016, burp 2.1.28 (client), 2.0.54 (server) - 2018-03-01, jirib@
-
If you want to create a WinPE disk image, for example for a virtual machine environment, you can use virtual disk (VHD*), see (https://blogs.technet.microsoft.com/jamesone/2009/05/26/how-to-work-with-vhd-files-at-the-command-line/), then you can convert the VHD* image to whatever format you want with
qemu-imgor some other tool -
X:\Burp\burp.confis specific to one unique burp client and thus if you want to reuse final WinPE bootable media, you have to make burp.conf generic and delete the clients's SSL keys, so the media does not leak sensitive info.cd "C:\WinPE_amd64\mount\Burp" del ssl_cert* del CA* notepad burp.confReplace
server,cname(client name),passwordand any other sensitive values with something<modify>.Finally, rename
burp.conftoburp.conf.sampleto make it clear there's a need for manual modification.ren burp.conf burp.conf.sampleYou can get client's specific configuration and SSL keys from, for example, a network share.
-
to add additional drivers so something like following:
dism /add-driver /image:"C:\winpe_amd64\mount" /driver:"D:\Drivers\viostor\2k16\amd64\viostor.inf" dism /add-driver /image:"C:\winpe_amd64\mount" /driver:"D:\Drivers\NetKVM\2k16\amd64\netkvm.inf" dism /add-driver /image:"C:\winpe_amd64\mount" /driver:"D:\Drivers\vioscsi\2k16\amd64\vioscsi.inf"Here we add couple of VirtIO drivers for VM use.
-
it can be handy to have a VNC server installed and configured on WinPE image, see (https://github.com/sjkingo/winpe_vnc)
-
it can be useful to have a network share with burp configuration files, ssl keys etc...
net use * \\<computername>\<sharename> -
for restore, it's good to dump partitioning info about working environment and have it accessible during disaster recovery process