One Step Recovery Using Symantec Ghost.

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

BEFORE I START:The following guide will help you install a boot message when the system boot from hard-disk to restore using any of the key combination. This guide will use F-10 as the key to initiate an automated recovery of partition using Ghost in DOS mode. This is similar to recovery presented by OEM manufactures like DELL/IBM etc. The restore files or ghost images are stored in a hidden partition, which would prevent unauthorized access through windows. For the snap shot purpose, I have used a virtual machine to test. These steps work on actual hardware as well. I tested the software on virtual machine using VirtualBox (http://www.virtualbox.org/). The Ghost Suite used for testing is 30-day trial version which can be downloaded from Symantec site after registration. In my opinion it would let you create backup in DOS mode but wont let you restore using DOS mode. In full version this would not be a limitation. Things that you would need before you start:1. Virtual Machine(for simulating like http://www.virtualbox.org/) or actual hardware to test 2. Symantec Ghost software which will run in DOS mode 3. MS-DOS or Free-DOS bootable Disc. 4. Master Boot-loader (http://mbldr.sourceforge.net/) 5. Keyboard scan code list to have a custom key to initiate recovery. Mentioned at the end of the guide for reference.

[email protected]; [email protected]

Page 1

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

ONE STEP RECOVERY IMPLEMETATION GUIDE First step would be setting up the whole system and creating partitions and all. I take the following example configuration for the hard disk. The hard disk is 200GB capacity. The following would be partition created:1. First partition of 50GB (approx) – Operating System 2. Second partition of 70GB (approx) – user data 3. Third partition of 70GB (approx) – user data 4. Third partition of 10GB (approx) – Recovery partition.

CREATING HARD-DISK PARTITIONS:This is how I created the partitions using Windows XP setup. 1. I create first partition of 50Gb using the windows setup and leave the rest 150GB as unpartitioned space. I let windows XP install. This partition will be primary partition, which windows create for installation. 2. Then when Windows XP is loaded, I do to disk management tool by right click My Computer-. Manage -> Disk Management. 3. I create extended partition of 140GB out of the 150GB shown there as unallocated space and format using NTFS. 4. I create two logical partitions of approx size 70GB. You can label this partition if you want. This is where you can put your files etc 5. The remaining 10GB, I create another partition i.e. primary again and format using FAT32 file format. I labeled this as RECOVERY This is the hard-disk structure for the given experiment. You can create more partitions but try limiting primary partitions to two. I read in some blogs too many (I think 3) may fail Ghost to work properly. If you have any other disc management software create Disc configuration which suites your need but try keeping two primary partition one for the operating system and other for the Ghost recovery. I have shown a snapshot of the current hard-disk configuration below to have a clear picture.

[email protected]; [email protected]

Page 2

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

[email protected]; [email protected]

Page 3

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

INSTALLING NORTON GHOST Download the trial from the Symantec site or if you have the full version install it using the disk or setup provided.

[email protected]; [email protected]

Page 4

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

Additionally, I have taken a snapshot of the license window, which was emailed, to me for testing the trial version.

[email protected]; [email protected]

Page 5

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

[email protected]; [email protected]

Page 6

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

WORKING WITH SYMANTEC GHOST So to have recovery purpose you would require to copy the DOS-executable of Ghost and Gdisk( optional but useful if you use it disc management) into the RECOVERY partition. Therefore, I copy the ghost.exe and gdisk.exe from the program files where the ghost is installed.

[email protected]; [email protected]

Page 7

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

MAKING RECOVERY PARTITON BOOTABLE There are two ways to make the RECOVERY partition bootable. 1. Using MS-DOS bootable disc provided with win98SE/winME 2. Using Free-DOS and installing it on the RECOVERY partition. 3. IBM PC-DOS

For MS-DOS once you boot into the command prompt type “sys C:” This would copy the file needed to boot the partition. This is the bare-minimum files, which it will copy to boot this partition and run Ghost.exe. I don’t know what is the relevant command or setting in Free-DOS or IBM PC-DOS for that matter. The following steps apply to MS-DOS. 1. Edit the MSDOS.sys with the following contents. Remove all the text present in the MSDOS.sys and paste the lines below:[Options] BootWarn=0; set to 0 to disable the safe boot warning message BootWin=1; set to 1 to force Win98 system to load at startup Logo=0; set to 0 to prevent animated logo from appearing 2. Edit the AUTOEXEC.bat file in RECOVERY partition and add following lines SET TZ=GHO-04:30 ghost.exe or the restore command-line if you have bootable ghost disc to create backup 3. In the AUTOEXEC.BAT you can add the command line to perform the automation task of recovering the partition without user interface.

[email protected]; [email protected]

Page 8

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

WORD ON PARTITION NUMBERING BY GHOST The best part of Ghost is that it eliminates the confusion of the drive letters by using Numbers like 1 or 2instead of drive names like C or D etc. The current hard-disk configuration will look like this:
C partition would be 1:1
D partition would be 1:2
E partition would be 1:3
F partition would be 1:4 In the numbering above like 1:2 indicates the 1 as the hard-disk number and 2 and the partition number. This would come handy when booting in DOS mode. When I boot in DOS mode, DOS doesn’t recognize the C, D and E drive as its NTFS and relabels the FAT32 drive as C drive which actually is F drive in reality. Hence, number mode should be preferred for command line operations for correct backup and recovery.

[email protected]; [email protected]

Page 9

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

TAKING BACKUP OF THE PARTITION If you have Ghost bootable disc use that one to create the backup. I strongly recommend it because this would save time in editing the RECOVERY partition startup files. If you have the bootable disc, I would suggest go to section taking initial backup and then set the recovery key.

[email protected]; [email protected]

Page 10

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

SETTING UP THE RECOVERY KEY You would need to set up a recovery key which is displayed for sometime on the screen to initiate the recovery at the time of boot-up else will boot into the windows operating system. To edit MBR of the hard-disk I use a tool “Master Bootloader”. The best part of it is, it’s free and open source and above all you can custom the message and time out and other features quickly. This can be downloaded from http://mbldr.sourceforge.net/. I downloaded the windows version from available options. Run the mbldrgui.exe from windows mode. The first screen shows the hard-disk. Select the hard-disk present.

[email protected]; [email protected]

Page 11

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

The next screen is where I modify all the settings are made to activate the recovery key and hide the RECOVERY partition. You would see two primary partitions, One is NTFS where Windows is installed and second is FAT32 where you have copied the bootable files. The Master Bootloader can perform several tasks of arranging boot order and timeout and all. We will deal with setting up functionality of adding a recovery key and display a message at boot-up to start the process. Now before you commit change to the MBR, I would recommend that you backup the MBR in case you would like to remove the recovery button option at some later stage. To set up the recovery key we need to have keyboard scan codes. Check the last section of the guide for this. I wanted to use the F-10 as the recovery key. The Master Bootloader sets the keys in sequence after the first key you select. So I keep the recovery PARTITION order on top of list. This means the F-10 key would be set for RECOVERY partition. The scan code for F-10 is 68 (44 in hex) as mentioned on the guide. Therefore, I use that. I have presented the full settings screenshot for the same below. The * against the partition shows which one is default partition to boot. I set that as the NTFS with windows installed. Finally I click save to MBR.

[email protected]; [email protected]

Page 12

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

[email protected]; [email protected]

Page 13

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

CREATING THE INITIAL BACKUP When the system restarts, press F-10 to boot into Ghost in DOS mode. The step would be to create a backup in the RECOVERY partition.

The second step is to select the partition to backup and then the destination of the image which will be in RECOVERY partition.

[email protected]; [email protected]

Page 14

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

Don’t confuse the C shown here with the actual C partition. This is the DOS C drive which happens to be FAT-32. Select the destination in RECOVERY partition with Image name.

[email protected]; [email protected]

Page 15

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

The backup process starts up and displayed as follows.

[email protected]; [email protected]

Page 16

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

[email protected]; [email protected]

Page 17

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

EDITING THE START-UP FILE TO AUTOMATE RECOVERY I haven’t fiddled around much with Free-DOS so currently I will mention the command line which can be used to recovery the C drive from the image copied in MS-DOS. The command line should be put in the AUTOEXEC.bat which is stored in RECOVERY partition. The place where we initially had Ghost.exe written should be replaced with this. ghost.exe -clone,mode=prestore,src=1:4\CImage.gho:1,dst=1:1 -sure>null The src=1:4\Cimage.gho will indicate the location of Ghost Image on the 4 partition of the disk which will be restore to 1:1 i.e. first partition of disk i.e. C(NTFS). Now since the backup has been taken we need to automate this recovery system. The RECOVERY partition is hidden in windows. We can boot using the Win98se disc and use edit C:\autoexec.bat command. This would open up a text editor in DOS, replace the ghost.exe with the command line above. I would recommend to put a password when you create a backup. This would prevent accidental recovery without any confirmation.

The full version would let you recover using the Ghost in DOS mode. For trial version it won’t let me restore using ghost in DOS mode.

[email protected]; [email protected]

Page 18

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

[email protected]; [email protected]

Page 19

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

REMOVING THE RECOVERY KEY FROM BOOT-MENU There maybe a chance you would want to remove the recovery key and revert to normal situation. There are two options available:1. Using master Bootloader:- If you had taken a backup of the MBR before setting up the Recovery key you can restore it using the option in GUI provided. Generally, I would set the options and then remove the whole setup from the Hard disk to avoid anyone fiddling around with the boot sector or option. 2. The second and safer way is to use GDisk32 utility if in Windows Mode. Type the command a. “Gdisk32 1 /mbr /z” to restore the MBR to original one. The next step is to unhide the RECOVERY partition, so you should use this command. “Gdisk32 1 /-hide /p:5” You must be surprised that why number 5 when RECOVERY partition is 4th in number. Well when the list pop ups it shows the extended partition is shown as 2 hence there is shift of 1 for every partition. Restart the system and its all back to normal.

[email protected]; [email protected]

Page 20

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

KEYBOARD SCAN CODES Physical keys scan codes

Code

Key

Code

Key

Code

Key

00 01 02 04 05 06 07 08 09 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1E 1F 20 21 22 23 24 25 26 27 28 29 2B 2C 2D 2E 2F 30 31 32 33 34 35 37 3B 3C

NoKey ALT-Esc ALT-Space CTRL-Ins SHIFT-Ins CTRL-Del SHIFT-Del ALT-Back ALT-SHIFT-Back SHIFT-Tab ALT-Q ALT-W ALT-E ALT-R ALT-T ALT-Y ALT-U ALT-I ALT-O ALT-P ALT-LftBrack ALT-RgtBrack ALT-A ALT-S ALT-D ALT-F ALT-G ALT-H ALT-J ALT-K ALT-L ALT-SemiCol ALT-Quote ALT-OpQuote ALT-BkSlash ALT-Z ALT-X ALT-C ALT-V ALT-B ALT-N ALT-M ALT-Comma ALT-Period ALT-Slash ALT-GreyAst F1 F2

3D 3E 3F 40 41 42 43 44 47 48 49 4B 4C 4D 4E 4F 50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F 60 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F

F3 F4 F5 F6 F7 F8 F9 F10 Home Up PgUp Left Center Right ALT-GrayPlus end Down PgDn Ins Del SHIFT-F1 SHIFT-F2 SHIFT-F3 SHIFT-F4 SHIFT-F5 SHIFT-F6 SHIFT-F7 SHIFT-F8 SHIFT-F9 SHIFT-F10 CTRL-F1 CTRL-F2 CTRL-F3 CTRL-F4 CTRL-F5 CTRL-F6 CTRL-F7 CTRL-F8 CTRL-F9 CTRL-F10 ALT-F1 ALT-F2 ALT-F3 ALT-F4 ALT-F5 ALT-F6 ALT-F7 ALT-F8

70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F 80 81 82 83 84 85 86 87 88 89 8A 8B 8C 8D 8E 8F 90 91 94 97 98 99 9B 9D 9F A0 A1 A2 A3 A5

ALT-F9 ALT-F10 CTRL-PrtSc CTRL-Left CTRL-Right CTRL-end CTRL-PgDn CTRL-Home ALT-1 ALT-2 ALT-3 ALT-4 ALT-5 ALT-6 ALT-7 ALT-8 ALT-9 ALT-0 ALT-Minus ALT-Equal CTRL-PgUp F11 F12 SHIFT-F11 SHIFT-F12 CTRL-F11 CTRL-F12 ALT-F11 ALT-F12 CTRL-Up CTRL-Minus CTRL-Center CTRL-GreyPlus CTRL-Down CTRL-Tab ALT-Home ALT-Up ALT-PgUp ALT-Left ALT-Right ALT-end ALT-Down ALT-PgDn ALT-Ins ALT-Del ALT-Tab

A list of scan codes for special keys and combinations with the SHIFT, ALT and CTRL keys can be found in table below. They are for quick reference only. [email protected]; [email protected]

Page 21

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

Special keys scan codes

Key

Code

NoKey F1 F2 F3 F4 F5 F6 F7 F8 F9 F10 F11 F12 Home Up PgUp Left Center Right end Down PgDn Ins Del Tab GreyPlus

00 3B 3C 3D 3E 3F 40 41 42 43 44 85 86 47 48 49 4B 4C 4D 4F 50 51 52 53 8

[email protected]; [email protected]

SHIFT-Key

CTRL-Key

Alt-Key

54 55 56 57 58 59 5A 5A 5B 5C 87 88

5E 5F 60 61 62 63 64 65 66 67 89 8A 77 8D 84 73 8F 74 75 91 76 04 06 94 90

68 69 6A 6B 6C 6D 6E 6F 70 71 8B 8C 97 98 99 9B

05 07 0F

9D 9F A0 A1 A2 A3 A5 4E

Page 22

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

FINAL WORDS I read the recovery manual given along, the utility mentioned for setting boot menu was SRFixMbr.exe along with SRFixMbr.xml. It seems in the trialware they didn’t want to give in for evaluation. However, the manual itself wasn’t explaining what this would do. Simple telling about setting and not explain what each will do was showing pretty laid back attitude of the company. If I search for SRFixMbr to know what this application does, I end up with the official forum https://forums.symantec.com/syment/board/message?board.id=109&thread.id=12279 where people still await what this is. Nothing has come forward from the Symantec. I hope you find this guide useful and I appreciate any feedback or suggestions in this regard. Email is provided in the footer.

[email protected]; [email protected]

Page 23