NT Gatekeeper: Using Rdisk and the ERD to Back Up NT Security Information

A Windows NT 4.0 Emergency Repair Disk (ERD) contains information about a system's SAM. What happens if the SAM is too large to fit on a 3.5" disk? Will Rdisk fail? Will Rdisk let me exclude the SAM from the information stored on the ERD?

Let's start with a short overview of Rdisk and the ERD. Rdisk is a utility that ships with NT 4.0 and lets an administrator back up a system's registry and key system files. The latter files include autoexec.bat, config.sys, and setup.log. The bulk of the registry information comes from a system's winntsystem32config directory. The user portion is extracted from a system's winntprofiles directory (ntuser.dat file). Rdisk stores this information in a compressed format in the winntrepair directory. Rdisk starts automatically at the end of every NT 4.0 installation. You can also run it from the command line anytime after the installation.

Rdisk includes an option to create an ERD, which is an indispensable disaster-recovery tool. The ERD is a 3.5" disk that contains the information stored in a system's repair directory.

By using the ERD, you can reset a system to a previous known state, perhaps after registry files become corrupted or an administrator's password is lost.

Not many people know that by default, Rdisk doesn't update the security and SAM files. Microsoft set Rdisk up that way for three reasons:

If you want Rdisk to back up your security configuration as well, add the ­s or /s switch to the command. Typing

rdisk ­s

at the command line brings up a Saving Configuration dialog box that shows the progress of the backup. (This dialog box also appears at the end of an NT 4.0 installation when NT updates the repair directory.) If the content of your repair directory is too big to fit on a 3.5" disk, the ERD creation process will obviously fail.