Posted by: Ed Tittel
Desktops, Enterprise desktop, ISO Recorder PowerToy, Trinity Rescue Kit, TRK, Windows Vista, Windows Vista SP1, Windows Vista troubleshooting
Occasionally, admins need to break the rules that Vista applies–sometimes quite severely–to its users. Case in point: Vista absolutely refuses to permit any account to delete files from the %windir%\System32 and %SystemDrive%\Program Files directories. You can try all kinds of contortions: changing permissions, forced delete utilities, command line install repair console, and so forth, to get rid of such things without success.
On the other hand, there is sometimes virtue in booting a Vista machine with a different operating system when the time comes to violate such rules and restrictions. Belgian developer Tom Kerremans (who goes by the nomme de wire “Harakiri”) has created a bootable ISO image called the Trinity Rescue Kit (TRK) that can help savvy admins to sidestep such restrictions, when they have Vista problems that they know how to fix, but simply can’t fix inside Vista itself.
For the issue described (deleting files in restricted Vista directories) you can copy the ISO image to a USB Flash drive (assuming your Vista PC’s BIOS will let you boot from such a device) or burn a bootable CD from that image (Alex Feinman’s ISO Recorder PowerToy makes this quite easy to do). When you boot from the TRK image, it does a very good job of recognizing Windows system hardware and loading the correct drivers to create a workable Linux command line environment (bash for those who appreciate the various shell possibilities this might mean).
After that, you can use Kerreman’s mountallfs -g shell script to mount all of your NTFS drives for access inside TRK. As it happens, the -g switch is absolutely essential, because the default NTFS driver loaded when this parameter is missing preserves Vista’s NTFS restrictions, and won’t let you delete or alter protected files, either! With the right mountpoints loaded, you can use the ls, cd, rm, and rmdir commands to navigate to the drive you want to manage, jump into the target directories, and delete what you like. In my case, I used this facility to delete the %windir% and %SystemDrive%\Program Files directories from an old former system/boot drive I had converted to a data drive in the wake of the crash of the other drive in a mirrored pair. In a more typical case, admins might use this capability to remove pesky malware-related .exe or .dll files from either or both of these directories.
Other useful TRK facilities include NTFS boot sector repairs (relocntfs), a mass clone (mclone) utility to clone Vista images over the network to multiple machines using multicast IP, a Windows install locator (winpass), remote access support (TRSP), various drive rescue tools (ddrescue and dd_rescue, memtest86+ version 2.01, and a whole bunch more. For a more in-depth look at TRK (a couple of versions back: the package is currently at 3.3 and the review is 3.1) check out Mayank Sharma’s review at Linux.com.