Using the RC to Troubleshoot NT 4.0 and Win2K

Recently, I’ve received a lot of mail from folks who have had problems deleting temporary pagefiles from both Windows 2000 and Windows NT 4.0 systems. Some time ago, I wrote about the arduous process that I had to endure to delete a temporary pagefile from an NT 4.0 system—a task that I could accomplish only with the help of a third-party utility. To forestall further pleas for assistance, today’s lesson is about the Win2K Recovery Console (RC) and how you can use it for many troubleshooting tasks, including removing temporary pagefiles.

The RC is a powerful troubleshooting and repair utility that greatly extends the features of the old but trusty Emergency Repair Disk (ERD) utility. A little known fact about the RC is that it runs on NT 4.0 as well as on Win2K.

Recovering a crashed NT 4.0 server is a headache. In many situations, the easiest way to recover a failed NT system is to install a backup system root, boot into the backup root, replace problem files in the production root, boot into the repaired production root, and pray that you covered all the bases. You can make a boot disk that starts NT, and you can use the ERD to restore key system and registry files, but unloading flaky drivers or services that hang the system is difficult. In some cases, the only way to disable a driver or service is to manually edit the component’s registry entry.

Like the ERD utility, the RC lets you repair a corrupt boot.ini file or Master Boot Record (MBR) and check, verify, and replace NT 4.0 components. The RC also lets you replace a bad SCSI or video driver with a good copy, format and partition a hard disk, stop or disable problematic services, and delete a temporary pagefile that prevents you from creating a larger, permanent pagefile. The RC is command-line driven, so it’s very effective when hardware or video driver problems prevent you from interacting with the GUI.

To run the RC, insert the Win2K CD-ROM or the setup disks and press F10 at the Welcome to Setup screen. The RC is a new feature in the Win2K setup utility, which goes by the familiar name of winnt32.exe. You can install a local copy of the RC on either Win2K or NT 4.0, but of course, you can only start a locally-installed program if the OS can access and boot from the system disk. To install the RC, run the Winnt32 setup utility with the Win2K command-line option /cmdcons. From a command prompt, type

f:\i386\winnt32 /cmdcons 

where f:\ is the location of the distribution files or the Win2K CD-ROM.

After you reboot, the RC appears on the boot option menu’s bottom line. After the startup files load, the RC displays a text-based screen that lists Win2K and NT 4.0 installations by partition letter and system directory name and prompts you to select the OS that you want to start. When the RC lists the installations that it recognizes, it doesn’t include the descriptive text for each partition and directory. Thus, if you have multiple roots, you should verify the letter and the system directory name of the partition that you want to start before you boot to the RC. When prompted, enter the local Administrator account password. After the OS loads, the RC displays a command prompt in the system root.

After you install the RC, you’ll see a new line at the bottom of the boot.ini file that activates the RC. The line looks similar to C:\cmdcons\bootsect.dat="Microsoft Windows 2000 Recovery Console" /cmdcons. The installation sets the boot.ini file’s attributes to System, Hidden, Read-Only, and Archive. If you later decide to uninstall the RC, you’ll need to reset the boot.ini file attributes so that you can delete the RC startup line and save the modified boot.ini file.

The RC understands a long list of console commands (see Microsoft article Q229716 for information about each command’s syntax and operation). Using these commands, you can copy, rename, or replace OS files and directories; enable or disable drivers and services; repair crucial boot files; scan hard disks for errors and repair them; create or format hard disk partitions; and more. If you want to run scripts in the RC, you must enable the RC’s Set command.

When using the RC, you'll encounter several restrictions. You can only access the system disk, the \%systemroot% directory, the \cmdcons directory, and removable media, including 3.5" floppy disks and CD-ROMs. You can display other directories on the system disk, but you’ll receive an "Access denied" message if you try to change a file or directory that's located in a directory other than the system root. Also, you can’t use the RC to create new files or copy files from the system disk to removable media. (However, you can copy files from a disk or CD-ROM to the hard disk.) Before you start a repair operation, keep these restrictions in mind and make sure that you have all the information and replacement drivers you need.

Now, here’s how you delete a temporary pagefile that prevents the OS from creating a permanent, adequately sized pagefile. The procedure isn’t exactly straightforward, but it works.

Before you boot to the RC, verify the exact location and name of the temporary or permanent pagefile you want to delete. Both Win2K and NT 4.0 place a permanent pagefile at the top of the system partition (by default) and a temporary pagefile in the system root. In Windows Explorer, search for a file named pagefile and write down the complete path and filename.

Now you’re ready to delete the file. Boot into the RC. At the command prompt, set the default location to the location of the pagefile. If the pagefile is in the root of the C partition and C is your default partition, set your default to C. If the pagefile is in the system root and your system root directory is \winnt32, set your default to \winnt32.

To make the pagefile visible to the RC, you need to overwrite it with the contents of another file. Copy any file to the same location as the pagefile and give it the same name as the pagefile you want to delete. Get rid of the file by typing

delete pagefile.sys 

and type


to restart the system. When you reboot, the OS notices the absence of the pagefile and uses the current Virtual Memory settings to recreate it.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.