A. A. If you attempt to replace any of the core NT system files a message will be displayed saying the file is currently locked. The Windows NT Resource Kit ships with MV.EXE which is a 32 bit version of the POSIX MV utility which allows file moves to be scheduled for the next reboot which will mean the system files will not be locked by the operating system.
The basic format of MV is as follows:
c:\>mv /x /d d:\temp\ntfs.sys d:\winnt\system32\drivers\ntfs.sys
The /x means do not save a copy of the file that is replaced. If you do not specify /d a hidden,system subdirectory "deleted" will be created under the destination directory and a copy of the original file placed there.
The /d means do not copy the file until reboot time. The first file name is the file to be copied and the second the the destination name and directory of the copy.
You can do this without using the MV.EXE utility by just manually updating the registry (which is all MV does)
- Start the registry editor (regedt32.exe not regedit.exe)
- Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
- Double click on PendingFileRenameOperations (or create of type mutli_str if it does not exist)
- On the first line is the name of the file that will be replacing the
current file with \??\ in front, e.g.
\??\d:\time\ntfs.sys - On the second line is the file to replaced with !\??\ in front, e.g.
!\??\d:\winnt\system32\drivers\ntfs.sys - Click OK
Below is an example value for PendingFileRenameOperations
Once the reboot is complete and the file replaced the PendingFileRenameOperations value will be deleted from the registry.
