- AUTOEXEC.NT – used to initialize the MS-DOS
environment. Not registry oriented.
gotcha! this is a 16-bit environment and
does not understand long file names. Any file name used must conform to the 8.3
naming convention.
- CONFIG.NT – used to initialize the MS-DOS
environment. Not registry oriented.
- DEFAULT._ – contains the HKEY_USERS\.Default hive. Default user settings.
- NTUSER.DA_ – new user profile, NT 4.x file.
- SAM._ – copy of HKEY_LOCAL_MACHINE\SAM hive. Contains user and domain account
and password data.
- SECURITY – copy of HKEY_LOCAL_MACHINE\Security hive. Contains local security and
user right data. SAM is a subkey of SECURITY.
- SETUP.LOG – contains setup/configuration
information used in repairs.
- software._ – copy of HKEY_LOCAL_MACHINE\Software hive. Subkeys for each installed
product.
- system._ – copy of HKEY_LOCAL_MACHINE\System hive. Contains system start-up,
device drivers, services, …
directory (\winnt\repair)? YES. Only real difference is that you can have many
copies of the ERD and there is only one repair directory. [excluding situation
where server has so many accounts, that SAM is too large for a floppy disk]
Note: Files with the ._ extension are compressed. System._, Software._,
Security._, SAM._, Default._ and NTUSER.DA_ can all be uncompressed using
EXPAND.EXE.
ERD Related Tips:
- NT ERD – never there when you need it
- Contents of NT ERD
- Steps Performed by the Emergency Repair
Disk
- Disable a Service or Device that Prevents
Windows NT from Booting
- Cracking Windows NT passwords
- Using the
Emergency Repair Disk to Fix Windows NT Problems
- Repair Disk
Secrets Reduce Downtime
- Patch
Available for RDISK Registry Enumeration File” Vulnerability
