dave.caretcake
home
feedburner

Writing.Bypassing Windows Login Screen
Last updated on Sun May 11, 2008 |

Recently, my help was enlisted to recover data from a corrupted Microsoft Windows XP Professional machine. It seems that in uninstalling some antivirus software, something went wrong and Windows became unusable. The problem was that once Windows booted up, it presented the user with a login screen. If the user selected any non-administrative account, the Desktop loaded for a split a second and then immediately went back to the login screen. The Administrator account was also a problem, because it seemed there was suddenly a password set for it . . . even though there never had been before. What's more, Safe Mode, the Windows Repair Process, and every suggestion that Dell (this was a Dell brand computer) and Microsoft had for either resetting passwords, repairing the problem, or otherwise getting past the login loop didn't seem to work. In the end, the user really didn't care about continuing with this particular Windows installation, he just wanted to get some data off so that he could safely re-format the drive and start over from scratch. And, that's where I came in.

Because the user had already spent countless hours trying to work with standard recovery tools and bypassing tricks, my suggestion was to boot to a Linux-based LiveCD to copy the files from the corrupted harddrive over to an external harddrive. I suggested using the Ubuntu 6.06 (Dapper Drake) distribution. (For those of you saying, "Why not <your favorite distribution here>?!?!?" I've tried countless Linux distributions, and I've just personally had the best luck getting Ubuntu to run right-off-the-bat on anything I've ever tried it on. Plus, I felt that Ubuntu's default interface might be easier for a non-Linux user to navigate. I do recognize, though, that there are many other distributions that ultimately could have gotten the exact same job done.)

What follows below are the instructions I wrote up for the user, which ultimately let him recover his data. Please note, these instructions are for using the LiveCD on a non-64bit or non-Sun UltraSPARC-based machine. You'll have the opportunity to select your computer type when you reach step three in "Downloading and Creating an Ubuntu Linux LiveCD" below.

Downloading and Creating an Ubuntu Linux LiveCD
For those of you not familiar with the concept of a LiveCD, let me explain. A LiveCD is a complete operating system on CD-ROM that is able to run from that CD-ROM in a wholly self-sufficient way. By telling your computer to boot from the LiveCD, you load up the alternate operating system without permanently modifying your harddrive(s) in any way. This is a perfectly safe way to try out another operating system, while keeping your current one intact.

  1. Go to http://www.ubuntu.com/getubuntu/download
  2. Check the "Ubuntu 6.06 LTS - Supported to 2009" option under "Desktop Edition."
  3. Check the "Standard personal computer (x86 architecture, PentiumTM, CeleronTM, AthlonTM, Sempron™)" option under "What type of computer do you have?"
  4. Select the location nearest you.
  5. Press the "Start Download" button and save the .iso file to your computer.
  6. Burn the iso file to a CD. It's important that you make sure you tell your CD writing software you're working with an iso file. Simply choosing an option like "Make data CD" often does not work.

Running the Ubuntu CD
NOTE: These instructions assume you have an external USB harddrive attached to your computer so that you can copy the files from the corrupted harddrive to the USB drive. Other types of external storage devices can also be used, but how you reach them through the LiveCD may change depending on exactly what type of external device you're using.

  1. Plug your external storage device into your computer.
  2. Turn on your computer and while it's booting up, open the CD bay, put the Ubuntu CD in, close the bay and restart your computer with the CD already in it.
  3. When the first Ubuntu screen comes up, select "Start or Install Ubuntu." It will take a while for this to load (maybe several minutes).
  4. When the Ubuntu desktop is fully loaded, go up to the left-hand top corner and select: Applications-> Accessories-> Terminal (This will open a window similar to a DOS prompt.)
  5. In the terminal window, type: sudo mkdir /media/winxp (and then press enter).
  6. In the terminal window, type: sudo pico /etc/fstab (and then press enter).
  7. You will now be editing a document called "fstab." There will probably already be two lines at the top of this file. Use the arrow keys to move down the file and add a third line after the first two. The new line should read (all of the 0 characters below are the number zero):

    /dev/hda2 /media/winxp ntfs umask=0002,utf8=true,gid=0,auto,rw,user 0 0

    NOTE: the above line, while probably cryptic to people unfamiliar with Linux and the mount command, simply says to mount (or make available) the physical device "/dev/hda2/" (a reference to your internal harddrive). "/media/winxp" is saying where you want to be able to reach that device once it's available — in the subdirectory called "winxp" which is in the directory "media." The third part tells Linux what type of filesystem to expect on the harddrive; in this case, we say the filesystem will be "ntfs." Another popular choice for older Windows machines is "vfat." The rest of the command tells Linux things like who should be able to access the harddrive files once the drive is mounted. For more on the mount command, please visit http://man.he.net/man8/mount.
  8. Press Ctrl-x and pico will ask you if you want to save the file, type "Y"
  9. Pico will then ask you what name you want to save the modified file as, just press "Enter"
  10. Type: sudo mount -a (and then press enter).
    It's possible you'll get an error message about a wrong fs type. There are several ways that Windows can organize a harddrive, and "ntfs" was just a best guess. If you got this error message, then go back to step 6 and when you get to step 7, modify the line you entered. Instead of "ntfs" try "vfat". After you make the change, follow steps 8, 9, and 10 again. If everything worked, you shouldn't get any messages after running "sudo mount -a" Another possibility is that you have multiple harddrives and the one you're having the problem with is not called /dev/hda1/. Read the section titled, "What's my harddrive called?" below.
  11. Close the window you've been typing into.
  12. Go to the top left-hand corner again and select: Places-> Computer-> Filesystem-> media-> winxp (This should show you the complete contents of your Windows harddrive.)
  13. Click on the icon on your desktop for your external USB storage device to open a second window showing the contents of that drive.
  14. Copy whatever you want from the Windows window to the external harddrive's window.
  15. Close all the windows.
  16. Go to the top left-hand corner again and select: System-> Quit-> Shutdown

What's my harddrive called?
The following section is only needed if you got stuck at step number ten above.

In the Linux operating system, physical devices (harddrives, cd-rom drives, webcams, etc) are associated with a specific name on the computer in the format, /dev/name/ where name is some reference to the type of device and its unique identity. Because you're trying to get information off of an internal harddrive, we're going to focus on two possibilities: /dev/hd*/ and /dev/sd*/. In general, the "hd" label identifies IDE devices while the "sd" label points to SCSCI, SATA, and other devices. There is a quick and dirty solution to figuring out which you're using if you don't already know. Those instructions follow below:

  1. On the desktop, go up to the top left-hand corner and select Places-> Computer. That'll show you all of the drives and devices recognized by Ubuntu. What you'll probably see is a listing for your CD-ROM drive, your external storage device, "File System", and one or two things listed as some number of gigabytes of volume. The ones labeled Volume are your actual hard drives. You may only have one, but multiple partitions on a single drive or multiple physical drives will show up as multiple Volume icons.
  2. Double-click on one of the Volume icons. It'll probably give you an error message that says,
    Unable to mount the selected volume
    > Show more details.
  3. Click on the arrow next to "Show more details" to see more details. The details will tell you "Error: device [something] is not removable." The information in brackets is what it's calling your hard drive — write this down. It should look like "/dev/hda5" for example.
  4. Click "ok" to close the error message window.
  5. If you have multiple Volume icons, go through the same process for all of them and write down what your drives are being called.
  6. Close all your windows to go back to the desktop.
  7. Go back and redo steps 4-6 in "Running the Ubuntu CD."
  8. When you get to Step 7, replace the "hda1" with whatever you found in steps 3 or 4 in "What's my harddrive called?" (If you found multiple Volume icons, you may have to repeat this step a few times until you find your main drive partition.)
  9. When you're able to get past Step 7 in "Running the Ubuntu CD," just continue on with steps 8-17.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License. Creative Commons License
© 2008, Dave Rankin. · Contact Information · Privacy Policy