Dying hard drive Hail Mary Recovery.

[+Warwagon MVC]

Got brought a computer that was stuck on "Preparing Automatic Repair". The girl who brought it helps her friend with her computer and when she couldn't figure it out she brought it to me. She says her friend uses it for her business. At this point I'm thinking it's just a woman who has a small side gig and uses this computer.

 

As I try to boot into a PE environment put my ear to the drive and it made a very audible (Bad sector retry sound). So I turned to my trusty True Image 2016 bootable media which seams to boot just fine even when mounting a drive with bad sectors. I then started to create a .TIB file of the profile folder telling it to ignore bad sectors, which completed successfully.

 

Then the owner comes over with a new 1TB WD Blue SSD from Walmart. I soon find out how important this computer is. She runs a vinyl printing business and this computer to operates her industrial printers / cutters. Then I found out she bought the business from someone with everything all setup and was no backups no drive images.

 

So I start a sector to sector clone of the drive also ignoring the bad sectors. It would progress and stop progress and stop and it gets towards the end with 11 mins left. Then stops again. This time after 2 hours it will stuck on that spot. This was Thursday around 5pm.

 

As I started the clone I also started a clean install on another spare SSD just incase the clone didn't finish. We found 1 peice of software in the download folder of the profile we recovered. That was able to run one of ther printers. As to what software and version ran the other one, she wasn't sure. She had a cd of a really old version on cd of a peice of software which she thought it might be and it did work, but it was a really old version didn't show the ink levels which has something to do with how she bills. But it did print and it did cut, so it was good enough to get her going for the rest of the week.

 

 

On Sunday 5pm, it was still at 11 mins remaining making repetitive sector retry noises. Finally I turn it off to try to at least get a few folders off the drive. When powering on the drive it instantly made that retry noise and half the time didn't show up to the system. ...Looks like the drive may have rolled over and died.

 

But then I thought, well it got MOST of the drive cloned sector by sector. So I looked at the destination drive and most of the drive showed up as unallocated. I thought MOST of the partition has to to be there, so I used a partition recovery tool and sure enough it was there and it recovered it giving me a browsable file system! 😄

 

 

Then I cloned that drive sector by sector over to another drive. Then ran a chkdsk on the first cloned drive. It found a bunch of issue which is to be expected but to my suprise the chkdsk finished without bombing out. SFC /scannow showed unfixable corruption but that was to be expected.

 

I then ran a bcdboot c:\windows and restarted and low and behold the thing booted up. I made it to the login screen and it wanted a password and of course she has no idea what the password was and the pin had been corrupted. It was also a Microsoft account so I couldn't do an easy password reset. The recovery email was set to the previous owner but for some reason she didn't want to contact them,  So I rename cmd to utilman and backed door my to a CMD prompt at the login screen and enable the administrator account and create a new user account and log into that.

 

Then my first order of business was doing an in place upgrade of Windows 21h1 which went off without a hitch to fix any missing or corrupted windows files. Then I ran sfc /scannow again and this time.. it found and fixed them.

 

 

In the end All of the vinyl software and all of installed software on the machine functions without issue .. the system is operating just as it had before the crash.

 

Who thought it was going to end like that... NOT ME!

 

 

[PaulATMOS]

Well done!

I like that kind of a challenge.

[+Warwagon MVC]

On 26/07/2021 at 22:25, freqnasty said:

Well done!

I like that kind of a challenge.

It was kind fun, but I would have preferred not to have been challenged and them just have better backups and software organization in place.

[goretsky Supervisor]

Hello,

 

What is the backup process that the business owner now follows?

 

Regards,

 

Aryeh Goretsky

 

[+BudMan MVC]

^ exactly... How do people do business without a clue to even what the password is for the machine that runs their business?  No backup, no copy of software they use to run the business?

[Tantawi]

^ Like these two awesome guys, please tell me you set her up with a backup process

[+Warwagon MVC]

On 27/07/2021 at 07:17, BudMan said:

^ exactly... How do people do business without a clue to even what the password is for the machine that runs their business?  No backup, no copy of software they use to run the business?

They also have a NAS sitting next to the computer, as to the size i'm not sure. I can't get log into it as the default password has been changed and obviously not written down anywhere.

 

The only account I can get into is the guest account, which allows me to access the drive and look at the data and mount it in Windows.. Username guest no password. It has full read write access but I can't log into the interface.

 

That one she actually did call someone who previously worked there, but nobody has a clue what the password is. I'm going to get a tally of how much she has at least stored on it and get that backed up to an external drive as well as an offsite backup.

 

You would think when you take over a business you would ask for passwords, but i'm not even sure the previous owners would have known what they were.

 

That is one thing I hate about the Pin Microsoft prompts you to setup and then uses as default. I think When you restart windows you should need the password and then the pin takes over for waking up for sleep.

 

I see this time and time and time and time and time and time again ... when I ask people for their windows password they say something like 3495. Then when I say, no that's your pin whats the actual password... 70% of the people I ask that too have no clue what so ever.

[Dick Montage]

On 27/07/2021 at 13:21, warwagon said:

That is one thing I hate about the Pin Microsoft prompts you to setup and then uses as default. I think When you restart windows you should need the password and then the pin takes over for waking up for sleep.

 

I see this time and time and time and time and time and time again ... when I ask people for their windows password they say something like 3495. Then when I say, no that's your pin whats the actual password... 70% of the people I ask that too have no clue what so ever.

YES!

[+BudMan MVC]

I would suggest you go through her whole setup and fix it!!  All passwords recorded, backups setup and monitored for validity of completion.. All software used to run the business documented, install media stored... Current versions, license codes, passwords, info to install, configs, etc..

 

If passwords for something not know, fix that be either recovery or replacement, reset so that all passwords and info for all things related to the business are documented and stored in a safe place.

 

Looks like you ran into a nice new client that you can fix up and have going forward for more IT support, etc.

 

 

 

[+Warwagon MVC]

On 27/07/2021 at 08:07, Dick Montage said:

YES!

Much like how you have to enter your pin once when you restart your phone or tablet before the finger print works.