Un-Hobble the Windows Recovery Console

There's a virus-infected file on my hard disk that I can't delete, so I'm trying to use the Windows Recovery Console to excise it. But the WRC apparently will only let me delete files in the root directory and in c:\Windows. What gives?

The WRC does more than repair master boot records; it provides access to the files on your hard disk when Windows isn't running, allowing you to copy, delete, or rename them as you see fit. However, it won't let you do this until you release a
restriction that's in place by default.

Return to Windows, go to Start --> Run, type secpol.msc, and press Enter to start the Local Security Settings editor. Navigate to \Security Settings\Local Policies\Security Options in the tree on the left, and double-click the "Recovery Console: Allow floppy copy and access to all drives and all folders" entry on the right. Select Enabled, and click OK.

Next, return to the WRC and type: set AllowAllPaths = true

Make sure to include the spaces before and after the equals sign, and press Enter. Thereafter, you can delete any file in any folder. Although the change you made in the Local Security Settings is permanent, you'll have to issue the above set command once each time you use the WRC.

You may have noticed a Catch-22 of sorts in this fix. If Windows won't boot and you're using the WRC to effect repairs, you won't be able to release the Local Security Settings restriction. In this case, you'll either have to live without the ability to delete files in other folders, or install a second copy of Windows XP on another partition and delete the file from there.

0 comments: