Hack 90 Collect Disaster Recovery Files

figs/moderate.gif figs/hack90.gif

Use this handy script to gather emergency repair files and event logs from Windows 2000 servers on your network.

Collecting Emergency Repair (ER) files can be a tedious, time-consuming, and often forgotten task for Windows 2000 administrators. Usually, the lowest man on the totem pole gets this responsibility only after a server goes down, when the easy fix would have been to use the ER diskette but an updated ER diskette was unavailable, leaving the server down for hours. Management then begins searching for a GUI-based product that will collect ER files and simplify everyone's life. Companies like Aelita charge $99 per server to collect ER disks from a remote server and charge $599 per server to collect remote event logs. If you follow this hack, you'll learn how to script the collection of ER files and event logs from remote servers for free.

The script runs an update of the system's Emergency Repair files using rdisk.exe, uses the built-in winmsd.exe utility to save system information, and uses the following Microsoft Windows NT/2000 Server Resource Kit tools:


To collect more information about the system


To audit shares and security settings


To save information from the system's event logs.

After it collects all this information, the script copies it to the repository server. If you schedule the script to run at least once a month, you'll have most of the information you need to restore the system in the event of a failure. In my environment, I run the script every Sunday evening.

When choosing a suitable repository server, make sure the machine has enough hard-drive space to hold all the disaster recovery files. I run this script against 70 servers and use 650 MB of space. An NT 4 server machine will use about 1.5 MB of space on your hard drive, and a Windows 2000 Server will use about 20 MB of space. If you can, run the script on a Windows 2000 machine, because using UNC path names are easier, srvinfo.exe will work properly, and the script can be scheduled to run under a different user account.

The Code

There are four separate files you need for running this hack: Disaster.bat, PassList.bat, ReadList.bat, and ServerList.txt. Following is the code for each of them; instructions on how to customize them for your own environment are covered in the next section.

REM ***********************

REM Author: David Jaffe

REM Runs Disaster Recovery Commands On Servers. 

REM Version 1.1 

REM Will Break Out NT 4 Servers From Windows 2000 Servers In Next Version

REM ***********************

If "%OS%"=="Windows_NT" goto MAIN

If not"%OS%"=="Windows_NT" goto DOSEXIT


REM This copies ERD files from the target computer to a central repository

net use Q: \\%1\c$ 

c:\winnt\system32\xcopy.exe q:\winnt\repair\*.* e:\erd\%1\ /q /r /h /y

net use Q: /delete /y

REM Collect Services and Driver details plus more info about the server. Writes the REM 

text file to the folder where the script ran from.

winmsd \\%1 /a /f

REM Collects Basic Info about remote target. Writes a text file to the folder where the 

script ran from.

srvinfo -ns \\%1 >srvinfo.txt 

REM Collects Shares and security settings. Writes a text file to the folder where the 

script ran from.

srvcheck \\%1 >shareinfo.txt

REM Collects all event logs and writes text files for each node. Writes the REM text file 

to the folder where the script ran from.

dumpel -f eventsys.txt -s \\%1 -l system

dumpel -f eventapp.txt -s \\%1 -l application

dumpel -f eventsec.txt -s \\%1 -l security

REM Copies and deletes all text files found in the folder the script ran from.

REN serverlist.txt serverlist.doc

copy c:\erdscript\*.txt e:\erd\%1\

DEL  c:\erdscript\*.txt



echo This Program Requires NT 4 Or 2000 Server To Run

REM Reads The ServerList.txt And Passes The Names to Passlist.bat

REN serverlist.doc serverlist.txt

for /F %%A in (c:\erdscript\serverlist.txt) do (call c:\erdscript\passlist.bat %%A)
REM Runs The Commands Listed In Disaster.bat Incremmentally On Each Machine Listed In 


c:\erdscript\Disaster.bat %1





and so on.......

Running the Hack

To make the script work in your network, download the files from http://www.oreilly.com/catalog/winsvrhks/ (there is also an NT version of the scripts, if you still have NT servers running on your network and want to collect ER information from them as well) into a directory named ERDSCRIPT on the repository server. Then, customize the code in each file as follows for your own networking environment.


Change all path statements to reflect where you want the disaster recovery files stored. The current script copies everything to e:\erd\%computername% and locates all executables at c:\erdscript, so you should modify these according to your own environment.


The lines c:\erdscript\serverlist.txt and call c:\erdscript\passlist.bat %%A should be changed to reflect the path and folder the files were unzipped to.


The line c:\erdscript\Disaster.bat %1 should be changed to reflect the path and folder the files were unzipped to.


List all servers from which you want to collect disaster recovery files. Use one machine name per line.


Using some basic scripting knowledge, you have protected your organization from extended down times and possibly thousands of dollars wasted on a GUI version of this script. Take a look at the following figures to see how you could increase your department's bottom line and take a step forward in your career:

Aelita ERDisk = $99.00
Aelita EventAdmin = $599.00
Total money spent on just 1 server = $698.00
Total money spent on 50 servers = $34,900.00
Total time spent implementing a free script = Half a day

The look on the boss's face when you ask for a raise and then present proof on how much money you just saved the company = priceless!

?David Jaffe