BURP - BackUp and Restore Program

ABOUT
WHY
FEATURES
REQUESTS
CHANGELOG
PROTOCOL 1
PROTOCOL 2
NEWS
FAQ
DOCS
BURP-UI
DOWNLOAD
LICENCE
CONTRIBUTORS
DONATIONS
SPONSORS
CONTACT

Bare metal restore for Windows 7 and 8
--------------------------------------

Authors
-------

    Wai Keong Phan: First completed a bare metal restore on Windows 7 and wrote
	the first draft. 

    Graham Keeling: Edits to the original draft, with help from Wai Keong Phan
	and Michael Da Cova. 

    Peter Maloney: First completed a bare metal restore on Windows 8, updated
	the instructions and converted them to the wiki. 

Prepare
-------

Install burp on the admin box

Install one of these on an admin box

    ADK (Windows 8) 
    http://www.microsoft.com/en-us/download/details.aspx?id=30652 
    AIK (Windows 7) 
    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=5753

You should use the latest one. The Windows 8 version works for win8 or older
(win7, xp, etc.).

Maybe another boot CD will do also. Basically all that is requires is that it
has:

    diskpart 
    burp 

(It has been suggested that a Linux CD would work. It will not, because Linux
does not know how to restore Windows VSS files)

The other things needed (eg. "bootrec /rebuildbcd") can be done from the
Windows install CD.

Create and mount the winpe boot CD on the admin box, run "Deployment and
Imaging Tools Environment" with administrator rights.

> copype.cmd amd64 c:\winpe_amd64
> cd c:\winpe_amd64
> copy winpe.wim media\sources\boot.wim
> dism /mount-wim /wimfile:media\sources\boot.wim /index:1 /mountdir:mount
       
Put burp on the CD (this assumes you have the burp client installed on the
admin box)

> cd \Program Files

Back up the old burp client, so a burp restore can be built in the default
location (workaround for hardcoded paths)

> xcopy /E Burp BurpClient

        Does BurpClient specify a file name 
        or directory name on the target 
        (F = file, D = directory)? D 

Prepare the BurpRestore directory (currently named Burp)

> cd Burp
> del ssl_cert*
> del CA\*
> notepad burp.conf

Make sure the burp.conf has the right user name and password that the server
will accept for a restore.
(burp-server.conf has a line like "restore_client = restore").

Set cname/username to "restore"

> bin\burp -a l

        This will generate the SSL keys. 

If there are problems here, you can go on the server in the /etc/burp/CA
directory

rm restore.* 

    Edit index.txt to remove the "restore*" lines. 
    Retry. 

> cd ..
> move Burp "C:\winpe_amd64\mount\BurpRestore"

Put the old burp client back where it goes.

> move BurpClient Burp

Finish the BurpRestore setup by setting the correct paths as they are when you
are booted on the CD.

> cd "C:\winpe_amd64\mount\BurpRestore"
> notepad burp.conf

        s|C:/Program Files/Burp|X:/BurpRestore| 

> cd ..\..

Unmount and create iso.

> dism /unmount-wim /mountdir:mount /commit
> oscdimg -n -betfsboot.com media burprestore2_amd64.iso
   

Burn the iso to a CD to use it in physical machines, or test it in a virtual
machine.

Remember this CD has the restore user password and private keys on it, so keep
it secure.


Backup
------

Obviously for a bare metal restore to work, you should include the whole
operating system volume.

Here is an example client file.

include = C:/

# temp stuff
exclude_regex = "[A-Z]:/Users/[^/]+/AppData/Local/Temp"
exclude_regex = "[A-Z]:/Documents and Settings/[^/]+/Cookies"
exclude_regex = "[A-Z]:/Documents and Settings/[^/]+/Recent"
exclude_regex = "[A-Z]:/Documents and Settings/[^/]+/Local Settings/Temp"
# iometer test file
exclude_regex = "[A-Z]:/iobw.tst"

# system stuff that is not important in a restored system
exclude_regex = "[A-Z]:/RECYCLER"
# swap file (Windows XP, 7, 8)
exclude_regex = "[A-Z]:/pagefile.sys"
# swap file?? (Windows 8)
exclude_regex = "[A-Z]:/swapfile.sys"

# note that we are backing up C:/System Volume Information"


Restore
-------

Boot the CD.

Create file system.

> diskpart
DISKPART> select disk 0
DISKPART> create partition primary
       
TESING: select partition 1
       
DISKPART> active
DISKPART> assign letter=C
DISKPART> format fs=ntfs quick
DISKPART> detail disk
DISKPART> exit

Run restore.

> x:
> cd \BurpRestore
       

Just a test.

> bin\burp -a l -c burp.conf -C $name
       

Run restore (the -f is optional; if it fails, try without).

> bin\burp -a r -f -c burp.conf -C $name

        Be patient... this takes a long time. 

> c:
> cd \windows\system32
> shutdown /r

        Takes very long to actually shut down... put in the regular Windows CD
	while you wait. 

Run from regular Windows install CD in repair mode "command prompt".

> diskpart
DISKPART> select disk 0
DISKPART> select partition 1
DISKPART> active
DISKPART> exit
> bootrec /rebuildbcd
       

(In Windows 8) close the command prompt by clicking X, then click "continue to
your OS" or something like that, and it will reboot.

    When testing win8 final 64 bit, I forgot to do "bootrec /rebuildbcd" and
    ran repair instead, which seemed to work. 

For Windows 7 and 8: Run the install CD's automatic repair 2 times, then reboot
to your OS. Don't run it from the same boot as the "bootrec" stuff above or it
won't properly detect Windows to repair it; it will fail saying it can't fix
the problem "Missing BootMGR".

Test install:

    firefox (probably only file config, plus default browser set) 
    burp (includes scheduled task) 
    .... (something that relies on the registry...) 

I found this works well. It seemed like a perfect restore on Windows 7 and 8.
Only Windows 8 preview had issues.

If something goes wrong: (for when the OS does not work properly, but it boots).
Try this backup plan which creates an incomplete but pretty good system (OS
works, but some apps relying on the registry need reinstall).

In my testing with Windows 8 release preview, the system would crash and reboot
every few minutes, but worked fine with Windows 8 final. So for win8 preview, I
needed to fix with these steps.

The fix:

    Boot the installer disk. 
    Run repair mode "refresh" (consider this the 'rebuild the registry and
    delete all your installed stuff' mode).

        Boot into OS to finish the "refresh", boot again until you have the
	login screen. 
        Log in, and wait for the process to complete. 

    Boot the BurpRestore disk again. 
    Repeat the restore without using the "-f" option.

        This might be quicker than a full restore. Ideally it would only
	restore OS stuff (Windows, Program Files) without overwriting other
	large files on your disk. 

    Reboot into OS. 


Donate with Bitcoin

Burp is open and free software. I work on it in my spare time. If you would like this work to continue, please consider making a small donation.


Burp, don't suck. Last updated: December 2017
By Graham Keeling