Bare metal restore for Windows 7 and 8
Wai Keong Phan: First completed a bare metal restore on Windows 7 and wrote
the first draft.
Graham Keeling: Edits to the original draft, with help from Wai Keong Phan
and Michael Da Cova.
Peter Maloney: First completed a bare metal restore on Windows 8, updated
the instructions and converted them to the wiki.
Install burp on the admin box
Install one of these on an admin box
ADK (Windows 8)
AIK (Windows 7)
You should use the latest one. The Windows 8 version works for win8 or older
(win7, xp, etc.).
Maybe another boot CD will do also. Basically all that is requires is that it
(It has been suggested that a Linux CD would work. It will not, because Linux
does not know how to restore Windows VSS files)
The other things needed (eg. "bootrec /rebuildbcd") can be done from the
Windows install CD.
Create and mount the winpe boot CD on the admin box, run "Deployment and
Imaging Tools Environment" with administrator rights.
> copype.cmd amd64 c:\winpe_amd64
> cd c:\winpe_amd64
> copy winpe.wim media\sources\boot.wim
> dism /mount-wim /wimfile:media\sources\boot.wim /index:1 /mountdir:mount
Put burp on the CD (this assumes you have the burp client installed on the
> cd \Program Files
Back up the old burp client, so a burp restore can be built in the default
location (workaround for hardcoded paths)
> xcopy /E Burp BurpClient
Does BurpClient specify a file name
or directory name on the target
(F = file, D = directory)? D
Prepare the BurpRestore directory (currently named Burp)
> cd Burp
> del ssl_cert*
> del CA\*
> notepad burp.conf
Make sure the burp.conf has the right user name and password that the server
will accept for a restore.
(burp-server.conf has a line like "restore_client = restore").
Set cname/username to "restore"
> bin\burp -a l
This will generate the SSL keys.
If there are problems here, you can go on the server in the /etc/burp/CA
Edit index.txt to remove the "restore*" lines.
> cd ..
> move Burp "C:\winpe_amd64\mount\BurpRestore"
Put the old burp client back where it goes.
> move BurpClient Burp
Finish the BurpRestore setup by setting the correct paths as they are when you
are booted on the CD.
> cd "C:\winpe_amd64\mount\BurpRestore"
> notepad burp.conf
> cd ..\..
Unmount and create iso.
> dism /unmount-wim /mountdir:mount /commit
> oscdimg -n -betfsboot.com media burprestore2_amd64.iso
Burn the iso to a CD to use it in physical machines, or test it in a virtual
Remember this CD has the restore user password and private keys on it, so keep
Obviously for a bare metal restore to work, you should include the whole
operating system volume.
Here is an example client file.
include = C:/
# temp stuff
exclude_regex = "[A-Z]:/Users/[^/]+/AppData/Local/Temp"
exclude_regex = "[A-Z]:/Documents and Settings/[^/]+/Cookies"
exclude_regex = "[A-Z]:/Documents and Settings/[^/]+/Recent"
exclude_regex = "[A-Z]:/Documents and Settings/[^/]+/Local Settings/Temp"
# iometer test file
exclude_regex = "[A-Z]:/iobw.tst"
# system stuff that is not important in a restored system
exclude_regex = "[A-Z]:/RECYCLER"
# swap file (Windows XP, 7, 8)
exclude_regex = "[A-Z]:/pagefile.sys"
# swap file?? (Windows 8)
exclude_regex = "[A-Z]:/swapfile.sys"
# note that we are backing up C:/System Volume Information"
Boot the CD.
Create file system.
DISKPART> select disk 0
DISKPART> create partition primary
TESING: select partition 1
DISKPART> assign letter=C
DISKPART> format fs=ntfs quick
DISKPART> detail disk
> cd \BurpRestore
Just a test.
> bin\burp -a l -c burp.conf -C $name
Run restore (the -f is optional; if it fails, try without).
> bin\burp -a r -f -c burp.conf -C $name
Be patient... this takes a long time.
> cd \windows\system32
> shutdown /r
Takes very long to actually shut down... put in the regular Windows CD
while you wait.
Run from regular Windows install CD in repair mode "command prompt".
DISKPART> select disk 0
DISKPART> select partition 1
> bootrec /rebuildbcd
(In Windows 8) close the command prompt by clicking X, then click "continue to
your OS" or something like that, and it will reboot.
When testing win8 final 64 bit, I forgot to do "bootrec /rebuildbcd" and
ran repair instead, which seemed to work.
For Windows 7 and 8: Run the install CD's automatic repair 2 times, then reboot
to your OS. Don't run it from the same boot as the "bootrec" stuff above or it
won't properly detect Windows to repair it; it will fail saying it can't fix
the problem "Missing BootMGR".
firefox (probably only file config, plus default browser set)
burp (includes scheduled task)
.... (something that relies on the registry...)
I found this works well. It seemed like a perfect restore on Windows 7 and 8.
Only Windows 8 preview had issues.
If something goes wrong: (for when the OS does not work properly, but it boots).
Try this backup plan which creates an incomplete but pretty good system (OS
works, but some apps relying on the registry need reinstall).
In my testing with Windows 8 release preview, the system would crash and reboot
every few minutes, but worked fine with Windows 8 final. So for win8 preview, I
needed to fix with these steps.
Boot the installer disk.
Run repair mode "refresh" (consider this the 'rebuild the registry and
delete all your installed stuff' mode).
Boot into OS to finish the "refresh", boot again until you have the
Log in, and wait for the process to complete.
Boot the BurpRestore disk again.
Repeat the restore without using the "-f" option.
This might be quicker than a full restore. Ideally it would only
restore OS stuff (Windows, Program Files) without overwriting other
large files on your disk.
Reboot into OS.