Backing up a crashed system from the recovery console (or what10 calls the command line)

SlickRCBD

New Member
I have a system that refuses to boot to Windows 10 Professional (64-bit), and I think I need to do a reinstall.
The advanced boot options is available, but it will not go into safe mode. I can however get the command line, and it recognizes both robocopy and xcopy.
Assume that C is the hard drive, and D is an external portable USB backup drive.
Anyways, from the command prompt I typed

robocopy c:\users d:\ /e /copyall /z /DCopy
002.png
AT /R:3 /W:5

big mistake. I got stuck in some loop in c:\all users\applicationdata

where it kept making nested appdata folders and kept copying something from the public folder.

I attempted to delete the resulting d:\users with rd /s but got errors about the directory not empty.

I did a dir and thought I had a lot of free space due to misreading the number of commas as I wasn't fully awake yet, and tried to just go for my own user folder.

I tried xcopy since I was having trouble with robocopy

xcopy c:\users\slick d:\users\slick /e /c /f /g /k /y /z

This ran out of disk space, and I found I only had about 180gb on a 2tb drive and I had a lot more junk in my user folder.

exploring with the command prompt didn't show me any files. So I took the drive over to my working Windows 7 Professional computer (It's over 10 years old, and I tried win10 during the free upgrade, but it didn't perform well so I went back to 7. The computer came with Vista Home Premium; so please don't tell me to downgrade it to Windows 10. It's too old. Win7 was an upgrade, Win10 was a downgrade). I attempted to delete the resulting c;\users folder, but I cannot take ownership of parts of it, I cannot use the security tab to grant myself or the administrators group full control, and I cannot delete the damn folder that apparently is taking up over 1.5tb of data but getting properties won't acknowledge it.

Yes, I got the prompt about getting access, but it didn't work and told me to use the security tab. I also tired takeown.exe which didn't seem to work either.

ImageImageImage

I get no error when trying to delete the users folder with Explorer when logged in as an admin, it just doesn't work.

The command prompt however gives this;

H:\>rd /s users

users, Are you sure (Y/N)? y

users\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\AP

PLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1 - The dire

ctory is not empty.

users\slick\AppData\Local\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\

APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1 - The di

rectory is not empty.

H:\>rd /s "\\?\h:\users"

\\?\h:\users, Are you sure (Y/N)? y

\\?\h:\users\ALLUSE~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPL

IC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1 - T

he directory is not empty.

\\?\h:\users\slick\AppData\Local\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\AP

PLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1\APPLIC~1 -

The directory is not empty.

Chkdsk reports that there are thousands of files, which would be consistent with the stuff I saw it copying from my "phonebackup" folders that I saw when robocopy was going for days. However i can't see the files and I can't get rid of them. I have a huge fanfic library stored on my phone and the phonebackup is a quick and and easy way to restore everything when I reset my phone. Checkdsk also claims there are no errors to fix, yet things are FUBAR with that c:\users.

I'm about ready to reformat the drive, but I'm not sure if there are drivers or anything I need to keep on a seagate portable hard drive.


So anyways, a second question is what did I do wrong trying to backup the user directories with the command line? What command/parameters should I have used?

TL;DR?

  1. 1. Should I reformat the backup drive to fix the mess my copy attempts made or what should I do to fix it,
  2. 2. What command(s) should I have used (with what parms) to easily back up the public folder, my limited account, the admin account, and the other users's folders from the command line/recovery console?

Re-posted from the unhelpful Microsoft forums, sorta combining two posts. Feel free to reply there as well.

https://answers.microsoft.com/en-us/...4-96812a42fa76
https://answers.microsoft.com/en-us/...f-ebb033df634c

P.S. the prompt here suggests I should include my version number. The VER command reports
Microsoft Windows [Version 10.0.19041.1].
 

Neemobeer

Cyber Security Engineer
Staff member
With robocopy I would exclude hidden items as well as anything in C:\Users\<username>\Appdata this is all settings that don't really transfer and there's generally a lot of temp crap in there.
 

SlickRCBD

New Member
How would you structure the command then? Notice that in what I did I tried to use a single command to back up the entire \users tree at once.
Also keep in mind that there is more than a terabyte of data, so I'm going to want to start the computer on this and walk away, I'm not going to stick around as this is going to take all night.
Specially, what command would you use including parameters.
2 standard users, the public folder for data shared between those users, and some installers in the administrator's account (i've learned over time to keep old versions that work over the "latest and greatest" that might not work on an aging system. This isn't necessary on a new system, but is sometimes necessary on older hardware) is what needs to be backed up.
 

SlickRCBD

New Member
Is there a wildcard I could use to exclude the appdata directories?
I'm just trying to figure out how to make this command.
Originally I used
robocopy c:\users d:\ /e /copyall /z /DCopy:DAT /R:3 /W:5
So what exactly would you use to "exclude hidden items as well as anything in C:\Users\<username>\Appdata ", which is not as a simple as you make it sound because there is more than one such nested folder.

Hence why I'm asking exactly what command would I type on the command line?
There is
the contents of the public folder, \slick\, another user let's just call \user2\, and the admin account let's just call \admin\ (sorry, don't want to tell crackers what account to target).
Trying to exclude all that seems very complicated and I'm not sure how I would go about doing that.
 
Top