Remote undelete?
in [Windows XP]
|
Prev: Crashes at Stop of Search for Files and Folders
Next: *leftover user account folders not removable
From: David Brown on 22 Jan 2010 03:50 mynick wrote: > On Jan 20, 11:51 pm, David Brown <da...(a)westcontrol.removethisbit.com> > wrote: >> mynick wrote: >>> On Jan 19, 11:59 pm, David Brown <da...(a)westcontrol.removethisbit.com> >>> wrote: >>>> mscotgr...(a)aol.com wrote: >>>>> On Jan 19, 10:04 pm, David Brown >>>>> <david.br...(a)hesbynett.removethisbit.no> wrote: >>>>>> mscotgr...(a)aol.com wrote: >>>>>>> On Jan 19, 3:23 pm, mynick <anglom...(a)yahoo.com> wrote: >>>>>>>> On Jan 19, 1:56 am, Arno <m...(a)privacy.net> wrote: >>>>>>>>> In comp.sys.ibm.pc.hardware.storage mynick <anglom...(a)yahoo.com> wrote: >>>>>>>>>> Is there some undelete software that can run only locally and undelete >>>>>>>>>> from a mapped network ntfs disk without the aid of an client/agent >>>>>>>>>> installed/running on thatremotecomputer? >>>>>>>>> I doubt that very much, as the filesystem will not export >>>>>>>>> the required information over the network. >>>>>>>>> Arno >>>>>>>>> -- >>>>>>>>> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: a...(a)wagner.name >>>>>>>>> GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F >>>>>>>>> ---- >>>>>>>>> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans >>>>>>>> why not send info from hdd directly over tcp/ip instead of an agent >>>>>>>> doing the hdd search remotely and just sending the resulting list to >>>>>>>> local- Hide quoted text - >>>>>>>> - Show quoted text - >>>>>>> Could you expand on this please. >>>>>>> To undelete a file it is necessary to access the hard drive on a >>>>>>> sector level, and rewrite the MFT entry. There is no way I am aware >>>>>>> of doing this over a general purpose ethernet link. If this was >>>>>>> easily possible, network security would be a complete nightmare. >>>>>> It is perfectly possible to do this over Ethernet - the most common way >>>>>> is to use iSCSI (network block devices with *nix are another >>>>>> possibility). Of course, this involves making the partition effectively >>>>>> invisible to the host (server) machine, and mounted on the guest machine >>>>>> as though it were a local drive. I don't know what sort of support >>>>>> windows has for iSCSI, either as a target or initiator. And it is >>>>>> clearly impractical for the issue at hand. But it /is/ possible to give >>>>>> direct low-level access to a hard drive over a network.- Hide quoted text - >>>>>> - Show quoted text - >>>>> The question asked for access without a "client /agent >>>>> installed/running on thatremotecomputer" >>>>> I think you will find that iSCSI has to be set up on BOTH ends - >>>>> please say if I am wrong >>>> You are entirely correct - iSCSI needs to be configured at both ends. I >>>> was just pointing out that such low-level disk sharing is certainly >>>> possible, if you choose to use it. >>>>> With a client app installed, there is no problem, but as a straight >>>>> mapped drive, I think it is impossible. >>>> One possibility is that windows has a number of backdoors that allow >>>> execution of software on aremotemachine without actively installing >>>> something there. The simplest and safest tools are probably things like >>>> psexec from the SysInternals Suite (download from MS). psexec lets you >>>> execute commands directly on aremotemachine, assuming you have an >>>> administrator password for the machine. >>> what do you think of nbd protocol? >>> running nbdsrvr on remote if that does not require special privilleges >>> on remote >>> and than using Selfimage which supports nbd (but perhaps not the >>> nbdsrvr.exe version) >> I've only used nbd with Linux systems (to give an embedded Linux system >> a swap disk) - I have no idea about support in windows for nbd. But >> generally speaking, if you are using nbd to "share" a partition, the >> partition cannot also be accessed locally. > > nbdsrvr for win can be found at http://www.vanheusden.com/ > however nbd readme says > Do *NOT* share partitions/files that are already in mounted/in use! It > is > almost for sure that corruptions will occure??? > -is that what 'cannot' meant > and would it make difference if there would be only 1 PC accesing the > remote share ? When I say "cannot", I really mean "should not" - and the OS should hopefully enforce that limitation. The rule is that only one writer should ever have low-level access to a partition (or file used as a block device - that's the common usage for nbd). You can have multiple read-only connections at a time, but if you try to allow two different file system drivers to write to the same partition, you are guaranteed chaos and corruption. > Another idea might be using running locally and remotely dd command > for win- perhaps that could go through smb > (and after copying dd to mapped share it could be started via telnet > because above mentioned psexec expects it on remote in c:\windows > which is not accessible) The trick is to use "psexec \\remoteserver cmd" to start a remote command prompt - a poor man's telnet. But if you have a telnet or ssh server on the remote machine, use that.
First
|
Prev
|
Pages: 1 2 3 4 Prev: Crashes at Stop of Search for Files and Folders Next: *leftover user account folders not removable |