Howto "chroot" an offline Windows OS?


  • *If this post is not in the right forum, please tell me where to move it, thanks*

    Hi, I tried with ERD, but it does acquire the volume as 'C:\' and it get the same keyboard layout but I can't get the same result as 'chroot' does in *nix environment. I'd very need to find out a way to get that because when customers Computers arrive to my lab, are often unbootable for viruses issues and the only ways that I know are to attach the customer's hard disk to a Working Windows with updated antivirus or using antivirus live Cd/Usb like Kaspersky. In both cases the only thing possible is to remove viruses and maybe correct few things wit the limitations that an offline system has. Acquiring the whole OS and entering in the environment like if it is online (*nix chroot), I'd can make all the system corrections working with 'online' application that clean and fix registry, services and drivers issues. For applications I mean stuff like 'Combofix', AdwCleaner, MS Autoruns,  Windows Repair (All In One) and many others antimalwares and fixing tools like I'd do with an online OS. I really hope that you can give me some suggestion because this will make my work more effective and quick. Thanks for reading, Paolo

    P.S. Please don't answer mentioning 'run as' because is not what I'm looking for, thanks

    Thursday, September 12, 2013 8:36 PM


  • Hi,

    When you plug the HDD in another system, only local NTFS security can block you, but usually SYTEM already got a lot of security. It should open easilly usually. No need for special thing or tool.

    If you have to take ownership for a lot of folders, I would think it's the virus that changed the permission on the folder.

    The only issue I would think before making that is if the HDD was in a RAID, you can destroy the RAID configuration easilly... so watch out for such case.


    MCP | MCTS - Exchange 2007, Configuring | Member of TechNet Wiki Community Council | French Moderator on TechNet Wiki (Translation Widget)

    Friday, September 13, 2013 3:40 AM