If you use Syskey to enable encryption, and then you incorrectly enter your password in the logon screen, Windows Recovery incorrectly starts. This update resolves this issue.
Windows Recovery Environment (Windows RE) is an extensible recovery platform that is based on Windows Preinstallation Environment (Windows PE). When a computer does not start, Windows automatically fails over into this environment, and the Startup Repair tool in Windows RE automates the diagnosis and repair. For more information about Windows RE, see the
Technet Article: What is Windows RE?Syskey provides an extra line of defense against password-cracking software. Syskey uses strong encryption techniques to help secure account password information that is stored in the Security Account Manager (SAM) database or in directory services. For more information about Syskey, see the
Technet Article: System Key Utility Technical Overview.
Information on how to update Windows Recovery images
Warning This section contains steps should only be performed by a qualified technical person who is familiar with the Windows recovery mechanism. Serious problems might occur if you perform the steps incorrectly. Incorrect steps can leave windows recovery mechanism in unrecoverable state. Therefore, make sure that you follow these steps carefully. For added protection, perform a complete system backup before you continue. Also, be aware that you may need the Windows installation media that was originally used to install the operating system.
For more information about the procedures and terminology used in this article, visit the following Microsoft webpages:
The following procedures should be performed by an administrative user at an administrative command prompt. These procedures only contain guidance steps for a generic installation. These steps may be different for your installation.
Locate and copy an installed version of WinRE.wim
Assuming that WinRE.wim is already configured on the system, follow these steps:
- Type the following command to find the location of the installed Windows RE image file (Winre.wim):
reagentc /info
Notes- The WinRE.wim file may have the SYSTEM and HIDDEN file attributes set. Use the Attrib command to remove these attributes.
- WinRE.wim may be in a hidden directory or a hidden partition. Use the DIR /A command to find hidden folders and files. If it is necessary, use the Diskpart utility to unhide the partition.
- Note the location of the WinRE.wim. For example, <WinREdrive>\WindowsRE\<GUIID>.
- Copy the currently installed WinRE.wim file to a local folder such as C:\WinRE. The local folder must differ from the installation location. Make sure that you keep a backup of C:\WinRE\WinRE.wim.
Locate and copy WinRE.wim from the installation media
Assuming that WinRE.wim is not configured on the system, follow these steps:
- Locate the WinRE.wim file on the Windows installation media that was used to install the operating system.
- Create the following local folders:
- C:\OS_Image
- C:\OS_Image\Mount
- C:\Winre
- Copy the Install.wim file from Windows installation media to C:\OS_Image. If the installation media is located on drive D, the Install.wim file will be located in the D:\sources folder.
- Type the following DISM command to mount the Install.wim file:
DISM /mount-wim /wimfile:C:\OS_Image\Install.wim /index:1 /MountDir:C:\OS_Image\mount
- Type the following command to copy the Windows RE image (Winre.wim) file from the mounted Windows image to C:\WinRE:
Copy C:\OS_image\mount\windows\system32\recovery\WinRE.wim C:\winre\
- Type the following command to unmount the mounted Windows image:
DISM /unmount-wim /MountDir:C:\OS_Image\mount /discard
- Remove the C:\OS_Image and C:\OS_Image\Mount folders together with the Install.wim file that was copied to them.
Inject the KB2883457 security update package to WinRE.wim
- Copy the KB2883457 security update package to folder C:\WindowsUpdate.
- Create the following local folder:
- Type the following command to mount the Winre.wim file:
DISM /mount-wim /wimfile:C:\winre\WinRE.wim /index:1 /MountDir:C:\winre\mount
- Type the following command to insert the security package into the mounted Winre.wim file:
DISM /image:C:\Winre\mount /Add-Package /Packagepath:C:\WindowsUpdate
- Type the following command to verify that the security package is integrated successfully:
DISM /image:C:\winre\mount /Get-Packages
- Type the following command to commit the changes to the Winre.wim file:
DISM /unmount-wim /MountDir:C:\Winre\mount /commit
Deploy or copy a modified WinRE.wim
If WinRE.wim is already installed and configured, follow these steps:
- Move C:\WinRE\WinRE.wim to the folder where WinRE.wim was located earlier. For example, to <WinREdrive>\WindowsRE\<GUIID>. Overwrite the existing WinRE.wim if you are prompted.
- Use the Attrib command to restore the SYSTEM and HIDDEN file attributes to the previous settings.
- If <WinREdrive> was previously hidden earlier, use the Diskpart utility to hide the partition again.
- Deploy and configure the customized Windows RE image if it was not located from installation media.
- The C:\WinRe and C:\WinRE\Mount folders can now be removed.
Validate and rollback if it is necessary
- Verify that you can start in the modified WINRE environment and can perform previously configured recovery functions.
- If validation fails, make sure that you revert the changes that were made. To do this, follow these steps:
- Unconfigure and remove the WinRE.wim if it was copied from installation media.
- Replace the modified WinRE.wim with the backup copy if you modified an already configured WinRE.wim.
