Solved How to Manually Do SFC's Job?

[Virucyde]

I do a lot of work on customer machines at a computer shop, and one of the most frustrating issues I run into is when I run SFC on a computer and it reports that it found errors and was unable to fix them.

Originally I intended to write a program to automatically pull the [SR] reported files from the installation media and replace the broken ones on the system, however, when I run the command from the tutorial:

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log

After an unsuccessful SFC attempt, even when it reports files that could not be fixed, I never turn up anything, anyone know why I don't get the [SR] tags in my CBS.log?

 

[Brink]

Hello Virucyde, and welcome to Seven Forums.

You could use OPTION THREE in the tutorial below to get a sfcdetails.txt file with the [SR] details. If you like, upload this file here afterwards, and I'll be happy to take a look at it to see what could not be fixed.

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

 

[Virucyde]

I've tried using both the command I posted and the exact one in the tutorial, if [SR] tags were in the files, mine should output the lines to the command prompt, and the tutorial's should output them to the text file, in both cases, on multiple computers, the commands return nothing, and a search of the CBS.log file shows no [SR] tags.

One piece of information that might be helpful is that I think most of the times I've attempted this, it's been using the /offwindir and /offbootdir commands from a PE, is the CBS.log file only generated if SFC is run in the OS being scanned?

 

[Brink]

Yeah, try running SFC in Windows 7 to see what it gives you afterwards.

 

[Virucyde]

What about cases where the computer is unable to boot at all? This tends to be when I'm using SFC in the first place :/

 

[Brink]

The link below seems to have worked for when having to do it at boot with PE.

http://www.sevenforums.com/performa...-errors-but-does-not-create-cbs-log-file.html

 

[Virucyde]

Okay, so to summarize what I got out of that, in my PE environment in order to get SFC logs, I'd need to:

Assuming the offline Windows drive is drive F:

Set the variable for the log file, so SFC doesn't attempt to store to log to the read-only media:
set WINDOWS_TRACING_LOGFILE=F:\TEMP\CBS.log

Run SFC with offline parameters:
sfc /scannow /offbootdir=F: /offwindir=F:\Windows

Once that command has finished, it's output should be logged to F:\TEMP\CBS.log, or wherever else you specified.
So to pull the errors out of the file, run:
findstr /c:"[SR]" F:\TEMP\CBS.log

This will output all error lines to the command prompt, if you want that output to go to a file instead, run:
findstr /c:"[SR]" F:\TEMP\CBS.log > F:\TEMP\sfcdetails.txt

Now your details regarding the failed repairs should be contained in F:\TEMP\sfcdetails.txt

Hopefully anyone Googling how to use SFC from WinPE in the future will find this helpful!

Also, thanks Brink, I appreciate the help, very fast, very effective

 

[Brink]

Correct. That's what I got from that post as well. I prefer the sfcdetails.txt to make it easier to read though.

Please let us know how it works for you.

 

[Virucyde]

Also, according to Window's documentation on SFC:

On Windows Vista only, you can set the WINDOWS_TRACING_LOGFILE environment variable to the location of a valid directory to receive a log file.

Unfortunately I can't test it now, but I'd guess that in my above example, F:\TEMP would already need to exist, so the command:
mkdir F:\TEMP

Might be necessary before running the other commands, just an afterthought, I'll edit that post when I get another chance to test it out.