Product Reviews

Administrator’s Pak 4.0

The tools you need to resurrect a dead computer.

I can think of few things more frustrating than a computer that won’t even start. Microsoft does provide the recovery console, which is nice, but when it comes to complicated repair work, it simply falls short. The latest version of the Administrator’s Pak from Winternals bundles ERD Commander 2003, Disk Commander, Remote Recover, NTFSDOS Professional, TCPView Professional, and some additional monitoring tools.

ERD Commander 2003 provides the ability to boot a dead system into what looks and feels like a Windows environment with networking. Simply boot from the ERD Commander CD and get access to the file system, the Registry (using a Windows-like Registry editor), the event logs, and even the disk management console of the dead system. It also provides the ability to roll back to a Windows XP System Restore point. This beats the built-in XP Restore Point system, which only allows roll back after getting into Windows. The Locksmith utility allows resetting of forgotten passwords, including the Administrator’s (on a local machine only). The FileRestore utility allows recovery of previously deleted files. You can even fix the registration of DLLs using the Regsvr32 utility. Because ERD Commander supports networking, you can use the System Compare utility to compare the dead system with another functioning computer.

Disk Commander can scan the entire hard disk (including reformatted partitions) for corrupt volume data. It can copy data from the damaged volume to an alternate location, including a remote share. It also provides scandisk functionality to repair bad sectors and the MBR. Disk Commander can even access files located on Windows 2000, XP and 2003 striped and mirrored volumes.

Winternals ERD
ERD Commander provides a graphical environment for fixing boot problems. (Click image to view larger version.)

The Administrator’s Pak contains another awesome utility called Remote Recover. This allows you to boot a dead system with a floppy and then mount the disk remotely using the client program on a working Windows system. Once the remote disk is mounted using the utility, you can access it from within the Windows disk management system. The power of Remote Recover is that you don’t need to be in the same physical location as the dead system. The data for the bootable floppy can be e-mailed, and then as long as there’s a TCP/IP route between the dead system and the Remote Recover client, it can be repaired.

The Administrator’s Pak also includes utilities for monitoring TCP/IP, the file system and even Registry access. TCPView Professional provides for real-time monitoring of open TCP/IP connections. You can use it to determine which processes running on your computer have an address open. This functionality can be used to spot Trojan horse programs that could be transmitting sensitive information from your computer. TCPView allows you to save the information for later review and has a great filtering system to allow you to drill down on a situation. Other monitoring tools include enterprise versions of the Filemon and Regmon utilities that are freely available from Winternals’ sister site, The enterprise editions allow you to monitor file system and Registry access from a remote computer, where the free versions are limited to the local machine only. I consider both tools a must whenever troubleshooting installation problems or file and Registry permission issues.

I’m a huge fan of the Administrator’s Pak. One caution, though: It isn’t a panacea and won’t fix dead Windows systems for you. It simply gives you access to your otherwise inaccessible system so that you can fix your system. That makes it a must-have.

About the Author

Brian M. Reisman, MCAD, MCDBA, MCSD, MCSE, MCT, is author of MCAD/MCSD: Visual Basic .NET Windows and Web Applications Study Guide (Sybex).


comments powered by Disqus

Subscribe on YouTube