Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Microsoft Diagnostics and Recovery Toolset

Microsoft Diagnostics and Recovery Toolset

  • Comments 11
  • Likes

Well, we call it simply DaRT. You know the feeling: A machine does not boot anymore, crashed, has a virus you cannot clean with the OS in a running state or any of the other nightmare scenarios in daily operations of computers. Since quite some time there are recovery toolsets out there but with our acquisition of the sysinternal tools, the value of ours grew significantly. I just tested the latest version for Vista and believe me – it rocks (as far as a tool can rock that tries to recover me from a crash…). If you need information on this, there you go: Microsoft Diagnostics and Recovery Toolset

Let me give you a very brief insight:

Basically DaRT is based on the Vista Recovery Toolset. So, when you boot, you get a pretty familiar screen:

The only different is, that you see the link at the bottom to the Microsoft Diagnostic and Recovery Toolset – where all the magic happens J. If you decide to choose them, you get a broad selection of tools:

ERD Registry Editor: A registry editor for the OS you selected during the boot time

Explorer: Speaks for itself: Browse through the disks

Locksmith: With locksmith you can reset the passwords of all the local accounts. (you need physical access to the box to do this and have a look at this post before we start a big discussion on this: Windows Vista Recovery Console and the Password)

Solution Wizard: This is a cool thing. If you are unsure which tool you need to use, try this wizard and you are guided to the solution:

Crash Analyzer: If you have a mini-dump on the disk and include a debugger, you can look at crash dumps

TCP/IP Config: Obvious thing – but. Often I failed to access any resource on the network with these recovery toolsets as I could not change the network configuration (e.g. I have a fixed IP, am on a different network and should simply switch DHCP on).

File Restore: Restore accidentally deleted files

Hotfix Uninstall: If your system does not boot anymore because of a hotfix, this is the way to remove it (even though this never happens, does it?)

Disk Commander: Tools to fix your disk if you have problems with it.

SFC Scan: As the title says: Repair your system files

Disk Wipe: Securely erase your disk

Search: Hmm, cannot remember what this tool does J

Computer Management: It is not the "normal" Computer Management Console as the OS does not run but a console to do some repair activities:

Standalone System Sweeper: I do not like this too much as it is a tool to look for malware, rootkits etc.

So, this tool is definitely something you should look into. Download the trial!

Roger

Comments
  • but vista is not supported?  and trial? wow ... :(

  • Actually Vista IS supported (why do you think not - it is build on the Vista bits).

    The reason why it is a trial is, that the whole Desktop Optimization Pack is part of the Software Assurance licence

    Roger

  • Excellent Post Roger,

    I was not aware of this one. Its something we should try and use.

    Cheers

    Shoaib

  • When you run the MSI on a Vista PC...

    [Installer Information]

    Microsoft Diagnostics and Recovery Toolset 5.0 requires that your computer is running Windows 2000 or Windows XP or Windows 2003 Server

    [OK]

  • Now, I really have to take the blame..... :-(

    The tool I linked you to is version 5. I downloaded the tool internally and had access to 6.0. So all the screenshots above are from a Vista-machine and of 6.0....

    I will investigate this and post again as soon as I know where you can find the link to the 6.0 trial

    Sorry about this

    Roger

  • So what ever became of version 6... I see version 5 is available

  • Nice post! The feature I like the most is the "System Restore". I've blogged about that recently.

    Perform a System Restore rollback on a non-bootable Windows XP computer:

    http://www.winhelponline.com/blog/perform-system-restore-rollback-on-non-bootable-xp-computer/

  • Hi Roger.  Thanks for your blog.  I've been looking for version 6 myself unsuccessfully.  I don't even know how to buy it!  The reason I'm interested is because a Vista system went into a perpetual loop of configuring updates and rebooting after installing a routine .NET framework 3.5 update.  I've never seen anything quite like it before.  In any case I tried to roll back the system with System Restore from the Vista install CD but I got error 0x8007000E.  There's way more than 512MB of RAM in that system so I don't understand this.  I heard that ERD Commander (now owned by Microsoft and supposedly re-purposed as DaRT uses a third party system restore.  Is this true?  Any idea what was causing the error with the Vista disc?  Any suggestions would be appreciated.  Thanks.

  • So basically, it's Winternals ERD only locked down so it's less useful....

  • Cant buy it unless you own bulk licensing for microsoft products. Called several times and actually said to one, Sell me whatever you need to sell me so I can buy it! no response.

  • Damn damn and useless!  I loath Microsoft, pain in the butt as always!  So where do we get this repair toolkit??? Doooo - MS forgot to explain that useful part! Dummies!  And why does Windows allow applications to hog all the resources to the point that even Task Manager won´t run (not in a lifetime anyway!)?  Windows is pathetic!

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment