Decision Support: Manage rollbacks with Winternals Recovery Manager

Product review of software that can roll back client machines using recovery points stored on a server

Recovery Manager, from Winternals, is an enterprise-class, client-recovery solution that allows you to roll back your computers to specific Recovery Points. Although similar to single machine-based rollback software, Recovery Manager lets you centrally store and manage your Recovery Points. This means you can automatically generate Recovery Points for computers running operating systems that don't natively support rollbacks, such as Windows NT 4.0 and Windows 2000. And because the Recovery Points are stored centrally on a server, they function as a server-side backup of each computer and allow you to roll back multiple machines simultaneously.

System requirements and licensing
Recovery Manager requires Windows 2000 or Windows XP with Microsoft Data Access Components (MDAC) 2.5 or later, or Windows NT 4.0 Service Pack 6a with the Microsoft Task Scheduler and MDAC 2.5 or later. Windows NT 4.0 systems that are members of Active Directory domains also require the Active Directory Client Extension. Protected client systems must be running Windows XP, Windows 2000, or Windows NT 4.0 and must have file and printer sharing enabled.

Recovery Manager is licensed by the number of workstations that can have Recovery Points scheduled, the number of servers that can have Recovery Points scheduled, and the number of concurrent users who can use the Recovery Manager Wizard to repair and analyze remote systems. Pricing starts at $299 per server, $29 per workstation, and $69 per management console, but discounts are available based on quantities purchased.

Network resource considerations
When I first read about the way Recovery Manager stores copies of system files on a network server, I was interested in the impact this would have on network resources, both storage and traffic. After all, can you imagine how much hard disk space would be used if you had to create images for 100 machines? Likewise, think how much network bandwidth would be consumed during the imaging process.

As it turns out, though, Winternals has handled the network resource problem very well by allowing scheduling. You can schedule the process of scanning machines and building restore points for a time when the network isn't very busy, such as lunch time or after hours.

As for the hard disk space issue, Recovery Manager's installation program suggests you have 10 GB of space available on the partition that will contain the restore points. Although the necessary space will vary depending on how many operating systems your organization uses and how much information your end users store locally, I believe that in many environments, 10 GB won't be nearly enough.

To help conserve space, Recovery Manager backs up each unique file only once. For example, if you were backing up 10 Windows XP systems, you wouldn't have 10 separate copies of the Explorer.exe file. Because this file is common for all 10 copies of Windows XP, the file would be backed up only once.

On the other hand, if you had machines running Windows NT, Windows 2000, and Windows XP, the Explorer.exe file would be backed up three times because the file version would be unique for each operating system. But Recovery Manager doesn't just check the operating system. Remember that different service packs or hot fixes on machines with common operating systems mean different file versions. Recovery Manager has no trouble differentiating between systems that have a common operating system but different system file versions.

Installing and configuring Recovery Manager
The Recovery Manager install consists of two components: the Recovery Manager Console and the Recovery Manager Wizard. The Recovery Manager Console is an MMC snap-in that allows you to create Recovery Points for protected computers. You should install the Recovery Manager Console on the machine you will use to create and manage Recovery Points—this does not need to be the system that will store the Recovery Points. The Recovery Manager Wizard is the GUI utility that allows you to repair and diagnose computers that have had Recovery Points created for them.

To install the Recovery Manager Console and the Recovery Manager Wizard, simply insert the Recovery Manager CD and the installation should begin. Choose Typical Installation when prompted, which will install both the Recovery Manager Console and the Recovery Manager Wizard. (If you wanted to install just the Recovery Manager Wizard, you could choose Custom Installation.) The Installation Wizard will also ask you to select an installation folder and to specify whether you want to share it. You will need to share the folder if you install the Recovery Manager Wizard on other machines. The users of those machines will also need appropriate permissions for the installation folder, and the Installation Wizard will prompt you to configure these.

When you run Recovery Manager for the first time, the Recovery Manager Configuration Wizard will walk you through specifying a location for the storage of Recovery Points, the size of the storage location, the text that will appear on OS boot menus of machines that have the boot client software installed, and a new workgroup name for those machines. Once you finish with the Configuration Wizard, you can create a new schedule that will determine when Recovery Points are created and for which machines.

Creating a new schedule
To create a new schedule, first open the Recovery Manager Console and right-click on the Schedules container in the right-hand pane. Next, select the New Schedule command from the shortcut menu to launch the New Schedule Wizard. The wizard's first screen requires you to set a time for creating the Recovery Points and for running future updates. You will probably want to do this during a low point of network and user activity. You must also specify an administrative password with which Recovery Manager can access the workstations.

The next screen asks you where Recovery Manager should save configuration files. In this screen, you can also determine how long Recovery Points are retained and how much space they will consume. By default, they're kept for four days and there is no size limit. Providing you have the recommended free disk space, I suggest going with the defaults.

The next screen asks whether you want to automatically install the Recovery Manager boot software onto your clients. Recovery Manager uses this software—which consumes about 150 MB of local hard disk space—to communicate with the machine should Windows become unbootable. This screen also requires you to specify the name of the client's administrative share point. The default value of ADMIN$ should be fine in most cases.

The wizard's final screen asks you to add clients and servers to the list of computers controlled by the schedule. As you add computers, keep in mind that Recovery Manager makes a distinction between servers and workstations. When you purchase Recovery Manager, your license will tell you how many servers and how many workstations you can create Recovery Points for.

Once you have created a schedule, there is nothing to do but to wait for the scheduled task to run. When I was writing this article, I kept having problems with my scheduled tasks failing because Recovery Manager couldn't communicate with some of the machines on my network. According to Winternals' technical support department, this problem is almost always related to insufficient permissions. Fortunately, Winternals offers a free utility called the Admin Share Test that can help you to diagnose such problems. Using this utility, I was able to resolve my permissions issues and my scheduled tasks worked.

Performing a system recovery and rolling back a system
After Recovery manager has created Recovery Points for all of your clients, you're pretty much finished; that is, until disaster strikes. When you need to perform a recovery on a machine, open the Recovery Manager Console and select the schedule you created earlier. Recovery Manager will display a list of the computers that the schedule created Recovery Points for, as shown in Figure A.

Figure A
The Recovery Manager Console displays a list of computers that have restore points.

Locate the computer you want to perform a recovery on, right-click it, and select the Launch Recovery Wizard command from the shortcut menu. Although it seems a bit redundant, you will now see another screen listing the computers that Recovery Points are available for. Once again, select the computer you want to repair and then click the Select button. Recovery Manager will now do a quick communications test with the system you're about to rebuild. If Windows is unbootable, it will use the boot client software, if installed.

The next phase of the operation asks you to create a new Recovery Point for the machine. This allows you to undo any changes you are about to make to the malfunctioning client. You can also use this second restore point to troubleshoot the machine by comparing it to the machine's original Recovery Point.

When Recovery Manager finishes creating the second Recovery Point, you'll see the Recovery Manager Wizard's main screen, shown in Figure B. You can roll back the problem computer, perform a custom repair, change the system's passwords, or create a Recovery Manager boot client CD. Icons at the top of the screen you allow you to create another Recovery Point or to disconnect from the remote system.

Figure B
The Recovery Manager Wizard makes it easy to select the operation you want to perform.

Rolling back a system
When you click Rollback System from the Recovery Manager Wizard, you'll see a screen that lets you select the Recovery Point you want to revert to. This screen contains a calendar, so you can simply select the date that you want to revert the system to. Next to the calendar is a list of all of the Recovery Points created on the selected date. Choose the desired recovery point and click Next.

In the next screen, you confirm that you really do want to restore the selected recovery point. The cool thing about this screen is its Show Differences button. Clicking this button will show you the differences between the most recent Recovery Point and the Recovery Point you are about to restore.

Rolling back multiple systems
Before performing a multiple-system rollback, you will most likely want to create a new Recovery Point for each schedule you plan to use—but you are not prompted to do this as part of a multiple-system recovery, as you are during a single-system recovery. If you don't take this step, you won't be able to undo changes made by the Multiple System Rollback Wizard. To create the new Recovery Points, open the Recovery Manager Console, highlight the schedule subnode of each schedule you selected for multiple rollback, and click Action | Create Recovery Point.

To roll back multiple systems, click Action | Rollback Multiple System on the Recovery Manager Wizard toolbar. The Select Schedule screen now appears, and you can choose the schedule(s) that contain the computers you want to roll back. When you click Next to continue, Recovery Manager presents the Select Recovery Point screen, from which you can choose the Recovery Points you want to use. Click Next to advance to the Rollback Systems screen, shown in Figure C. You can now select the systems you want to restore and then click Start to begin the rollback. Recovery Manager displays a real-time progress indicator during the process. When the operation is complete, an HTML-formatted Multiple System Rollback Report will appear in your Web browser. At any time during the process, you can abort the rollback by clicking the Stop button.

Figure C
In the Rollback Systems screen, you can select the systems you want to restore.

Other handy tools
As if the ability to completely restore unbootable Windows machines remotely weren't enough, Recovery Manager also comes with a few other handy abilities.

Change Passwords
The next time you forget a machine's Administrator password, don't worry. Simply use the Change Passwords button from the Recovery Manager Wizard screen. This option allows you to reset the password of any local user on a remote machine.

Custom Repair
There will probably be times when you need to keep some of the more recent changes to a machine, so you won't want to perform a full rollback. Instead, you'll want to roll back only specific OS components or troubleshoot the problem further. This is where Recovery Manager's Custom Repair feature can help. The Custom Repair section contains several useful diagnostic options.

The first of these options is Compare And Restore Files, Drivers, And Services. Using this option, you can compare the differences between any two Recovery Points and roll back to the one that best fits your needs. What makes this option so useful though is that you can actually select individual files or components to roll back. By doing so, you can revert the system to using a previous version of a specific file, driver, or service without having to roll back the entire system. This screen also allows you to roll back individual sections of the remote computer's registry.

The second option allows you to view the remote machine's event logs. If you want to get detailed information on the remote machine, check out the System Information icon. It will show you lots of information on the remote machine.

The third option is Explore/Modify Remote System. Selecting this option displays a screen with four additional options. They allow you to explore the remote machine's file system, edit the remote machine's registry, edit the remote machine's BOOT.INI file, and modify the remote machine's drivers and services.

Editor's Picks