Winternals Administrator's Pak collects multiple enterprise-class utilities in single toolkit

Get an IT professional's review of Winternals' Administrator's Pak, which offers enterprise administrators a complete recovery and troubleshooting toolset.

Various tool and utility software suites are available to help information technology professionals administer and recover failed systems. iolo technologies' System Mechanic 6 Mobile Toolkit is one such example. While a competent suite for small business troubleshooters, System Mechanic doesn’t necessarily scale well to enterprise-size environments in which remote administration and Active Directory configuration are often required.

Winternals’ Administrator’s Pak offers enterprise administrators just such a toolset. In addition to offering a wide array of more intensive utilities, the Administrator’s Pak supports numerous remote administration capabilities. However, there’s a price to be paid. Winternals’ Administrator’s Pak’s list price is $1,439, considerably more than System Mechanic 6 (list price $299 on Amazon).

The additional cost will prove wise within enterprise environments, though, as all of the following utilities are included in Winternals’ Administrator Pak 5.0:

  • ERD Commander 2005
  • Remote Recover
  • NTFSDOS Professional
  • Crash Analyzer Wizard
  • FileRestore
  • Filemon Enterprise Edition
  • Regmon Enterprise Edition
  • Insight for Active Directory
  • AD Explorer
  • TCP Tools (TCPView Professional and TCPVStat)

Figure A

Winternals’ Administrator’s Pak includes a Navigator menu for accessing its many tools and utilities.

Here’s a quick rundown of each utility.

ERD Commander 2005

Winternals’ ERD Commander 2005 supports creating a bootable CD to simplify system and data recovery. Using an ERD Commander rescue CD, administrators gain access to powerful recovery utilities, including disk management, command line, networking and other tools, on a wide variety of Windows systems (including Windows NT 4.0/2000/XP and Server 2003 platforms).

ERD Commander 2005 works by bypassing the installed operating system and booting to a self-contained graphic interface providing access to the system’s hard drives and configuration settings (including the Windows registry). In addition to powering a Console for processing batch files and other commands, administrators using ERD Commander 2005 benefit from a host of additional tools.

Viewing the Event Log helps determine system, security and application errors that may be fouling a system’s performance. The Hotfix Uninstall Wizard enables undoing Windows service pack, update and hotfixes that may be preventing a system from booting or operating properly. A Locksmith tool, meanwhile, enables changing Administrator and local user passwords, which can prove a lifesaver when locked out of a critical PC or server.

Remote Recover

Remote Recover simplifies recovering data on remote systems or configuring remote systems for new installations. The ability to mount and administer remote system hard disks saves administrators the trouble of having to travel to systems across town or on a different floor when data must be recovered over the network, removing malicious files from a remote system using a local antivirus or antispyware application and more. Remote Recover supports creating bootable CDs and floppy disks, as well as a PXE boot option for systems without an operating CD or floppy drive.

NTFSDOS Professional

Remedying NTFS errors is much easier when you can actually access the NTFS-formatted disk in question. NTFSDOS Professional enables the creation of a boot diskette administrators can use to access and repair NTFS volumes on Windows NT 4.0 and newer operating systems.

Figure B

Several Administrator’s Pak utilities include their own wizards that walk administrators through the process of specifying custom configuration options to be used with a tool.

Besides providing full read and write access to NTFS-formatted volumes, damaged NTFS partitions can be repaired by virtue of NTFSDOS Professional’s ability to boot nonfunctioning NTFS drives and create an environment in which checkdisk, antivirus and third-party recovery programs can be executed.

Crash Analyzer Wizard

Winternals’ Crash Analyzer Wizard interprets Windows crash logs to help determine the cause of system lockups and crashes. The Crash Analyzer works in tandem with Microsoft’s Debugging Tools for Windows to trace errant drivers. The wizard displays not only the driver likely responsible for a system crash, but also a friendly description, the drive’s file location, the publisher and other diagnostic data.


FileRestore provides administrators with a tool that makes quick work of searching for and recovering deleted data from hard disks and other media. Despite being deleted by system applications, processes, users or utilities, many files remain on a hard disk, flash drive or other media. FileRestore offers a solution for searching FAT, FAT32 and NTFS volumes on Win9x/Me/NT 4.0/2000/XP and Server 2003 systems for file remnants and recovering previously deleted data.

Filemon Enterprise Edition

Filemon Enterprise Edition monitors file activity. Using Filemon, IT professionals can track file activity on both local and remote systems. Further, Filemon tracks the applications that access files and records the data in real time to simplify troubleshooting problematic applications and file access issues. Filemon works with the Windows NT 4.0/2000/XP and Server 20003 operating systems.

Figure C

Filemon lists processes, requests, disk paths and more.

Filemon’s captured file activity data can be filtered according to a number of criteria to help narrow searches to specific criteria. Once the appropriate information is captured, the file activity events can be output as a text file or printed for review.

Regmon Enterprise Edition

Tracking stray and problematic registry errors can prove maddening. Regmon Enterprise Edition monitors registry access in real time, which greatly simplifies not only determining which applications are accessing the registry when problems occur but also in determining the actual registry keys in question. Regmon can monitor both local registries and those on remote systems.

The utility captures data according to filters you specify. Once captured, Regmon data can be output to a text file and printed, just as with Filemon.

Insight for Active Directory

Identifying faulty Active Directory configuration issues is much easier with Insight for Active Directory, which monitors LDAP calls (and the results of those directory requests) made from any system on the network. Using the data Insight for Active Directory collects, administrators can review the causes of authentication and access issues, research logon, file sharing and application errors and determine the source of replication failures.

Figure D

Insight For Active Directory lists processes, requests, input information and more. When an event is selected, additional information associated with the event is displayed in the bottom pane.

AD Explorer

Another potent Active Directory troubleshooting tool included within Winternals’ Administrator’s Pak, AD Explorer, provides a time-saving utility for finding, removing and editing objects and attributes within Active Directory. Using AD Explorer, administrators can also insert new objects within an existing Active Directory domain, view object properties and configure security settings.

AD Explorer is a powerful accompaniment to Insight for Active Directory. Double-clicking an entry from within Insight for Active Directory’s Event Pane prompts AD Explorer to open the item. The linked behavior helps Winternals’ two Active Directory utilities work together and simplifies Active Directory troubleshooting by ensuring that additional information about an event, object or attribute is never more than a few clicks away.

TCP Tools (TCPView Professional and TCPVStat)

Winternals’ TCP Tools combine two networking applications into a single utility.

TCPView Professional supports monitoring network traffic on Windows 9x/NT 4.0/2000/XP and Server 2003 platforms. While Windows’ native netstat command provides basic networking monitoring capabilities, TCPView Professional reveals additional data associated with network traffic, including the application responsible for generating specific network activity. TCPView Professional’s ability to display activity listed by process in real time makes it easy to diagnose which application or endpoint is congesting a network. The utility possesses several filtering options and can log data to a text file to aid troubleshooting efforts associated with specific systems, actions and processes.

TCPVStat provides an additional console-based utility for monitoring network traffic. Using TCPVStat, additional information (such as the process that opened the endpoint connection or the amount of data transferred using that endpoint) can be displayed for a TCP endpoint. TCPVStat can also perform DNS name resolution to reveal the friendly name of a system associated with an endpoint or process.

Neither TCPVStat nor TCPView Professional are installed by default with Winternals’ Administrator’s Pak. I suspect this is due to conflicts that can occur when the utilities are loaded on networks that also use Norton Antivirus software. When installing the Winternals’ Administrator’s Pak, you must select a Custom installation and specify that the two network monitoring tools are installed with the other Adminisrtator’s Pak utilities.

Mid to large support

The tools and utilities included in Winternals’ Administrator’s Pak are geared toward IT professionals supporting midsize to large organizations. The tools’ remote configuration capabilities certainly contribute to the software suite’s cost, but the ease of use and flexible administrative options they add justify the expense.

Future installments will explore in greater detail the steps required to maximize ERD Commander 2005’s recovery tools, the file and registry monitoring utilities and the Active Directory applications.

Editor's Picks

Free Newsletters, In your Inbox