boot CDs are plentiful. Numerous ISO images populate the Internet. From Hiren’sBootCD to a BartPE disk, numerous options exist for rescuing failed
systems quickly. Not all are legal, and some are outright flaky.

If you
work within a larger enterprise you’d be well served to take a look at Winternals
Software’s ERD Commander 2005. A core component of Winternals’ $1,439
Administrator’s Pak, ERD Commander 2005 isn’t cheap. But with the investment
comes a collection of powerful utilities you can use with confidence to repair
failed systems. Best of all, it’s completely legal.


Figure A

The Winternals’ ERD Commander 2005 boot process appears similar to that
used by Windows XP.

the ERD Commander 2005 boot CD in an accessible drive, bypass the existing or
inoperative operating system by booting from the CD, and the utility will
create a miniature Windows XP environment. Though limited in scope, the
interface enables troubleshooting a variety of Windows operating systems,
including Windows NT 4.0 (Service Pack 4 or later required), Windows 2000,
Windows XP and Windows Server 2003.

Figure B

ERD Commander 2005 is capable of identifying numerous installed Windows
installations; when booting using the ERD Commander 2005 CD, simply select the
Windows installation you wish to repair.

running, ERD Commander 2005 presents a Windows XP-like interface providing
access to numerous troubleshooting tools in a graphical environment, including:

  • Administrative Tools – Autoruns,
    Disk Management, Event Log, Reg
    Edit, Service and Driver Manager and System Information.
  • Networking Tools – File Sharing, Map Network Drive
    and TCP/IP Config.
  • System Tools – Crash Analyzer, Disk
    Commander, Disk Wipe, File Restore, Hotfix
    Uninstall, Locksmith, System Compare, System File Repair and System
  • Menu Tools – Console, Explorer, Internet
    Browser (Mozilla Firefox version 1.0), Notepad, Search, Solution Wizard,
    Help and Run (command line).

Figure C

ERD Commander 2005 creates a Windows XP-like graphical user environment for
troubleshooting systems that won’t boot.

Administrative tools

any of the Administrative Tools, which are accessed by clicking the ERD
Commander 2005 Start button and clicking Administrative Tools, opens a Windows
2000 Computer Management-like console. Administrators can leverage the console
to perform Disk Management functions just as if the technician had booted into
Windows and selected Disk Management within the Computer Management console. In
addition to formatting partitions, Disk Management can set partitions active and
change drive letters, among other tasks.

Winternals’ Event Log, meanwhile, provides the ability to review Application,
Security and System logs as if the technician had booted into Windows and
selected Event Viewer from within the Computer Management console. Information
found within these event logs can prove critical in identifying and eliminating
the issues that are preventing a system from booting or operating properly.

Figure D

Event Viewer logs, accessible within ERD Communicator 2005, can prove
invaluable in tracing the cause of system failures.

RegEdit provides the standard registry editing utility for
correcting problematic registry entries, while System Information reports on critical
system specifications. RegEdit can prove a lifesaver
in reversing a registry setting that’s prohibiting Windows from booting. System
Information, meanwhile, reveals the computer’s name, OS kernel version, OS
product type (such as Windows XP Home versus Professional), current service
pack, applied hotfixes and more. Such data helps
identify or eliminate potential causes for failure and ensures an administrator
can collect as much information as possible about a failed, non-booting system.

services and errant drivers can also prevent systems from starting properly.
ERD Commander 2005’s Service and Driver Manager offers
support professionals a simple interface for resurrecting desktops and servers
that are failing due to problematic services and drivers. Using the Service and
Driver Manager, technicians can view services and drivers that load by default.
Using simple right-click actions, services can be disabled,
set to manual, configured to run at boot or set for automatic startup. Drivers
can be reviewed and reconfigured, too, as well as updated.

Autoruns provides another powerful graphic-based tool. The utility
lists programs that run automatically when Windows starts, including those that
aren’t always listed in Windows default Startup folder. Within the ERD
Commander 2005 boot environment, administrators can then make any adjustments
as needed, thereby enabling the removal of programs or files whose automatic
execution is prompting Windows to fail.

Networking tools

ERD Commander 2005 Networking Tools are accessed by clicking Start, selecting
Networking Tools and clicking the desired utility.

the File Sharing option opens the Start Network File Sharing dialog box, which
enables securely sharing a troubled system’s files on the network. Using File
Sharing, an administrator can recover a failed system’s data over a network.
Security comes into play by virtue of the technician’s ability to require a
username and password, set by the administrator, to access the troubled
system’s data.

Map Network Drive feature supports mapping network drives within the ERD
Commander 2005 environment. Mapping network drives proves helpful when opening
supported console sessions requiring access to files on a network drive and
when using the default My Computer and Explorer applications to access network
shares holding recovery software, drivers, service packs or antivirus

settings also can be configured when using ERD Commander 2005. Select TCP/IP
Configuration to open an applet enabling IP, DNS, subnet mask, and default
gateway addressing information.

Figure E

ERD Commander 2005 supports configuring or changing TCP/IP information,
which can make the difference between having to reinstall Windows or connecting
a failed system to the network where additional troubleshooting tools can be
accessed to recover the existing installation.

System tools

A host
of system tools are available, too, many with wizards that walk technicians through
troubleshooting inoperative PCs and servers.

Analyzer works with Microsoft’s Debugging Tools for Windows (which must be
downloaded from Microsoft’s Web site) to analyze system crash dumps. The
resulting information helps isolate the cause of crashes, thereby guiding
administrator’s recovery efforts.

Commander helps recover files that have been lost as a result of everything
from file system errors to inadvertent partitioning and formatting. File
Restore is similar, except it works to recover files that were deleted and
emptied from the Recycle Bin. Incidentally, Disk Commander, too, can be used to
recover files that have been inadvertently deleted. In larger organizations,
where users often discard important documents and empty the Windows Recycle
Bin, such file recovery tools are a necessity.

everyone’s familiar, now, with horror stories of discarded PCs and servers
leaking confidential information. Remembering to properly delete sensitive data
before discarding used equipment can be tough, but ERD Commander 2005’s Disk
Wipe makes easy work of actually wiping hard disks. Administrators can elect to
complete a simple pass overwrite or opt for a four-pass deletion that meets US
Department of Defense 5220.22-M security requirements.

Other features
ERD Commander 2005 offers include a console for command line administration,
the ability to uninstall hotfixes selectively, a
Locksmith feature enabling Administrator passwords to be reset (helpful when
users forget their system passwords or an administrator leaves without
divulging passwords to his or her replacement), File System Repair (for
automatically discovering and repairing corrupted Windows system files) and
System Restore, which provides access to the Restore Point Wizard.

Commander 2005 includes Mozilla Firefox (version 1.0) for Internet browsing
from within the limited Winternals operating environment (which comes in handy
when needing to search the Web for specific drivers or updates), along with
Notepad, Search and a Solution Wizard designed to help guide support
professionals through a myriad number of solutions that can be used to recover
a failed system.

Creating the ERD Commander boot CD

the ERD Commander Boot CD itself is a relatively simple proposition. Using the
Winternals Administrator’s Pak, select the ERD Commander 2005 Boot CD Wizard
(accessed by clicking Start | Programs | Winternals Administrator’s Pak on the
system where the Administrator’s Pak is installed). The wizard walks
technicians through the process of creating the CD image. Technicians must
specify the location of any required mass storage drivers to be included. They
must also note which tools should be included on the CD image the wizard

addition, whichever staff member builds the CD must specify whether the CD
should support Remote Recover, which enables accessing an ERD Commander 2005
CD-equipped system over a network for remote troubleshooting and repair. When
using Remote Recover, ensure firewalls are set to pass port 18002
traffic, as this is the default UDP port ERD Commander 2005 uses to
communicate over a network.

Figure F

Winternals’ ERD Commander 2005 also supports accessing the tool’s recovery
utilities remotely. When the Winternals environment boots, select Run Remote
Recover Client on the target system to provide an administrator with access to
the ERD Commander 2005 toolset over a network. Here the default setting is
selected enabling a technician or support professional to interact with a
system locally.

the wizard completes it creates an ISO image in the location the technician
specifies. The wizard can burn the ISO image to a CD, or you can elect to burn
the CD yourself using your own preferred CD creation software.

In the
event a server or PC encounters trouble before you have an opportunity to
create a bootable CD for it, you can also use the Administrator’s Pak OEM CD to
boot ERD Commander 2005. Note that, should you do so, you may not have access to
mass storage drivers required to access a system’s hard drives.