Diagnostic and Recovery Toolset (Part 1)

by [Published on 24 March 2011 / Last Updated on 24 March 2011]

This series of articles on Microsoft's Diagnostic and Recovery Toolset begins with an overview of DaRT 6.5.

If you would like to read the other parts in this article series please go to:

Introduction

Microsoft's Diagnostic and Recovery Toolset (DaRT) provides a set of tools you can use to troubleshoot various problems with Windows-based computers. DaRT can be useful when your computer won't boot because of system file corruption, driver incompatibility issues, malware infection, or other kinds of problems. DaRT can also help if you need to recover accidentally deleted files or when you've locked yourself out of your system.

While re-imaging a problem computer is often the quickest way of addressing these problems, such an approach is not always feasible. For example, unless your organization has an in-place image deployment solution like MDT 2010 available at each site, properly maintains all corporate images keeping them up to date, and redirects user data to network file servers using Folder Redirection, re-imaging of problem computers may not be a good solution. Helpdesk personnel that are trained in how to use DaRT however can often quickly resolve problems with users' PCs to reduce downtime and ensure continued user productivity.

This article provides a brief overview of what DaRT is, how to obtain it, and the troubleshooting and recovery tools it includes. The remaining articles in this short series will demonstrate how to use DaRT in various situations.

DaRT Versions

The current version of DaRT is version 6.5 and it fully supports Windows 7 and Windows Server 2008 R2. DaRT 6.5 is available in both x64 and x86 versions.

Previous versions of DaRT included:

  • DaRT 6.0 (x64 and x86) for Windows Vista, Windows Server 2008.
  • DaRT 5.0 (x86 only) for Windows XP, Windows Server 2003 and Windows 2000.

Prior to version 5.0, DaRT was called ERD Commander and was part of the Windows Sysinternals collection of tools.

Obtaining DaRT

DaRT 6.5 is part of the Microsoft Desktop Optimization Pack (MDOP) 2009 R2 so you need to get MDOP if you want to use DaRT. MDOP is available exclusively to Microsoft Software Assurance (SA) customers as an add-on subscription, so you must have an SA agreement with Microsoft if you want to get MDOP. As Figure 1 below illustrates,MDOP 2009 R2 provides you with DaRT plus the following:

  • Application Virtualization (App-V)   Lets you deploy on-demand applications that follow users anywhere but never installed locally on users' computers.
  • Advanced Group Policy Management (AGPM)   Helps you implement Group Policy more effectively using change management, versioning and role-based administration.
  • Asset Inventory Service (AIS)   Lets you scan your organization for software assets and use the collected information to make better manage these assets.
  • Microsoft Enterprise Desktop Virtualization (MED-V)   Lets you centrally deploy and manage Virtual PC images of Windows operating systems and applications in a way that allows users to access these applications directly from their Start menu as if the applications were locally installed on their computers.
  • Microsoft System Center Desktop Error Monitoring (DEM)   Helps you track operating system and application failures and proactively address problems using error monitoring and automated alerts.


Figure 1: The six technologies included with MDOP 2009 R2

Assuming you are already a volume-licensed customer with an SA agreement and MDOP subscription, you can go ahead and download MDOP 2009 R2 from the Microsoft Volume Licensing Site (MVLS). If you don't currently have an SA agreement but you want to evaluate DaRT and other software included with MDOP, you can download MDOP using your MSDN or TechNet subscription if you have one and use this software in accordance with the EULA for these programs. For more information on Microsoft's Software Assurance program for volume licensing customers see this link.

What's in DaRT

Version 6.5 of DaRT includes two basic types of tools:

  • ERD Commander   A collection of tools and wizards you can use to perform system diagnosis and initiate repair procedures. These utilities are described in more detail below. 
  • Crash Analyzer   A wizard-based tool that lets you examine a crash dump file to determine the underlying problem that may have caused a Windows-based computer to fail. As we'll see in a later article of this series, the Crash Analyzer wizard requires that you have the Debugging Tools for Windows either on your DaRT boot media or installed on the computer you are trying to troubleshoot.

As Figure 2 illustrates, you can launch various ERD Commander tools or the Crash Analyzer wizard from the Choose A Recovery Tool screen of the Windows Recovery Environment (Windows RE):


Figure 2: Accessing DaRT tools

Here's a quick summary of the various DaRT tools and how they can be used:

  • ERD Registry Editor   Lets you make modifications to the Windows registry on an unbootable Windows computer you are trying to repair. This tool can be useful if the computer won't boot because of registry problems.
  • Locksmith   Lets you reset the password for any local account. This can be useful if the user has accidentally locked herself out of her computer.
  • Crash Analyzer   Helps you quickly determine why a computer has crashed by analyzing and interpreting the computer's memory dump file.
  • File Restore   Lets you attempt to restore files that have been deleted from the computer's Recycle Bin.
  • Disk Commander   Helps you recover and repair disk partitions and volumes by restoring the Master Boot Record (MBR), partition table or lost volumes on a computer.
  • Disk Wipe   Lets you erase all data from a disk or volume so you can prevent sensitive business data or personal files from falling into the wrong hands when preparing to send a decommissioned computer to a recycle depot.
  • Computer Management   This standard Windows administrative tool is provided to allow you to manage services and devices on the computer, manage disk volumes, view event log information, and perform other steps when troubleshooting computer problems.
  • Explorer   Lets you use Windows Explorer to browse the local file system of an unbootable Windows computer you are trying to repair. If network connectivity is available, you can also use this tool to browse network shares.
  • Solution Wizard   Presents you with a series of questions that help you choose the appropriate DaRT tool to use in your situation.
  • TCP/IP Config   Lets you manually configure TCP/IP settings on an unbootable Windows computer when no DHCP server is available on the network.
  • Hotfix Uninstall   Lets you to remove hotfixes or service packs from an unbootable Windows computer you are trying to repair. This can be useful after installing a hotfix causes Windows to become unbootable.
  • SFC Scan   Can be used to automatically detect and repair corrupt or missing system files that are preventing Windows from starting.
  • Search   Helps you find user data files on the hard disk of an unbootable Windows computer you are trying to repair. That way, if no recent backup of these files is available, you can save the files to media before performing further troubleshooting steps that might corrupt or delete the files.  
  • Standalone System Sweeper   Lets you perform an offline scan for malware on an unbootable Windows computer. This can be helpful if the system has been infected with a rootkit since these, once installed, can usually hide themselves from any online malware scanner installed on the computer.

Conclusion

DaRT 6.5 provides a number of tools your Helpdesk personnel can use to troubleshoot and repair Windows computers that have become unbootable. DaRT 6.5 is part of MDOP 2009 R2 which is available to volume-licensed customers who have a Software Assurance agreement. Using the tools included in DaRT, you can analyze problems with unbootable computers, view their event logs, disable problematic device drivers, rollback problematic hotfixes, restore deleted files, sweep the computer for malware, and perform other repair and recovery tasks on Windows computers that won't start. In the articles that follow, we'll learn how to use DaRT for some of these scenarios.

If you would like to read the other parts in this article series please go to:

Advertisement

Featured Links