Latest posts by Joseph Moody (see all)
- Outlook attachments now blocked in Office 365 - Tue, Nov 19 2019
- PolicyPak MDM Edition: Group Policy and more for BYOD - Tue, Oct 29 2019
- SmartDeploy: Easy software and OS deployment - Tue, Oct 1 2019
No matter how well managed an IT environment is, unbootable machines are a fact of life. While IT administrators use a variety of methods to repair these machines, few compare to the Diagnostic and Recovery Toolset (DaRT). Now in the seventh major release, DaRT comprises of 14 tools designed to tackle the toughest problems with an unbootable machine.
The Diagnostics and Recovery Toolset welcome screen displays all included tools.
DaRT components ^
- Registry Editor: a registry editor capable of modifying an offline operating system
- Explorer: the familiar explorer interface that is even capable of mapping network drives. Very handy for uploading logs, crash files, or backing up data
- Locksmith: a local user password reset tool
- Solution Wizard: an automated tool designed to help you (or more specifically, an end user) choose the correct repair tool
- Crash Analyzer: an offline Windows debugger capable of pinpointing troublesome drivers
- TCP/IP Config: a tool used to change the DaRT IP configuration
- File Restore: this tool provides file restoration of accidentally deleted files even on Bitlocker encrypted drives
- Hotfix Uninstaller: when a hotfix makes a machine unbootable, this tool can remove the hotfix
- Disk Commander: a handy tool to repair volumes, master boot records, or partitions
- SFC Scan: the System File Repair wizard can repair systems files that are preventing Windows from loading
- Disk Wipe: capable of wiping a disk or volumes with a single pass or four pass overwriting
- Search: a simple file search tool that is useful before reimaging a computer
- Computer Management: the all-inclusive MMC from Windows – now in a Windows PE format
- Standalone System Sweeper: an offline malicious software remover capable of deletion and quarantine
- And finally, though technically not a tool for system recovery, the Remote Connection interface allows Windows Administrators to remotely connect to a machine in a Windows PE environment.
While most Windows administrators would simply image a machine if it became unbootable, the specific tools in DaRT are nearly always faster and more specific in their troubleshooting. Further, tools such as the crash analyzer and hotfix uninstaller help to increase the stability of images by sorting out bugs rather than simply reimaging.
DaRT recovery image deployment method ^
There are a variety of ways to deploy DaRT for client use. The most common are CD/DVD, USB, embedded during initial workstation imaging, and network bootable. The table below outlines major benefits to each:
|CD/DVD||Nearly all machines capable of booting off media, most familiar technology||Boot image becomes outdated quickly requiring new media to be produced and distributed|
|USB||Faster than CD/DVD, easier to carry||Boot images not updated become obsolete, easier to lose|
|Embedded||No need to carry around media, very quick to boot||Image may not be available if hard drive fails, difficult to distribute updates.|
|Network||No physical media, updates very easy to distribute||Not as quick as USB or embedded on boot up.|
Deploying the DaRT recovery image ^
Most organizations, except those with a measurable percentage of non-networked machines, will probably choose to distribute their DaRT recovery image as a Windows Deployment Server boot image. This makes DaRT available to any machine capable of PXE booting. To create the recovery image, first install the DaRT 7 tools (these include the recovery image maker, online crash analyzer, and remote connection viewer). Next, launch the DaRT Recovery Image Wizard.
The first screen of the DaRT Recovery Image Wizard
After specifying the Windows source files for the recovery image creation, you will be prompted to select the tools available for use and whether you want to allow remote connections. Excluding certain tools such as Disk Wipe and Locksmith may be wise as a malicious end user can gain access to these tools. Any excluded tool is automatically made available if the remote connection tool is used and a Windows administrator successfully connects to the computer.
The final prompts for the recovery image are installing the debugging tools, updating the standalone system sweeper, loading additional drivers/files, and saving the ISO. After saving the ISO, use a tool to mount the ISO and browse to the sources folder. Extract the boot.wim file that is contained. You can now add it as a boot image on your Windows Deployment server and remotely boot machines into DaRT.
The DaRT 7.0 boot file is loaded into a Windows Deployment Server
Microsoft’s Diagnostics and Recovery Toolset is a Swiss army knife that no Windows administrator should be without. With continual improvements, such as the recent remote control feature and integration in the upcoming Microsoft Deployment Toolkit 2012, DaRT is sure to stay a favorite for machine recovery.