Winternals Quick Start Guide

  • Article
On This Page

Starting Administrator’s Pak
Using Administrator’s Pak
Getting Help with Administrator’s Pak
Administrator’s Pak Quick Tips

Starting Administrator’s Pak

To get started, insert the Administrator’s Pak CD into the CD-ROM drive of your computer. The Installation Wizard will guide you through the installation process and allow you to choose a typical or custom installation.*

Accessing the Tools

~Quicksg1.gif

Once Administrator’s Pak is installed, you can access the components in two ways.

A. The easy-to-use Administrator’s Pak Navigator is available from the Start menu. The Navigator lets you see at a glance the product that will help you meet your system challenge.

B. If you know which tool you’d like to use, you can select Remote Recover™ (or its client boot media wizards), Filemon™, Regmon™, the Crash Analyzer Wizard™, FileRestore™, Insight for Active Directory™, AD Explorer™, TCPView Professional™* and TCPVStat™* directly from the Start menu. From here you can also open the boot media wizards for NTFSDOS Professional™ and ERD Commander 2005™.

~Quicksg2.gif

*  TCPView Professional and TCPVStat are not a default part of the typical installation. To install them, choose a custom installation.

Booting a System

You can boot a system to ERD Commander 2005, which includes Disk Commander™, and the Crash Analyzer Wizard simply by inserting the Administrator’s Pak CD and restarting the system; this process is safe and does not modify the system. The boot process will continue until you see the ERD Commander 2005 environment, shown here.

~Quicksg3.gif

Using Administrator’s Pak

With Administrator’s Pak you can repair dead systems, recover data, and troubleshoot in numerous ways.

Select a Tool with Administrator’s Pak Navigator

  1. Select the Start menu, then Programs, then Winternals Administrator’s Pak, then Administrator’s Pak Navigator.

  2. To launch a specific tool, select its associated icon or description.

  3. To create boot media for ERD Commander 2005 or Remote Recover 3.0, select the “Create boot media” icon or description.

Troubleshoot a System with the Crash Analyzer Wizard

  1. Select the Start menu, then (All) Programs, then Winternals Administrator’s Pak, then Crash Analyzer Wizard. Click Next at the introductory screen.

  2. Select the directory that contains the Microsoft Debugging Tools for Windows package; a link will be provided if you need to download it. Then click Next.

  3. Select the directory containing symbol files; unless you have previously downloaded them you will need to use the Microsoft Symbol Server to download the symbols. Then click Next.

  4. Specify the dump file you wish to analyze, then click Next. C:\Windows\Minidump\ is the default directory for dump files to be placed. If none have occurred on your system, specify the location where you have copied dump files from another system.

  5. The Wizard will display information indicating the driver that may have caused the crash you chose to analyze. You can adjust the driver using the Service and Driver Manager, then reboot the system.

Change the Administrator Password with ERD Commander 2005

  1. Boot the system using the CD as outlined in “Booting a System.”

  2. Select the Start menu, then Administrative Tools, then the Locksmith icon.

  3. The Locksmith™ Wizard will provide information on Locksmith’s capabilities and prompt you to select an account.

  4. Once you have selected an account, simply type in a new password.

  5. To test the new password, reboot the system to Windows (not ERD Commander 2005) and type in the new password for the account you selected.

CAUTION:  Keep the Administrator’s Pak CD in a secure location and monitor its use. Keep a record of new passwords and notify account users.

Boot and Mount the Disks of a Disabled System with Remote Recover

  1. Insert the boot media in the disabled system. (You can use the Remote Recover Client Boot CD Wizard to create a boot CD or the Client Floppy Wizard to create floppy media or network boot images.)

  2. Following the boot procedure, the Remote Recover client program will be displayed.

  3. On the host system, select the Start menu, then Programs, then Winternals Administrator’s Pak, then Remote Recover. Upon startup, Remote Recover broadcasts a query on the network. Booted systems receiving the query respond automatically. A list of clients responding will appear.

  4. Highlight the IP address of the system you wish to access, then select Connect from the File menu.

  5. Select the disk in the left window and then select Mount from the File menu. The disk will appear in the right window. Once mounted, client disks can be accessed from any Windows application.

NOTE:  If you are connecting to a system located over a router, the broadcast may not be received by the host, so it may not be viewable automatically. In this case use the File Add IP... menu item to specify the client to connect to.

Restore an Unbootable Windows XP® System with System Restore Wizard

  1. Boot the Windows XP system using the CD as outlined in “Booting a System.”

  2. Select the Start menu, then System Tools, then the System Restore Wizard icon.

  3. The Wizard will guide you through the steps of selecting a previously created Restore Point.

  4. Reboot the system to Windows (not ERD Commander 2005) and the system will be returned to the state it was in at the Restore Point selected.

Review Potential Malware with Autoruns

  1. Boot the system using the CD as outlined in “Booting a System.”

  2. Select the Start menu, then Administrative Tools, then the Autoruns icon.

  3. A list of user accounts will be displayed. Select an account to see which programs are configured to startup automatically when the system boots and when the selected user account logs in.

  4. Highlight an item and right mouse click to delete, explore, or retrieve additional information on it by selecting the appropriate action from the context menu.

Recover Deleted Files with FileRestore

  1. Boot the system using the CD as outlined in “Booting a System.”

  2. Select the Start menu, then System Tools, then the FileRestore icon.

  3. Enter search parameters such as file name, date last modified, size, type, or location, then click Search Now.

  4. Sort results by selecting the appropriate column heading.

  5. Once you have located the deleted file(s) you wish to recover, highlight the files and select Copy To Folder... from the Menu bar, select the corresponding tool bar button, or select Copy To Folder... from the context menu. You will then be prompted to select a folder as a location for the copied files.

Access NTFS Drives on a Disabled System with NTFSDOS Professional

  1. Boot the system into DOS, remove the DOS diskette, and insert the NTFSDOS Professional diskette created using the Boot Disk Wizard.

  2. Type “NTFSPRO” in the command line.

  3. License and time zone information will be displayed. The hard drive partitions will be scanned for NTFS drives. Each drive will be mounted and assigned a DOS drive letter. NTFS Volumes may now be repaired or recovered using normal DOS commands.

Monitor File Activity with Filemon Enterprise Edition

  1. Select Winternals Administrator’s Pak from the Start menu, then select Filemon. It will immediately display a list of real-time file activity on the local system.

  2. Use menus, hot-keys, or tool bar buttons to search and filter output, save the data to a file, or clear the window.

  3. Any remote system accessible via TCP/IP can be monitored. If the host system and the system you want to monitor both run Windows NT®/2000®/XP®/Server 2003® and are in the same Network Neighborhood, Filemon will automatically install client software on the client. Otherwise, you must manually install the client component.

Monitor Registry Activity with Regmon Enterprise Edition

  1. Select Winternals Administrator’s Pak from the Start menu, then select Regmon. Regmon will immediately display a list of real-time registry activity on your local system.

  2. Use menus, hot-keys, or tool bar buttons to search and filter output, save the data to a file, or clear the window.

  3. Any remote system accessible via TCP/IP can be monitored. If the host system and the system you want to monitor run Windows NT/2000/XP/Server 2003 and are in the same Network Neighborhood, Regmon will automatically install client software. Otherwise, you must manually install client software.

Monitor TCP/IP Activity with TCPView Professional

  1. Select the Start menu, then Programs, then Winternals Administrator’s Pak, then TCPView Pro. It will immediately begin capturing and displaying TCP/IP network activity.

  2. TCPView Pro presents network activity in two sub-windows. The top sub-window displays a static view showing a snapshot of existing TCP/IP end-points on the system. The bottom sub-window displays a dynamic real-time view of TCP/IP activity.

  3. By default, TCPView Pro refreshes the static view every second. The refresh rate can be changed or disabled.

  4. By default, the dynamic view scrolls so that it always displays the most recent event. Auto scrolling can be disabled.

Monitor LDAP Traffic with Insight for Active Directory

  1. Select the Start menu, then Programs, then Winternals Administrator’s Pak, then Insight for Active Directory. It will immediately begin capturing and displaying LDAP Traffic.

  2. Insight for Active Directory presents activity in two sub-windows. The top sub-window displays a real-time view of LDAP activity on the local system. The bottom sub-window displays detailed information about any LDAP action selected in the top sub-window.

  3. By default, the dynamic view scrolls so that it always displays the most recent event. Auto scrolling can be disabled.

Getting Help with Administrator’s Pak

To view the online help, press F1 or select Help from within the individual products in the Administrator’s Pak. Visit www.winternals.com/support to view the Winternals Software Support Knowledge Base.

For issues that are not covered in the online Help or Support Knowledge Base, please visit www.winternals.com/support/getsupport.asp or send an email to support@winternals.com.

If you need telephone support or other product information during your evaluation period, please call your Winternals Account Executive at 800-408-8415.

Administrator’s Pak Quick Tips

The system on which you wish to boot to ERD Commander 2005 must recognize the CD-ROM drive as a boot device. If it does not, you will need to adjust the system’s BIOS settings.

When using Remote Recover, or the remote monitoring functionality of Regmon or Filemon, you may need to configure your Windows system’s firewall to allow connectivity to (Regmon and Filemon) and from (Remote Recover). Consult your firewall vendor’s documentation for specific instructions on how to perform this task.

The ERD Commander 2005 networking services assume that a DHCP server is present on your network and will automatically obtain an IP address. If your network uses static IP addresses you can use the built-in TCP/IP Configura-tion utility after logging in to specify a static IP address.Fax 512.330.9131

Download

Get the Winternals AP Quick Start Guide