Winternals Administrator's Pak 5.0

Reviewed by: Mark Goldstein, June 2005, updated December 2006
Published by: Winternals
Requires: Target systems require a Pentium 166 or faster CPU, 64MB RAM and a bootable CD-ROM drive in order to use ERD Commander; Windows NT4 Service Pack 6a, Windows 2000, XP (x86 versions), Windows Server 2003 (x86 versions); Administrator versions are supplied with USB & parallel port dongles
MSRP: US$1,189.00 (1 license), $99.00 or less for additional licenses

The Winternals Administrators Pak 5.0 is a collection of repair, recovery and diagnostics tools that should be of great interest to Windows system administrators. It's a set of tools designed to help you revive unbootable or damaged systems, troubleshoot and diagnose Windows problems. For those of you already familiar with this well-known administration suite, v5 features an improved ERD Commander 2005 and Remote Recover 3.0. New additions since the previous version (4.2) also include Insight for Active Directory, AD Explorer and Crash Analyzer Wizard. Those of you unfamiliar with Winternals products may be familiar with, the company's sister web site which is a terrific source for mostly free advanced utilities, technical information and source code related to Windows NT/2000/XP, 2003 Server and Windows 9x and Windows Me internals that you won't find anywhere else. Mark Russinovich and Bryce Cogswell alone write and update everything on the site. Russinovich and Cogswell are also the brilliant minds behind Winternals and Administrator's Pak 5.0.

I installed and ran Admin Pak 5 on a bog-standard Pentium 4 machine which I use to administer a small manufacturing company network. Admin Pak 5 installed without incident and presented no problems or instabilities with the exception of some complications on a workstation that for some reason was still running a decidedly ancient Norton Antivirus 2002 (see Cons below). I used, tested and stressed Admin Pak 5 for a period of about 60 days. Although the licensed version used for this review did not include a USB or parallel port dongle (available with the more versatile licensing offered to the public), I never actually encountered a situation in which Admin Pak 5 in any way limited my ability to resolved a problem. As it happens too, I also didn't encounter a problem which Admin Pak 5 couldn't solve.


The main Admin Pak 5 program window is a master navigator for all the main components in the pak. It consists of a graphical dialog/window containing the main utility category selections. From there you have access to all of the major components and minor utilities in the suite including ERD Commander 2005, Remote Recover, NTFSDOS Professional, FileRestore, Filemon Enterprise Edition, Regmon Enterprise Edition, TCP Tools, Insight for Active Directory, AD Explorer and Crash Analyzer Wizard. It's a comprehensive package.

Here's my breakdown of each component in the suite and how I put it to use during the review period:

ERD Commander 2005: ERD, FileRestore, REE and Crash Analyzer are the showpieces of this administrator's pak as far as I'm concerned. ERD Commander is a bootable CD-ROM environment based on Windows Server 2003. Use ERD pre-boot, to modify installed operating systems, make registry changes, repair corrupt files, start/stop services, recover deleted files, reset passwords and change autorun settings. The ERD user interface is essentially a window which looks a lot like a regular Windows boot screen. Winternals provides the Firefox Web browser as an integral part of the ERD component, along with the System File Repair Wizard and a Solution Wizard. Through a series of questions, the file repair and solutions wizards can figure out what you're trying to do and recommend the best tool for the job. No problems presented by the Adaptec or QLogic SCSI host adapters on network servers. No problems presented when recovering a RAID box that decided to partially pack it in one day (running an IBM ServeRAID adapter in case you were wondering). ERD also sets up what amounts to a super file manager within which you can run a variety of internal utilities. My personal favorites are definitely Disk Wipe (for securely deleting or wiping everything on a hard drive or partition—we use hard drives for 24 months only and cycle them out whether they're flaky or not), and Locksmith (for changing administrative and user account passwords on the fly);

Remote Recover: Provides access to volumes and files on a remote system via TCP/IP and functions as if the drives were locally mounted. You can boot the machine hosting the volumes via CD-ROM or a Preboot Execution Environment (PXE) image and the whole thing works beautifully with FAT or NTFS formatted drives;

NTFSDOS Professional: This component is very handy to have in a mixed environment where workstations boot from NTFS volumes but also access FAT32 drives. It provides full access to NTFS volumes from MS-DOS;

FileRestore: The huge volumes of disorganized files strewn all over massive hard drives is a situation—standard operating procedure now it seems—I blame on the self-absorbed, narrowly focused loons responsible for the development of all the latest desktop/system search tools. X1, Yahoo! Search, MSN Toolbar Suite and Google Desktop Search are all well and good, and furthermore work extremely well for the most part. The problem is that badly organized files are also files which can easily be mishandled. Take the sales 'professional' in my office who freaked out over the fact that he had deleted an supposed Temp folder which happened to contain two different, key client presentations. If he'd been properly organized in the first place, with files clearly named and stored in clearly named sub-folders inside folders named for the clients, he wouldn't have lost a year off his life due to the stress he put himself through. Anyhow, FileRestore to the rescue. We also used FileRestore on a number of different kinds of media including removable hard drives, an 'ancient' ZIP disk/drive and a couple of digital camera cards. FileRestore appears to work on any media that appears as a mounted drive to the operating system;

Regmon Enterprise Edition (REE): A utility for monitoring registry access and modification in real-time across all machines in your network. Staff throughout the company and even IS/IT assistants can be caught red-handed almost in the midst of performing registry mods to tweak their computers or otherwise installing software without permission. I was mildly shocked to find out via REE that one of our marketing VPs had a nasty habit of playing with all sorts of system and user interface utilities (including a utility which enables a keyboard shortcut that calls up a fake screen image of a spreadsheet). Needless to say, REE gave us the heads-up we needed to lock down this guy's system. There were other things going on too and he doesn't work for us anymore;

Filemon Enterprise Edition (FEE): It performs the same function as REE but for files rather than registries;

TCP Tools: Consists of two components, a) TCPView Professional Edition, and b) TCPVStat. They're used to perform network and TCP/IP environment monitoring and problem diagnosis;

Insight for Active Directory: It's a real-time Active Directory diagnostic utility that helps resolve problems and runs warnings about possible new problems. You can build an application exclusion list by modifying the default one in the registry in order to avoid any interference with development environments, a feature which was beneficial in my corporate network. We've got an active development team working year-round on proprietary software and I'd hate to mess up anything being checked in or out of Visual SourceSafe;

AD Explorer: An Active Directory browser. No problems presented by the Adaptec or QLogic SCSI host adapters on network servers;

Crash Analyzer Wizard: This little wonder analyzes a Windows crash dump file and determines the likely cause. In my experience the fault usually lies with a driver and I think every admin knows that. Crash Analyzer Wizard actually cuts right to the proverbial chase and quickly tells you which driver messed up.

Cons: We traced some system instability in an Admin workstation to the presence of an older version of Norton Antivirus (2002). Sure enough, we found a warning about Norton AV on the Winternals support pages. I've been complaining for years about Norton Antivirus' deeply rooted installations and this is another example of how difficult it can be for perfectly good software to get along with Norton's aggressive attitude. Removing Norton Antivirus in favor of Panda, AVG, SystemSuite (Trend Micro) or any number of other good AV programs, or updating to Norton AV 2005 solves the problem.

Pros: File Restore works with everything, including CF, SD and Memory Sticks as long as the media appears as a separate drive (you'll have to disable any proprietary digital camera software) which neatly solved a problem when one of our staff accidentally deleted some product photos before copying them to a file server. Administrator's Pak 5 is the most powerful and complete set of administrative system tools I've yet seen. During the review period I used Admin Pak 5 exclusively on our manufacturing company network and I don't think I'm going back to the individual tools I was using before. I was by the aggravation of Dumb User Errors (DUEs) a total of seven times during the review period and used one component or another in Admin Pak 5 to solve each problem quickly. The REE utility will keep you up at night—seriously—but at least you'll find out who's messing around where they shouldn't (after which you can resolve the issue and sleep much better!). Every Windows Admin should have this package—the depth and breadth of utility coverage is excellent and the tools themselves are well designed. No Windows system is too tough for Admin Pak 5.0 and the Crash Analyzer can nail down and interpret almost any BSOD. I can't say enough about ERD Commander 2005, having used it to recover and repair two important workstations during the review period, both of which were rendered basically unbootable by viruses which trashed some Windows system files. We used ERD Commander to restart/restore the system, then used a specific virus removal tool to eliminate the problem permanently. Admin Pak 5 is in my opinion an indispensable tool for every Windows administrator. It's all there in one, unified package. Swallow hard because the price really is right and the first four or five machines you save (in less time than it takes to describe the process), thereby avoiding the need to reinstall Windows or perform some other wildly time-intensive task, will make it all worthwhile. Highly recommended.





© Copyright 2000-2007 All rights reserved. legal notice
home | previous reviews | forums | about us | search | store | subscribe


Hot News Search Home Previous Reviews About Us Store Subscribe