Recovery Manager v1.2

Reviewed by: Jack Reikel, January 2005
Published by: Winternals Software LP
Requires: Any PC running Windows Server 2003, Windows XP or
Windows 2000 or NT 4 with Service Pack 6a; Windows NT 4 systems in Active Directory domains also require the Active Directory Client Extension; protected client systems must be running Windows Server 2003, Windows XP, Windows 2000 or Windows NT 4 with Service Pack 6a and must have File & Printer Sharing and the C$ and Admin$ administrative shares enabled; systems running the Recovery Wizard to remotely repair other computers must run Windows Server 2003, Windows XP or Windows 2000
MSRP: $29.00 (each workstation), $299.00 (each server), $69.00 (each concurrent administrator) - minimums may apply, volume pricing available

Windows users sometimes live in fear—of bad patches automatically downloaded and installed by Windows update, of bad video driver installations, of poorly tested program installations which turn the Registry into corrupted mush—and have very few ways of easily alleviating that fear. Winternals Software is a developer of systems availability and performance programs for Microsoft-based computer networks. The company began life in 1996 and has produced a steady stream of useful software since then designed for use mainly in enterprise-wide applications. Recovery Manager is designed to restore unbootable or unstable computers suffering from damaged data or incorrectly installed files. It does its job by creating a database full of recovery points (based on dates and times) to which you can rollback your computer in order to restore its proper operation. Sounds like a great concept, yes?

Recovery Manager works by focusing exclusively on the Windows operating system, taking scheduled snapshots of critical system files and configuration settings. When virus attacks, faulty patches, buggy security updates, dumb user errors, corrupt drivers and other problems mess up a computer on your network, Recovery Manager can be used to remotely restore all or any part of the damaged OS and bring the machine back to life without overwriting data. For computers which will not boot at all, Recovery Manager lets you create a bootable recovery CD that can be used to get the dead system up and running again. Recovery Manager is not a hardware analysis wizard or hardware system utility of any kind.

Some of you may be wondering about Recovery Points and Restore Points. For the record, recovery points is a term used by Winternals and restore points is a term used by Microsoft. A recovery point is a specific record of a computer's system files and configuration settings on a particular date and time. Like a Windows XP restore point, a Recovery Point can be applied to undo harmful changes and to restore a system's settings and performance without losing recent work such as saved documents, e-mail, history or Favorites lists. But there are important differences between recovery points and restore points. For example, Winterals' recovery points operate across a network; Microsoft's restore points do not. Recovery Points can resurrect unbootable or locked-out computers; restore points are only useful as long as the computer on which they're stored remains accessible. Recovery points can be applied in their entirety or selectively for certain drivers, services and so on; restore points are full-system only. Recovery points can be created for Windows XP, 2000 and NT servers and workstations; restore points are restricted to XP. Microsoft's genuinely flaky System Restore function contains data which is easily corrupted rendering previously unstable systems totally unbootable; Winternals' recovery points are not subject to such instabilities.

In keeping with the Kickstartnews philosophy of "real reviews by real users" we installed Recovery Manager on a control workstation in a small but busy network environment (a segment with 2 servers, 6 workstations, 3 laptops). The program installs three things: a) the Microsoft Data Access Components (MDAC) interface, b) a free version of Microsoft SQL Server, and c) the Recovery Manager snap-in for the Microsoft Management Console (MMC) built into Windows. The point of the exercise was to set up Recovery Manager, create restore points automatically, and generally hope that one of the computers went down so that we could then see how well Recovery Manager works. The only problem was that after a week of normal use and some additional poking and prodding, none of the computers on the network showed any signs of going down. So we did the next best thing—we cheated. The simple act of overwriting a known good Windows system file with one we deliberately corrupted did the trick. We corrupted copies of some critical system and driver files by loading them into HexEdit (a binary editor), altering information, and saving the changes. We then used the newly corrupted copies, after booting into MS-DOS, to overwrite the good files. Needless to say, the corrupt files had the required effect with one system going down entirely (it became unbootable) and the other becoming ridiculously unstable (programs would not launch properly, random spontaneous restarts, etc). Prior to doing any of this, we used the scheduler in Recovery Manager to create intervals at which it automatically set recovery points for all the different computers on the network segment. The data for each recovery point is stored in a SQL Server database.

The main component of Recovery Manager is the MMC snap-in that provides full access to all of the recovery points for your system. Having a SQL Server installation on your computer is one thing, understanding how to access it is another matter altogether. Recovery Manager puts a friendly, easy to understand face on SQL Server through the snap-in.