Apr 09, 2013 This guide helps you choose among DaRT deployment methods, and provides step-by-step guidance for each method. Download Microsoft Diagnostics and Recovery Toolset Deployment Guide from Official Microsoft Download Center. Microsoft Diagnostics and Recovery Toolset Deployment Guide Important! Selecting a language below will. Use dartdoc to generate HTML documentaton for your Dart package. For information about contributing to the dartdoc project, see the contributor docs. For issues/details related to hosted Dart API docs, see dart-lang/api.dartlang.org. Installing dartdoc.
-->
After installing Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0, you create a DaRT 8.0 recovery image. The recovery image starts Windows RE, from which you can then start the DaRT tools. You can generate International Organization for Standardization (ISO) files and Windows Imaging Format (WIM) images. In addition, you can use PowerShell to generate scripts that use the settings you select in the DaRT Recovery Image wizard. You can use the script later to rebuild recovery images by using the same settings. The recovery image provides a variety of recovery tools. For a description of the tools, see Overview of the Tools in DaRT 8.0.
After you boot the computer into DaRT, you can run the different DaRT tools to try to diagnose and repair the computer. This section walks you through the process of creating the DaRT recovery image and lets you select the tools and features that you want to include as part of the image.
You can create the DaRT recovery image by using either of two methods:
You can write the ISO to a recordable CD or DVD, save it to a USB flash drive, or save it in a format that you can use to boot into DaRT from a remote partition or from a recovery partition.
Once you have created the ISO image, you can burn it onto a blank CD or DVD (if your computer has a CD or DVD drive). If your computer does not have a drive for this purpose, you can use most generic programs that are used to burn CDs or DVDs.
Select the image architecture and specify the pathDart 8.0 Torrent Download
On the Windows 8 Media page, you select whether to create a 32-bit or 64-bit DaRT recovery image. Use the 32-bit Windows to build 32-bit DaRT recovery images, and 64-bit Windows to build 64-bit DaRT recovery images. You can use a single computer to create recovery images for both architecture types, but you cannot create one image that works on both 32-bit and 64-bit architectures. You also indicate the path of the Windows 8 installation media. Choose the architecture that matches the one of the recovery image that you are creating.
To select the image architecture and specify the path
Select the tools to include on the recovery image
On the Tools page, you can select numerous tools to include on the recovery image. These tools will be available to end users when they boot into the DaRT image. However, if you enable remote connectivity when creating the DaRT image, all of the tools will be available when a help desk worker connects to the end user’s computer, regardless of which tools you chose to include on the image.
To restrict end-user access to these tools, but still retain full access to the tools through the Remote Connection Viewer, do not select those tools on the Tools page. End users will be able to use only Remote Connection and will be able to see, but not access, any tools that you exclude from the recovery image.
To select the tools to include on the recovery image
Choose whether to allow remote connectivity by a help desk
On the Remote Connection page, you can choose to enable a help desk worker to remotely connect to and run the DaRT tools on an end user’s computer. The remote connectivity option is then shown as an available option in the Diagnostics and Recovery Toolset window. After help desk workers establish a remote connection, they can run the DaRT tools on the end-user computer from a remote location.
To choose whether to allow remote connectivity by help desk workers
Add drivers to the recovery image
On the Drivers tab of the Advanced Options page, you can add additional device drivers that you may need when repairing a computer. These may typically include storage or network controllers that Windows 8 does not provide. Drivers are installed when the image is created.
Important When you select drivers to include, be aware that wireless connectivity (such as Bluetooth or 802.11a/b/g/n) is not supported in DaRT.
To add drivers to the recovery image
Add WinPE optional packages to the recovery image
On the WinPE tab of the Advanced Options page, you can add WinPE optional packages to the DaRT image. These packages are part of the Windows ADK, which is an installation prerequisite for the DaRT Recovery Image wizard. The tools that you can select are all optional. Any required packages are added automatically, based on the tools you selected on the Tools page.
You can also specify the size of the scratch space. Scratch space is the amount of RAM disk space that is set aside for DaRT to run. The scratch space is useful in case the end user’s hard disk is not available. If you are running additional tools and drivers, you may want to increase the scratch space.
To add WinPE optional packages to the recovery image
Add the debugging tools for Crash Analyzer
If you include the Crash Analyzer tool in the ISO image, you must also include the Debugging Tools for Windows. On the Crash Analyzer tab of the Advanced Options page, you enter the path of the Windows 8 Debugging Tools, which Crash Analyzer uses to analyze memory dump files. You can use the tools that are on the computer where you are running the DaRT Recovery Image wizard, or you can use the tools that are on the end-user computer. If you decide to use the tools on the end-user computer, remember that every computer that you diagnose must have the Debugging Tools installed.
If you installed the Microsoft Windows Software Development Kit (SDK) or the Microsoft Windows Development Kit (WDK), the Windows 8 Debugging Tools are added to the recovery image by default, and the path to the Debugging Tools is automatically filled in. You can change the path of the Windows 8 Debugging Tools if the files are located somewhere other than the location indicated by the default file path. A link in the wizard lets you download and install debugging tools for Windows if they are not already installed.
To download the Windows Debugging Tools, see Debugging Tools for Windows. Install the Debugging Tools to the default location.
Note The DaRT wizard checks for the tools in the
HKLMSoftwareMicrosoftWindows KitsInstalled RootsWindowsDebuggersRoot registry key. If the registry value is not there, the wizard looks in one of the following locations, depending on your system architecture:
%ProgramFilesX86%Windows Kits8.0Debuggersx64
%ProgramFilesX86%Windows Kits8.0Debuggersx86
To add the debugging tools for Crash Analyzer
Add definitions for the Defender tool
On the Defender tab of the Advanced Options page, you add definitions, which are used by the Defender tool to determine whether software that is trying to install, run, or change settings on a computer is unwanted or malicious software.
To add definitions for the Defender tool
Select the types of recovery image files to create
On the Create Image page, you choose an output folder for the recovery image, enter an image name, and select the types of DaRT recovery image files to create. During the recovery image creation process, Windows source files are unpacked, DaRT files are copied to it, and the image is then “re-packed” into the file formats that you select on this page.
The available image file types are:
If you select the Edit Image check box on this page, you can customize the recovery image during the image creation process. For example, you can change the “winpeshl.ini” file to create a custom startup order or to add third-party tools.
To select the types of recovery image files to create
Edit the recovery image files
You can edit the recovery image only if you selected the Edit Image check box on the Create Image page. After the recovery image has been prepared for editing, you can add and modify the recovery image files before creating the bootable media. For example, you can create a custom order for startup, add various third-party tools, and so on.
To edit the recovery image files
Generate the recovery image files
On the Generate Files page, the DaRT recovery image is generated for the file types that you selected on the Create Image page.
To generate the recovery image files
Copy the recovery image to a CD, DVD, or USB
On the Create Bootable Media page, you can optionally copy the image file to a CD, DVD, or USB flash drive (UFD). You can also create additional bootable media from this page by restarting the wizard.
Note The Preboot execution environment (PXE) and local image deployment are not supported natively by this tool since they require additional enterprise tools, such as System Center Configuration Manager server and Microsoft Development Toolkit.
To copy the recovery image to a CD, DVD, or USB
Related topics-->
By Jerry Honeycutt
![]()
Published October 2009
Abstract
By providing tools that help you quickly troubleshoot and repair Windows®-based desktops, Microsoft® Diagnostics and Recovery Toolset (DaRT) can reduce the time, cost, and frustration associated with recovering computers that will not boot. DaRT 6.5 adds support for the Windows 7 and Windows Server® 2008 R2 operating systems. This white paper gives an overview of DaRT: its benefits, its capabilities, and how to evaluate it.
Overview
Creating the DaRT Media
Starting the DaRT Media
![]()
Exploring the DaRT Tools
ERD Registry Editor
Locksmith
Crash Analyzer
File Restore
Disk Commander
Disk Wipe
Computer Management
Explorer
Solution Wizard
TCP/IP Config
Hotfix Uninstall
SFC Scan
Search
Standalone System Sweeper
Evaluating DaRT
A user frantically calls support and your manager sends you to fix the problem. At the user’s desk, you log on to the Windows operating system and use the variety of tools that are available for troubleshooting. You look in Event Viewer for clues about the problem. You determine that the problem is a faulty device driver, and so you use the Computer Management console to disable that driver. Windows includes many such tools to help you diagnose and fix problems, but what do you do if you cannot boot the computer in to Windows?
The Microsoft Desktop Optimization Pack (MDOP) for Software Assurance can help organizations reduce the cost of deploying applications, deliver applications as services, and better manage desktop configurations. Together, the MDOP applications that are shown in Figure 1 can give Software Assurance customers a highly cost-effective and flexible solution for managing desktop computers.
Figure 1. Microsoft Desktop Optimization Pack
To help recover Windows-based desktops that will not boot, MDOP offers the Microsoft Diagnostics and Recovery Toolset (DaRT). DaRT is a powerful set of tools that extend the Windows Recovery Environment (Windows RE). With DaRT, you can analyze an issue to determine its source, view the computer’s event log for more clues, disable a faulty device driver, and remove hotfixes even when you cannot start the installed Windows operating system. Additionally, DaRT includes tools that enable you to troubleshoot the installed Windows operating system when starting Windows would not be prudent. For example, you can restore deleted files and sweep the computer for malware.
DaRT can help you quickly recovery computers running both 32-bit and 64-bit versions of Windows, in less time and with less frustration than reimaging the computer. This white paper describes the tools, such as Locksmith and Crash Analyzer, that are in DaRT. The paper then describes how Software Assurance customers can begin evaluating DaRT today.
Microsoft does not provide DaRT as a boot image. DaRT is not an .iso file that you download and burn to a CD. Instead, DaRT is a program that creates boot media, based on the Windows RE and a set of tools that DaRT provides. This boot media starts the Windows RE, from which you can start ERD Commander. ERD Commander provides a launch platform for the DaRT tools.
You use the ERD Commander Boot Media Wizard to create the ERD Commander boot media. To start the wizard, click Start, All Programs, Microsoft Diagnostics and Recovery Toolset, ERD Commander Boot Media Wizard. The ERD Command Boot Media Wizard will ask for the following:
Figure 2. ERD Commander Boot Media Wizard
At its completion, the ERD Commander Boot Media Wizard prompts you for the location and name of the image file to create. By default, the wizard creates the file ERD65.iso on your desktop. The wizard also prompts you to burn this image to a CD. You cannot copy this image to a USB flash disk.
ERD Commander in DaRT 6.5 supports Windows 7 and Windows Server® 2008 R2. Both x86 and x64 versions of DaRT 6.5 are available. DaRT does not support cross-platform boot media. Additionally, ERD Commander in DaRT 6.5 has the following, minimal hardware requirements:
To start DaRT:
Dart 8.0 Free Download
After starting the computer by using the ERD Commander boot media, Windows RE asks a few simple questions to initialize the environment. These include whether to initialize network connectivity in the background by using DHCP (you can manually configure network connectivity later by using the TCP/IP Config tool), which drive letters map to the Windows operating system that you are repairing, and which language and keyboard you want to use. Finally, you choose the Windows operating system to repair.
After preparing the environment, you see the System Recovery Options window, shown in Figure 3. Clicking Microsoft Diagnostics and Recovery Toolset opens the ERD Commander, which provides a launch platform for all of the DaRT tools that you included in the boot media.
Msdart 8.0 Download
Figure 3. System Recovery Options
Figure 4 shows the ERD Commander. From this window, you can launch any of the individual tools that you included in the ERD Commander boot media. You can also use the Solution Wizard to choose the best tool, based on a brief interview. Click Help to see detailed instructions for using each tool. The following sections provide an overview of each tool.
Figure 4. ERD Commander
ERD Registry Editor
You can use ERD Registry Editor, shown in Figure 5, to edit the registry of the Windows operating system that you are repairing. This includes adding, removing, and editing keys and values and importing .reg files.
ERD Registry Editor enables you to make registry edits that could help repair a system that will not boot. Additionally, you can use ERD Registry Editor to edit values that the installed Windows operating system locks while it is running.
Figure 5. ERD Registry Editor
Dart 8.0 Recovery Image Download
Notice in Figure 5 that HKEY_CURRENT_USER is missing, because a user did not log on to the installed operating system. Instead, ERD Registry Editor populates HKEY_USERS with all the user hive files found in the target installation. Additionally, HKEY_LOCAL_MACHINE does not contain a HARDWARE key.
Warning Serious problems might occur if you modify the registry incorrectly by using ERD Registry Editor. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Locksmith
The Locksmith Wizard is a simple tool that allows you to set the password for any local account on the Windows operating system that you are repairing, as Figure 6 shows. You do not need to know the current password. However, the password you set must comply with any requirements that a local Group Policy object (GPO) defines, including password length and complexity. Use this tool in the event that the password for a local account, such as the local Administrator account, is unknown. This tool cannot set passwords for domain accounts.
Figure 6. Locksmith Wizard
Crash Analyzer
By using the Crash Analyzer Wizard, you can quickly determine the cause of an issue by analyzing the memory dump file on the Windows operating system that you are repairing. Based on this information, you can take corrective action. The Crash Analyzer Wizard can eliminate much of the guesswork involved in diagnosing nonresponsive systems.
For example, if the Crash Analyzer Wizard reports that a device driver called MyFault.sys is the cause, as shown in Figure 7, you can disable the device driver by using the Services and Drivers item in Computer Management (see the section “Computer Management”). After discovering and disabling the faulting device driver, you can try to start the repaired Windows operating system.
Figure 7. Crash Analyzer Wizard
The Crash Analyzer Wizard requires the Debugging Tools for Windows. As described in the section “Creating the DaRT Media,” you can include the Debugging Tools for Windows in the ERD Commander boot media or you can install them on each computer that you are repairing. Microsoft recommends that you include the tools in the ERD Commander boot media. Otherwise, you must locate the Debugging Tools for Windows each time you use the Crash Analyzer Wizard to diagnose a computer that is not responding.
In addition to the Debugging Tools for Windows, the Crash Analyzer Wizard requires symbol files for the operating system that you are repairing. Symbol files map memory addresses to names, helping to provide meaningful information for troubleshooting. You can include the symbol files on your ERD Commander boot media or you can download the symbol files when you use the Crash Analyzer Wizard to repair a computer (in which case, an Internet connection is required while troubleshooting).
Even if you plan to reimage the computer, running the Crash Analyzer Wizard to determine the cause of the issue is a good idea. The image might have a bad driver that is causing intermittent problems in your environment. Running the Crash Analyzer Wizard can help you to see these patterns and improve your image stability.
Note If you do not have access to symbols or the Debugging Tools for Windows on the computer that you are repairing, then you can copy the memory dump file to another computer and use the standalone version of the Crash Analyzer Wizard to diagnose the issue. By enabling you to analyze memory dump files remotely, this tool is also useful when you are diagnosing an issue that does not prevent Windows from starting. To run the standalone version of the Crash Analyzer Wizard on the computer that contains DaRT, click Start, All Programs, Microsoft Diagnostics and Recovery Toolset, ERD Commander Boot Media Wizard.
File Restore
In Windows, the Recycle Bin helps prevent users from deleting files by mistake. However, users sometimes realize that they need a particular file only after emptying the Recycle Bin. In other cases, files are too big to fit in the Recycle Bin, or an application deletes the files.
File Restore enables you to attempt to restore all of these deleted files. Figure 8 shows the File Restore user interface. First, you must find the file you want to restore; File Restore has filtering capabilities to help expedite this process. For instance, you can use a file mask to search for specific file-name patterns. Additionally, you can limit results to a certain path, date range, or size range. File Restore can even find files in deleted directories. For each file that File Restore finds, it indicates whether recovery is likely or unlikely.
Figure 8. File Restore
File Restore is not limited to regular disk volumes. File Restore can find and restore files on lost volumes or on volumes that are encrypted by Windows BitLocker™ Drive Encryption. In the first case, File Restore can scan for and locate lost volumes, which you can then search for deleted files. In the second case, File Restore gives you the ability to unlock BitLocker-encrypted volumes by manually providing the recovery password or loading the recovery key from a file.
Disk Commander
By using Disk Commander, you can recover and repair disk partitions or volumes. As Figure 9 shows, you can choose from the following recovery processes:
Figure 9. Disk Commander
Warning Microsoft recommends that you back up a disk before using Disk Commander to repair it. By using Disk Commander, you can potentially damage volumes and make them inaccessible. Additionally, changes to one volume can affect other volumes because volumes on a disk share a partition table.
Disk Wipe
Many organizations simply format computers’ hard disks when they donate, recycle, or discard them. However, just formatting the hard disk does not destroy sensitive company or personal data on that disk. As various news accounts have shown, malicious users can get their hands on computers that companies discard and can recover sensitive data.
Disk Wipe, shown in Figure 10, can erase all data from a disk or volume. Two algorithms are available. You can use a single- or four-pass overwrite, which meets U.S. Department of Defense standards. After wiping a disk or volume, you cannot recover the data. Thus, verify the size and label of a volume before erasing it.
Figure 10. Disk Wipe
Computer Management
The Computer Management console, shown in Figure 11, is familiar to any information technology (IT) professional. The console is tailored to diagnose and repair problems that can prevent the Windows operating system from booting. The items in this console include the following:
Figure 11. Computer Management
Explorer
Sometimes, before you attempt to repair or reimage a system, you need to remove business-critical information that the user stored on a local drive. In DaRT, you can use Explorer to browse the computer’s file system and network shares. Because you can map drive letters to network shares, you can easily copy and move files from the system to the network for safekeeping or from the network to the system to restore them. Figure 12 shows Explorer.
Figure 12. Explorer
Solution Wizard
With so many tools in DaRT, figuring out which one to use can often be challenging. The Solution Wizard, shown in Figure 13, asks you a series of questions and then recommends the best tool for the job, based on your answers. This wizard helps you determine which tool to use when you are not familiar with the tools in DaRT. After becoming familiar with DaRT, you are more likely to start the correct tool for each job, without the help of the Solution Wizard.
Figure 13. Solution Wizard
TCP/IP ConfigDart 8.0 Download
When you start the ERD Commander boot media, it optionally obtains its TCP/IP configuration (IP address and DNS server) from Dynamic Host Configuration Protocol (DHCP). If DHCP is unavailable, you can manually configure TCP/IP by using the TCP/IP Configuration tool, shown in Figure 14. First, you choose a network adapter, and then you configure the IP address and DNS server for that adapter. Click Advanced to configure advanced TCP/IP settings.
Figure 14. TCP/IP Configuration
Hotfix Uninstall
Shown in Figure 15, the Hotfix Uninstall Wizard can remove hotfixes or service packs from the Windows operating system that you are repairing. Use this tool when a hotfix or service pack is potentially preventing the operating system from starting. Microsoft recommends that you use this tool to uninstall only one hotfix at a time, even though the tool allows you to uninstall more than one at a time. Be aware that programs that you have installed or updated after installing the hotfix might not work correctly after you uninstall the hotfix.
Figure 15. Hotfix Uninstall Wizard
SFC Scan
Use the System File Repair Wizard to repair system files that are preventing the installed Windows operating system from starting. The System File Repair Wizard can automatically repair system files that are corrupted or missing. Alternatively, the wizard can prompt you before performing any repairs.
Figure 16. System File Repair Wizard
Search
Before reimaging a computer, recovering files from the local hard disk is important—particularly when the user might not have backed up or stored the files elsewhere. Although the Explorer tool can be helpful, File Search can help you to find documents when you do not know the file path or to search for general types of files across all the local hard disks. File Search, shown in Figure 17, enables you to search the computer for files. You can search for specific file-name patterns in specific paths. Additionally, you can limit results to a date range or size range. In recovery scenarios, when repairing the installed operating system is not possible, you can use File Search to find users’ documents and copy them from the computer.
Figure 17. File Search
Standalone System Sweeper
Having a good antivirus and anti-malware strategy in your organization is crucial. Although real-time scanner tools such as Microsoft Forefront™ Client Security are vital, today’s ever-changing landscape requires many different tools to defend your network.
Malware that uses rootkits can mask itself from the running operating system. If a rootkit-enabled virus or spyware makes its way to the system, most real-time scanning and removal tools can no longer see it or remove it. Because DaRT boots from a CD and the installed operating system is offline, you can attack the rootkit without it hiding from you.
Figure 18 shows the Standalone System Sweeper. This tool can help detect malware and unwanted software and alert you to security risks. When the Standalone System Sweeper detects malicious or unwanted software, it prompts you to remove, quarantine, or allow each item. You can use this tool to scan a computer for and remove malware while the installed Windows operating system is not running.
Figure 18. Standalone System Sweeper
DaRT is an add-on license available only to Software Assurance customers. Begin your evaluation today:
· Download and evaluate DaRT as part of MDOP.
MDOP is available to Volume Licensing customers, Microsoft Development Network (MSDN®) subscribers, and Microsoft TechNet subscribers.
· See MDOP on Microsoft.com.
To learn how DaRT and MDOP for Software Assurance can help you better manage GPOs, see http://go.microsoft.com/fwlink/?LinkId=160297.
· See MDOP on TechNet.
For technical information about DaRT and MDOP for Software Assurance, see http://www.microsoft.com/technet/mdop on TechNet.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |