On the Server Side: More Help Utilities

Ryan continues his foray into the tundra of Winternals Software's new Administrator's Pak. Will the product get a glowing recommendation or the cold shoulder?

Last month, we looked at some of the utilities for Win 2000 and Windows NT available in the Winternals Software (www.winternals.com) Administrative pak. This time, we’ll look at the rest of the utilities…
NTFSDOS Professional Edition is a device driver that allows you to read NTFS volumes from a DOS prompt. It was one of the first Winternals Software utilities and has saved many a system administrator time and trouble when trying to access an NTFS volume on a dead NT system. It’s a straightforward utility. It installs on two diskettes and can be used on any machine. You can even make the diskettes bootable with DOS or Win 9x.

It seems the NTFSDOS software is the basis of a lot of the Winternals utilities, such as Recover (see the July 2000 column) and the ERD commander (see below). Rightly so, it delivers much needed functionality. There isn’t much to be said about this other than it works very well and if you manage a large number of NT/2000 systems, you’re going to need it.

ERD Commander is used when an NT/2000 system just won’t start. It functions as an enhanced version of the standard Emergency Repair Disk created in NT with the RDISK command. The standard ERD is designed to boot a problem system from floppy disks and perform basic repairs such as restoring missing operating system files. ERD Commander goes to the next logical step by allowing you access to a command prompt. From that prompt you can access both FAT and NTFS formatted disk volumes and perform quite a few functions, such as copying files, changing access rights, disable or enable services and change passwords.

The ERD Commander setup program creates the standard ERD disk set, using NT’s setup program. It then modifies the contents of the first two disks and creates a new fourth disk. Booting a system with this set of disks results in a blue screen featuring a list of volumes and a command prompt. The prompt supports about 30 commands that allow you to navigate around disk volumes and make changes necessary to get a dead system running again. The prompt supports a help command and all the basic file management commands, such as copy, delete and rename. Unlike a Windows 9x or DOS boot disk, you can see any NTFS formatted volumes and work on them, including changing file attributes with the attrib command.

In addition to the basics, you also have access to several more sophisticated commands. For instance, the registry command loads the contents of the registry into memory. This permits several other commands to work, such as password, which allows you to change account passwords. The chkdsk command will check and repair drives. The service command allows you to change the startup behavior of services. You can disable, enable or set the service to automatically start at boot time, just as if you were using the applet from the NT Control Panel. The ftdisk command activates any fault tolerant storage settings in the registry. This means that you can access stripe or mirror sets while booting from diskettes! There is even a feature to allow you to load third-party disk drivers onto the ERD disk set so you can access other hardware, such as RAID drives.

TCPView Professional Edition is a TCP/IP network monitor. It displays and optionally logs any network activity in real time with a graphical user interface. TCPView has a number of features that make it very useful. For instance, with the real-time display, you can watch how a particular application is doing across the network.

After launching TCPView, you are presented with a window divided into two main sections. The top section contains what is called the static view. This shows a snapshot of all the "endpoints" currently active on your system. For instance, when a telnet connection is open, the static view shows a connection between the local machine and the remote telnet server. Each entry shows the process names and ID, the local address and port (your machine), the remote address and port (the server), the protocol (TCP or UDP) and the bytes sent and received. The dynamic view shows a realtime log of all TCP/IP activity as a scrolling window. Each entry shows a sequence number, a time stamp, the process name and ID, an action (such as send, receive, connect, etc.), the protocol, local and remote addresses and ports, and a status. Together, the two windows deliver a great deal of information about what a machine is doing on the network.

The program is well thought out. For instance, an option allows you to resolve the addresses of the connections so you just don’t see the IP address, but a fully resolved name. It also will interpret the port names, for instance replacing port 25 with telnet. You can both filter and highlight entries. Filter will only display those entries you want to see. Highlight allows particular entries to be more visible by adding color.