IMPORTANT ANNOUNCEMENT FOR OUR READERS!
AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at https://aka.ms/CISTechComm (hosted at https://techcommunity.microsoft.com). Please bear with us while we are still under construction!
We will continue bringing you the same great content, from the same great contributors, on our new platform. Until then, you can access our new content on either https://aka.ms/askpfeplat as you do today, or at our new site https://aka.ms/CISTechComm. Please feel free to update your bookmarks accordingly!
Why are we doing this? Simple really; we are looking to expand our team internally in order to provide you even more great content, as well as take on a more proactive role in the future with our readers (more to come on that later)! Since our team encompasses many more roles than Premier Field Engineers these days, we felt it was also time we reflected that initial expansion.
If you have never visited the TechCommunity site, it can be found at https://techcommunity.microsoft.com. On the TechCommunity site, you will find numerous technical communities across many topics, which include discussion areas, along with blog content.
NOTE: In addition to the AskPFEPlat-to-Core Infrastructure and Security transformation, Premier Field Engineers from all technology areas will be working together to expand the TechCommunity site even further, joining together in the technology agnostic Premier Field Engineering TechCommunity (along with Core Infrastructure and Security), which can be found at https://aka.ms/PFETechComm!
As always, thank you for continuing to read the Core Infrastructure and Security (AskPFEPlat) blog, and we look forward to providing you more great content well into the future!
As a field engineer, I am always eager to learn about cool tools and diagnostics. Part of Microsoft Desktop Optimization Pack 2013(MDOP), includes the Microsoft Diagnostics and Recovery Toolkit 8.0 SP1, codenamed DaRT. MDOP is a suite of technologies available as a subscription for Software Assurance customers. MDOP is also available for test and evaluation for MSDN and TechNet subscribers. Check with your licensing contact or TAM if you are interested in getting it.
The toolset empowers an administrator to create powerful Recovery Images used to tackle issues quickly and effectively, and it’s relatively simple to use.
The toolset can address common issues such as: system not starting correctly, data on the system needs to be salvaged, cannot log in because of a lost password, you suspect you might have malicious or potentially unwanted software on the system, or some other issues which require registry modifications, etc.
So, let’s get started!
First, you will need to obtain the Windows 8 ADK and install Windows PE and the Deployment Tools. We need Windows PE to create the recovery image. If you don’t have Windows PE installed, you will receive the following error.
By default the DaRT setup will install the Crash Analyzer, DaRT Recovery Image, and DaRT Remote Connection Viewer. You have the option to install the tools separately, but go ahead and install all of it.
Once the toolset is installed, launch the Microsoft DaRT Recovery Image Wizard(DaRTImage.exe). The wizard requires Windows 8 media(boot.wim) to create the recovery image, so get that handy. The wizard also allows you to create a 32 or 64 bit DaRT image independent of the current operating system the tool is running on.
Now, this is where the real fun begins. On the Tools section, the administrator can choose the tools for the recovery image. I won’t go into each specifically, but as you can see there are many to choose from. I personally choose everything…..just in case!
If you want to use the Remote Connection Viewer, you will need to allow remote connections. You can also specify a welcome message:
Under the Advanced Options, you can add any storage or network drivers which are not included on the Windows 8 Media. You can also specify additional WinPE packages as well as Windows Defender options. If you checked the Crash Analyzer as a tool for your recovery image, you will need to specify the path to the debugging tools as shown below:
Once you complete the wizard, a WIM, ISO, and a powershell script used for the recovery image is created. You can also create a bootable CD, DVD, or USB recovery image. Furthermore, you can use the boot.wim file to create a bootable recovery partition by using your company’s standard method for creating a custom Windows RE image.
To test your image, boot off of it, and WinRE will launch. Under the troubleshooting screen, you can then launch the DaRT recovery tools:
I personally like the computer management tool. There you can check the event logs, system information, autoruns, services, drivers, and even disk management! So, if I wanted to disable a driver, I could simply click on drivers, then change the startup type for that selection.
Another cool feature is the ability to control the remote machine using the Remote Connection Viewer. Basically, you launch the Remote Connection application with DaRT and give the administrator(help desk) a ticket number, IP, and port.
The administrator can then launch the Remote Connection Viewer and connect to the machine to control it remotely.
One last mention is the Hotfix Uninstall Wizard. Recently, I had a server which wouldn’t boot after applying a hotfix. This tool allowed me to remove the fix to boot normally. If you run into something similar, simply launch the Hotfix Uninstall Wizard, choose the hotfix you want to remove, and then let the wizard to its magic!
That’s it in a nutshell folks. You now have a powerful version of WinRE to help troubleshoot a variety of different problems. Create your own ISO and get used the toolset. I promise one day you will end up using it!
There are also some great demos on TechNet if you need further assistance with the toolset.
James Klepikow Platforms PFE