ERD Commander 2000 2.0

Restore boot functionality to Win2K and NT

Although many systems administrators have embraced the advent of NTFS because of its security and capacity advantages over the FAT file system, some are put off because NTFS doesn't let them use DOS-bootable disks to access NTFS partitions. The DOS boot disk, along with a handful of DOS utilities, has been an essential part of most systems administrators' toolkits. Nervous about losing this ability to access NTFS drives to perform emergency repairs, some administrators have kept their system partitions FAT, potentially compromising security.

If you're one of those worried administrators, you can rest easy. You can load Winternals Software's ERD Commander 2000 2.0 from bootable disks or a bootable CD-ROM to access NTFS partitions and even perform registry modifications. ERD Commander 2000 also lets you install the software directly to your system disk and access it from the boot loader menu during startup. Regardless of how you launch it, ERD Commander 2000 will simplify your job.

Enhanced Toolkit
The simple concept of ERD Commander 2000 is that it adds program files to the existing core system files that Windows 2000 or Windows NT uses in its setup environment. When you use an ERD Commander 2000 CD-ROM or boot disks to boot a Win2K or NT system, you have a command-line interface with more than 40 basic and advanced commands with which to perform numerous tasks.

The basic commands that ERD Commander 2000 provides are typical file and directory commands such as Dir, Mkdir, Del, Move, Copy, and Xcopy. The advanced commands include the following gems:

  • Access: This command lets you add the Everyone group to files and directories you choose.
  • Service and Device: This pair of commands lets you view and change Win2K and NT service and device startup properties.
  • Password: Use this command to list local accounts and change a particular account's password.
  • Expand and Compress: This pair of commands gives you the functionality of a Zip utility.
  • Chkdsk: This command lets you run a standard disk scan and correct errors as you find them.
  • Regedit: This command lets you modify any values under the registry's SYSTEM key.
  • Regload: This command, a necessary prerequisite to commands that work with the registry, loads the Win2K or NT registry so that you can modify it. If you have multiple Win2K and NT installations on the same drive, Regload prompts you to choose which registry hive to load.

In addition to these commands, ERD Commander 2000 provides a basic text editor and a specialized batch file processor to help automate tasks.

Putting ERD Commander 2000 to the Test
I installed ERD Commander 2000 quickly and easily on my Dell Precision WorkStation 410. The installation process created a program group that included the ERD Commander Disk Creator, a licensing text file, and the software's online Help files. Besides a Portable Document Format (PDF) user manual and the online Help, you can also use the ERD Commander 2000 command line to access Help—simply type help at the command prompt.

After setup completed, the Disk Creator wizard launched and gave me the choice of creating ERD Commander 2000 boot disks, creating a bootable CD-ROM, or installing ERD Commander 2000 to my hard disk. I could also choose between Win2K and NT source files to create the boot media.

Winternals recommends using Win2K source files on Win2K machines and NT files on NT machines. In my testing, however, the bootable media I created with Win2K files worked well on both Win2K and NT systems. Also, by default, Win2K supports more devices (e.g., SCSI adapters) and automatically recognizes fault-tolerant drive sets that both Win2K and NT create. Boot media that you build with NT 4.0 require you to use ERD Commander 2000's Ftdisk command to gain access to fault-tolerant drives. Win2K boot media can access NTFS 5.0 (NTFS5) drives, whereas boot media that you create with NT 4.0 require additional updates from Service Pack 4 (SP4) to achieve that capability.

For the sake of testing, I used both Win2K and NT to create boot media. I stepped through the ERD Commander 2000 setup wizard and first chose to create bootable disks. A nice feature in the setup process is the ability to add third-party drivers during the disk build. This capability takes some of the hassle out of booting machines with disk controllers for which Win2K and NT don't have drivers.

The wizard presented me with the option of password-protecting ERD Commander 2000's startup process. This option offers some security if your boot media fall into the wrong hands. If you plan to install ERD Commander 2000 to one of your servers' hard disks, I recommend using the password option. For the Lab tests, I chose to skip the password option and let the wizard step me through the process of creating native Win2K and NT setup disks. When finished, I had a five-disk set for Win2K and a four-disk set for NT.

I fed the Win2K boot disks one by one into the floppy disk drive just as if I were running Windows setup. At the end of the process, the ERD Commander 2000 command prompt displayed the system drive-letter mappings.

I quickly got tired of feeding disks into the floppy drive, so I decided to test ERD Commander 2000's bootable CD-ROM option. The setup process for the bootable CD-ROM was simple. ERD Commander 2000 transfers all the necessary files to a directory and creates the bootsec.bin and tag file that you need to create a bootable CD-ROM. Then, I used Golden Hawk Technology's CDRWIN software and Hewlett-Packard's (HP's) CDWriter Plus 8100 to create the bootable CD-ROM. Most of my experience creating bootable CD-ROMs has been bad, so I was pleased when my first attempt to create the ERD Commander 2000 CD-ROM worked flawlessly. I immediately began testing each of the available commands on the Win2K and NT systems on my test network.

The CD-ROM's boot process was fast and easy, and I was soon looking at an ERD Commander 2000 command prompt. By default, ERD Commander 2000 lists all the available drive mappings. (You can also use the Map command to list the mappings.) With the ERD Commander 2000 disks that I built from Win2K files, I could see all the drives on my test systems, including fault-tolerant stripe sets and Win2K dynamic drives. Oddly, the drive mappings display physical disks rather than logical disks.

Figure 1 shows the mappings that ERD Commander 2000 recognized. Although drives D, E, and F make up one logical stripe set, ERD Commander 2000 represents them as discrete physical drives. Notice, however, that their capacities are identical and represent the total capacity of the logical drive. When I requested a directory listing for one of the three physical drives, the listing similarly displayed the contents of the associated logical drive.

As I expected, the basic file and directory commands worked well on all my systems. I could move files between drives and use the floppy disk. The command line supports long filenames, but you must enclose them in quotation marks for certain functions.

In my testing of ERD Commander 2000's advanced commands, I began with Chkdsk. Chkdsk invokes Microsoft's autochk.exe utility, which Winternals copies to the ERD Commander 2000 boot disks. The Chkdsk command operates exactly as it does when you use it to check an NT disk for errors at boot time. I used Chkdsk to scan IDE, SCSI, and fault-tolerant drives on my test network's various systems and encountered no problems.

The Access command modifies NTFS file permissions by adding the Everyone group to an object's ACL. Access' syntax is straightforward, requiring only a path to the file I wanted to modify. By adding the /S switch, I could also change permissions on the files of subdirectories in the path I specified. The Access command's syntax also supports wildcards. After I executed Access and rebooted, the files that I modified displayed the Everyone group permissions, as I expected.

The Regedit, Password, and Service commands required that I load the registry into memory, so I used the Regload command to satisfy the requirement. On my network's multiboot systems, I could choose to load a registry from any of my bootable partitions.

Regedit is a command-line registry editor that lets you edit values under the SYSTEM registry key. Regedit command options let you query, add, delete, and find values. Because Regedit requires that you enter the full subtree, key, and subkey that you want to modify and has a complex command syntax, I spent a lot of time typing commands and going back to the Help text to check my syntax—a tedious chore, but it got the job done.

Figure 2 shows some sample Regedit commands. In the first command, I queried the value of a particular registry key. Next, I used the Add argument to change a value. Finally, to check the results of Add, I repeated the first query command. I made several changes to my test systems, including adding hexadecimal values, which you can format as bytes or words. After rebooting the systems—a sign of success in itself—I used Microsoft's regedt32.exe to double-check each system's registry. I found that all the changes I had made with ERD Commander 2000 were in place.

The Password command listed the local accounts and let me change the passwords at will. I simply had to type the Password command and the local account, followed by the new password I wanted to apply. The only hiccup in this process was that ERD Commander 2000 couldn't deal with user accounts longer than one word. The product also limits you to changing only one password between reboots. Figure 3 shows the ERD Commander 2000 interface as I issued the Registry and Password commands.

Next, I typed the Service command to list all the services and drivers available on my Win2K and NT systems. I could then change the startup parameters of any service or driver. This feature can help you circumvent drivers that are preventing a system from booting.

What About the Recovery Console?
You might notice some similarities between ERD Commander 2000 and Microsoft's Recovery Console (RC), which Win2K Server and Win2K Professional include—particularly, the capability to add both ERD Commander 2000 and the RC to your hard disk and boot loader menu. You might also have discovered that the RC works on both Win2K and NT. Compared with ERD Commander 2000, however, the RC poses certain limitations.

First, the RC lets you access only the \%systemroot% and \%windir% directories. Second, the RC requires that you use the local administrator account to log on—a good security requirement, but one that can create a problem if you forget the administrator password or if the SECURITY and SAM registry hives are damaged. Third, the RC doesn't provide advanced capabilities to change the registry, file permissions, or local account passwords. Finally, Microsoft's licensing agreement doesn't let you install or use the RC on non-Win2K systems.

These limitations notwithstanding, the RC offers important functionality in a disaster-recovery scenario. However, if you want to save a few dollars by using the RC instead of a utility such as ERD Commander 2000, you won't have every tool you need in a crisis situation. When you consider the downtime that a misconfigured or corrupted server can cause, the cost of ERD Commander 2000 is justified.

Secure Your Servers
ERD Commander 2000's valuable tools help you resolve problems on Win2K and NT systems. The product's functionality is impressive—but a bit unnerving. Although ERD Commander 2000 gives you the confidence to use the more secure NTFS on all your partitions, anyone who has the product can create bootable media and use them to access your system's partitions and registry. Thus, ERD Commander 2000 gives you the impetus to take the most basic security measure of all: keeping your servers behind locked doors.

ERD Commander 2000 2.0
Contact: Winternals Software * 512-330-9130 or 800-408-8415
Price: $349 per administrative user; volume discounts available; an upgrade from ERD Commander Pro costs $49, and an upgrade from ERD Commander costs $124.
Decision Summary:
Pros: Valuable tools help you recover inaccessible Windows 2000 and Windows NT systems
Cons: Can be a serious security threat in the wrong hands; the complex command structure of the product's Regedit feature is tedious to use
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.