A Look at Administrator's Pak by Winternals

It's time that application testers got some good tools! I know, I know. You've got the "big automated Kahuna" on your shelf. I'm here to tell you about some less grand—but seriously useful—tools that you may want in your pocket.

Administrator's Pak by Winternals is a suite of ten utilities that allows you to repair unbootable or locked-out systems, restore lost data, and remove malware from infected systems while the system is safely offline. More important to software testers, though, Administrator's Pak will help debug and repair all sorts of less serious problems like configuration, application, and driver issues. You don't have to be a super tech to use these tools, but they definitely identify stuff that you can't find with the naked eye—and that makes you look really good.

Some of the Administrator's Pak tools work only locally and others work both locally and remotely. For example, you can run Administrator's Pak on a healthy machine where it is installed, and you will see the Navigator shown in Figure 1. From here you can work on the local machine to restore files with FileRestore; monitor and modify Active Directory traffic, objects, and properties using Insight for AD and AD Explorer; and use TCPView Pro to view what applications are connected to which ports. All of these tools can be helpful in identifying the causes of application and service failures resulting from AD configuration, corruption, executable errors, and communication issues.

You can monitor and restore files and registry activity on both the local machine and on a remote machine. This is very useful in diagnosing compatibility issues, such as why a certain application isn't running on a certain system. And you can run the Crash Analyzer Wizard on either the local or remote machine.

The Crash Analyzer tool is unique. It uses Microsoft debugging tools and Microsoft's own symbol files to analyze both events and executables. Instead of spending endless hours debugging the problem yourself, the Crash Analyzer Wizard automatically debugs your system using the latest dump and the system's own environment; then it tells you "what" is probably causing your problem. The whole process takes only a few minutes.

I ran the Crash Analyzer Wizard on three different machines that had all experienced failures in the past twelve months. Crash Analyzer told us that one had a faulty driver, one had a bad hot patch, and one had been hacked. Crash Analyzer correctly identified the source of each crash. The first took six minutes to identify, and the others took only seconds. In the machine that had been hacked, Crash Analyzer caught a bad system file that we had missed. The Crash Analyzer Wizard more than paid for the Administrator's Pak by saving us time we would have spent manually debugging these crashes.

When our test PC took a dump last week, everybody wanted to be the one with the privilege of running Crash Analyzer. So all the testers gathered around the machine while we booted it up and ran Crash Analyzer. Crash Analyzer took only a few minutes to find the problem. Sure enough, it was a new .dll in the application we were testing that probably caused the problem. We attached the dump and the Crash Analyzer report to the bug log. The developers were very pleased. Instead of spending hours trying to recreate the problem, they just fixed it.

Restore a Locked Out, Damaged, Dead, or Dangerous System
When it comes to restoring a system, you have two main options. The first is to restore the system locally by booting the machine into the ERD Commander