Skip to main content
November 12, 2007

Giving the Microsoft Diagnostic and Recovery Toolset (DaRT) a Try

Today, Nick told you about some updates to the tools in the Microsoft Desktop Optimization Pack (MDOP) from Barcelona, Spain at TechEd IT Forum. I recently had a chance to give one of the components of MDOP – the Microsoft Diagnostic and Recovery Toolset (DaRT) 6.0 – a try. DaRT is an excellent set of tools for IT Professionals to troubleshoot unresponsive PCs and removing viruses and malware off infected PCs in their environment. DaRT 6.0  also now has the ability for IT Professionals to conduct offline removal of malware and viruses from infected PCs.

The first thing I noticed when I started using DaRT is that it provides two options to the IT Professional: a way to analyze crash files from unresponsive PCs through the Crash Analysis Wizard, and a way to create a startup disc with the necessary tools in fixing an unresponsive PC that is unable to boot into Windows called ERD Commander.

I first took a look at the Crash Analysis Wizard.

The Crash Analysis Wizard allows an IT Professional to take a crash dump file (*.dmp files associated with a system crash) and analyze it and get important bits of information that could help figure out why a PC is crashing. I have an old .dmp file from a crash a long time ago I dug up to run through the Crash Analysis Wizard. The Crash Analysis Wizard requires the Microsoft Debugging Tools for Windows as a prerequisite so before proceeding in analyzing my .dmp file, I had to install that first. I was also able to specify any Symbol files I had as well. I had no Symbols to provide so I skipped to choosing the specific .dmp file I wanted to analyze.

Once I choose the .dmp files – I clicked next and the analysis commenced. The analysis finished in about a minute and brought up a new screen telling me what probably was the cause of the crash as well as when the crash originally occurred.

If I wanted, I could view the full details of the crash as well. The .dmp file I used for this was from June 20th and was in fact due to a graphics driver issue. The graphics driver issue was corrected after updating to the latest video driver.

I then proceeded to check out ERD Commander.

ERD Commander lets you create a startup image. That startup image can then be burned to a CD in which you can boot off of that lets you repair PCs that do not function. I went through the process, via the ERD Commander Wizard, in creating my own startup disc. In creating a startup disc, I was required to provide a Windows Vista DVD to create the boot image.

After choosing the Windows Vista Ultimate DVD in my DVD Drive and choose next, the Wizard then told me it is about to extract the necessary files in creating a boot image and that it may take a few minutes. For me, it barely took a minute to extra the files. Once the extraction of the files is complete, the wizard then brought me to a new screen in which it gives me an offering of tools I can add to the startup disc.

I went ahead and choose all of the tools. You are given the choice of the following tools for your startup disc:

  • Computer Management
  • Crash Analyzer
  • Disk Commander
  • Disk Wipe
  • Explorer
  • File Restore
  • Hotfix Uninstall
  • Locksmith
  • Registry Editor
  • Solution Wizard
  • Standalone System Sweeper
  • System File Repair
  • TCP/IP Configuration

In choosing all of the tools – I proceeded to the next step: providing any .inf files for any specific devices I would need to install drivers for (*.inf files are device driver files). At this point I didn’t have any specific drivers I wanted to include on my startup disc as I was looking to create a generic disc. I was then asked to include any additional files, which I had none, and then create the disc. ERD Commander creates the startup disc image as an .iso file.

To my surprise, after the .iso image is done being created – ERD Commander asked me if I would like to then burn that .iso image to a CD. ERD Commander allows you to burn the disc directly. I was thinking I would have to use a third-party imaging burning tool to burn my startup disc image. This was a very cool surprise perk (a feature I think IT Pros will appreciate as well).

At the end of the Wizard, my startup disc was created as well as an .iso of the disc so I can re-burn the disc and create more if needed at a later date.

To test my new startup disc, I fired up Windows Vista in Virtual PC 2007 and booted off my new startup disc. When I did this, it went into System Recovery (WinRE) which is built into Windows Vista and DaRT runs on top of WinRE (Windows Recovery Environment). Matter a fact, WinRE has its own tools as well and DaRT works with them in helping the IT Pro diagnose what is wrong and recover a unresponsive PC.

I was then able to choose the tools offered in DaRT (which were the tools I chose above) and was able to scan the PC for malware and much more.

After experiencing DaRT first hand, I believe it is a must have for IT Professionals and offers a great set of tools in helping IT Professionals recovery crashed PCs in their environment. DaRT 6.0 (announced today as part of MDOP) offers IT Professionals the ability to run these tools on a BitLocker-encrypted drive as well. Customers can learn more about DaRT on