Technology Electronic Reviews
Volume 14, Number 2, December 2007

~ Return to more reviews in this issue

REVIEW OF: Dave Kleinman, editor (2006). Winternals: Defragmentation, Recovery and Administration Field Guide. Rockland, MA: Syngress. (ISBN: 1-59749-079-2). 504 pp. $49.95.

This is a book specifically designed for IT professionals working within a Microsoft-only environment. Edited by Dave Kleiman, Chief Information Security Officer for Securit-e-Doc, Inc, and including knowledge from over ten other contributing authors in the field of computer consulting Winternals: Defragmentation, Recovery and Administration Field Guide is offered as a practical book for Windows systems administrators needing to use Winternals and Sysinternals tools for data recovery and system monitoring. Mid-level administrators to sysadmin students will find the ease-of-use chapters most helpful when they are sitting with frustrations on the mind and a puzzled look to their faces.

The book beings with a brief explanation of Winternals emergence into the market of system tools designed to recover drive data from NT-based network topologies. From this point, chapter one gives an overview of ERD Commander, including step-by-step instructions on creating a ERD Commander Boot CD. The subject of ERD Commander in this chapter is almost entirely devoted to starting a completely dead server. To no surprise, the book makes an assumption that if the server cannot start at all, then the rest of Winternals tools will be of no use. A big positive to this first chapter, and all others, is the authors’ prevalent use of screen capture shots to guide the reader through complete system regeneration.

Chapter two focuses on comprehensively examining a problem computer. This chapter is the largest in the book, and guides readers in the use of Process Explorer for finding active desirable and rogue processes that may be hindering the performance of a machine. Solutions introduced in this chapter include: Simultaneous Autoruns and Process Explorer, Combating Malware, and Understanding Display Feature Groupings (e.g., shell extensions, services, drivers, image hijacks, known DLLs, LSA providers). Unfortunately, the Display Feature Groupings section of this chapter only devotes one small paragraph to Internet Explorer-specific information. IE problems are not addressed again until chapter four, and even here, IE is given little print time.

Chapters three and four deal with computer security and monitoring. File and directory access rights can be confusing for new Windows network administrators, and these two chapters are written for IT professionals having trouble understanding registry rights and using tools like AccessEnum. Chapter three is also an excellent resource for moving through the different tools provided by Winternals (e.g., RootKitRevealer, Sigcheck, ShareEnum) after the system has been restarted, and concerns of who has control of what parts of the system are prevalent. Any part of system recovery involves not only finding who has rights to certain segments of a computer, but more comprehensively, finding what users exist and what they have done in the past. Chapter four teaches readers how to discover who is logged on to a particular node on the network and what they have been doing that may or may not have caused a system crash. Tools like Tokenmon and Regmon are covered in this chapter with a nice section devoted to real-time file system activity and handles. Surprisingly, a brief introduction to the Windows registry is given in this chapter. One might assume, however, that any reader of this book would certainly not find these pages of any particular value.

Each chapter in this book ends with a brief FAQ section described by the authors as, "answered by the authors of this book . . . to both measure your understanding . . . and to assist you with real-life implementation of these concepts." After this message, the authors encourage readers to submit further questions to www.syngress.com/solutions for future dialog. Both the front and back covers of this book encourage use of the aforementioned web site to stimulate more learning on the part of the reader. Downloadable working scripts are available for free sharing as well.

If disk management is a concern, chapter five largely addresses all the various means of defragmentation through Winternals (e.g., Defrag Manager, PageDefrag, Command-Line Defragmenation). Help with finding directories, cluster properties, looking inside the LDM database and complete volume management can be found here as well. Extending beyond disk management, chapter six instructs in the recovery of lost data. Tools like FileRestore, Rocovery Manager and AdRestore are shown with many screen captures for error free implementation. The tools in these two chapters are intended to help manage and recover data from all types of problematic situations. Basically, if the reader is managing a legacy NT4 environment or a single machine on a large WAN that appears as a local drive, using this book should help administrators feel confident in preventing a major crisis.

Chapters seven and eight deal with two seemingly similar problems: system meltdown and network meltdown. Coping strategies are recommended for a variety of situations. Tools like FileMon, RegMon and PsTools are explained in chapter seven in attempts to help readers make sense of a Windows crash. Questions of finding errant drivers or problematic file and registry accesses and processes are explained in this section of the book. An important author note is given here reminding readers that Windows 2000 and later systems may give only semi faulty results when executing LoadOrder. It is the order of the loads that serves as the main problem in this case, not the fact that services may have failed to load at all. TDIMon, TCPView Pro, TCPCon are demonstrated in chapter eight as means of moving from smaller system problems to more globalized network troubleshooting. After systems have been recovered, administrators commonly need to monitor active connections, and then sometimes search through DNS and Whois information in order to solve lingering problems. Chapter eight serves as an excellent guide for this all-important information.

The book includes with two chapters strictly for programmers. These chapters provide useful tips on using DebugView, LiveKd, Tokenmon and Regmon for tracking, I/O bottlenecks, viewing loaded objects, and verifying that correct files and modules are loaded. A small section is even devoted to a programmer’s view of a system crash. The apex of these two chapters provides readers with overviews of source code porting, keyboard filters and then licensing use when coding is complete.

The book concludes with chapters on both NT 4.0-only tools and Sysinternals. Useful tips on what to look for when running an old NT4 system are offered in a meaningful manner, even though somewhat outdated. This section of the book is especially useful for those interested in training others to use Sysinternals for keyboard behaviors, desktop backgrounds, bypassing login screens, and other fun topics. Overall, those who have the necessary basic Windows networking background, and who are looking for a practical guide for all things related to Windows system recovery and administration will find this book to be a good item to pass around the server room.

Terry Cottrell is Library Director at the University of St. Francis in Joliet, IL. He may be reached at tcottrell@stfrancis.edu.

Copyright  2007 by Terry Cottrell. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at tcottrell@stfrancis.edu.

Technology Electronic Reviews (TER) is an irregular electronic serial publication of the Library and Information Technology Association, a division of the American Library Association, 50 E. Huron St., Chicago, IL 60611. The primary function of TER is to provide reviews of and pointers to a variety of print and electronic resources about information technology. Resources include books, articles, serials, discussion lists, training materials, bibliographies, and other items of interest to librarians and information technology professionals. The topics covered may include, but are not limited to, networking technologies and standards; hardware and software; operating systems; databases; specific programming languages; management tools and utilities; technical project management; training and personnel issues; library perspectives; and research and development.

Opinions expressed in this publication are those of the writers and do not necessarily represent the viewpoints of LITA, ALA, or organizations involved in the storage and/or distribution of the publication.

TER is distributed electronically via Internet. There is no subscription fee.

LITA provides its members, other ALA divisions and members, and the library and information science field as a whole with a forum for discussion, an environment for learning, and a program for action on the design, development, and implementation of automated and technological systems in the library and information science field.

LITA home page | TER home page