ERD Commander
I recently examined Mark Russinovich and Bryce Cogswell's disaster recovery tools. One of my favorite tools is ERD Commander 1.0, an application that I recommend you add to your disaster recovery kit.

ERD Commander alters the three Windows NT installation disks to display a minimum command-line NT shell and gives you boot-disk functionality for NT. From the command line, you can use familiar syntax to delete troublesome drivers, copy Registry hives to a disk and edit them on a different NT machine, or copy data (although somewhat cumbersome). Table 1, page 214, lists and describes each ERD Commander command.

After testing ERD Commander, I identified several important considerations. First, the ERD Commander installation alters the three NT installation disks, so I suggest you keep your original NT installation disks and use winnt32 /ox to create a new set of installation disks to use with ERD Commander. Second, you can successfully use ERD Commander on both NT Server and NT Workstation (I used an NT Server installation disk set to open a command line on an NT workstation), because NT boots from the disks and not from the system you're attempting to repair. Third, ERD Commander works with only NT 4.0.

With version 1.0, you can create 16- and 32-bit ERD Commander disks. If your system can't boot into NT, you can use the 16-bit installation to create the same three ERD disks as the 32-bit installation.

During the ERD Commander setup, you answer several questions that help you complete the installation process. After setup begins, the software asks you for your NT installation disks, as Screen 1, page 214, shows. The software then prompts you to provide the first of these disks, as Screen 2, page 215, shows, so that setup can install ERD Commander on that disk.

After you finish the ERD Commander installation, you can boot the dead NT system with the modified ERD disks. The computer will display a DOS command-line window. This command-line interface is consistent with the wiint.sif file that ERD commander adds to disk 1 and disk 2 and reads

MsDosInitiated = 1
Floppyless = 1

You must purchase licenses for the number of machines you want to protect with ERD Commander. You can download a read-only version of ERD Commander from, or you can go to to purchase the product.

ERD Commander easily recovers NT installations that aren't functioning properly because of errant drivers or corrupt files. The program is a permanent part of my emergency repair kit.

Example Backup Batch Files
Several readers have asked me to demonstrate how to run a batch file to include open files when you back up your files in Windows NT. Let's look at stopping and restarting Exchange services so that you can perform a backup.

Listing 1, page 215, lists commands you can include in a batch file to shut down the services for Exchange. After you stop all the services and perform the backup, you restart the services you shut down using a command similar to

net start MSExchangeMSMI

You can include all the stopping and restarting information in a scheduled batch file that calls NT Backup.

I just purchased a 233MHz Dell Inspirion notebook with 64MB of RAM. My company is converting its network to Windows NT Workstation, and Dell doesn't support NT on the Inspirion. Any suggestions?

The Inspirion chipset is identical to the chipset on Dell's Latitude CP notebooks, which the company supports on NT. The only problem is the PC Card slots. Go to Dell's Web site (, and download the PC Card NT drivers for the Latitude CP notebooks. You'll be able to install NT on your laptop, but Dell won't provide you with NT support.

At the March 1998 Windows NT Magazine Professionals Conference in Orlando, you said that IBM's ADSTAR Distributed Storage Manager (ADSM) disk management and backup application is ideal for complex networking environments with backup and Hierarchical Storage Management (HSM) requirements. However, the April 1998 issue of Windows NT Magazine identified several shortcomings in the product. Can you resolve this discrepancy?

Backup and disk management are complex tasks in any networking environment. The Windows NT Magazine Lab report identifies difficulties in setting up ADSM and the fact that IBM doesn't ship all modules with the product (i.e., you must purchase certain modules separately). In addition, the article states that ADSM doesn't interleave data; however, ADSM is best suited for hard disk management in which interleaving is not a concern.

I based my comments at the Professionals Conference on the way ADSM can control any complex environment. ADSM functions best when you use it to copy files in increments to a hard disk and then back up the disk (known as a storage pool) to tape for storage and offsite backup. In addition, you can assign HSM rules to migrate unused files to slower storage. Remember, backup and HSM are nothing more than a set of rules you need to follow. As you increase the number of rules, you increase the difficulty in setting up the backup program. ADSM is no exception. ADSM is my top choice for an enterprise disk management and backup application.

My UNIX friends tell me Windows NT is not a true enterprise operating system (OS), and my Novell friends tell me NT is too cumbersome to use and requires too many reboots. Is NT ready for the enterprise?

I need to preface this response with some basic facts about NT. In an ideal situation, NT functions best when you distribute major tasks across the environment: Keep your memory-intensive applications (e.g., SQL Server and Exchange Server) on separate machines. The standard PC-bus architecture doesn't handle contentious I/O well (I hope this restriction will change soon).

You can argue that using multiple machines raises the cost of an NT network; however, the cost is far less than that of a comparable UNIX network. In regard to Novell, many users argue that NetWare is more stable than NT, but I've seen many Novell networks abend. NT's standard tools simplify remote management compared with NetWare. NT is seriously eroding Novell's network dominance.

To decide whether NT is ready for the enterprise, users have to come to a consensus about the meaning of enterprise. I'm amazed at the different definitions among computer users. Some users define enterprise on the basis of an organization's size. This definition ignores need. Many small companies depend on computer systems in the same way large companies do. To me, enterprise refers to a company with a computer network that is essential to the daily work and survival of the organization. With this definition in mind, I define three sizes of enterprise environment: small business (100 machines or fewer), midsized business (100 machines to 999 machines), and large and complex business (1000 machines or more, probably including a WAN).

In the small business arena, NT and the BackOffice applications are driving the market. Businesses can set up Internet access and email, and manage databases for a reasonable cost. Consultants can customize applications for specific needs and provide a stable NT network for their customers. Customers can set up Small Business Server (SBS) in an almost turnkey fashion. Historically, many small companies ran Novell NetWare 3.12 or earlier. The advent of Windows-based programs has challenged the efficiency of these Novell networks. NT is a logical next step that solves many of the problems associated with small-business computing, and SBS's setup doesn't require companies to support an onsite IS department.

NT is gaining ground in midsized business environments. NT and BackOffice easily supply the business-essential applications for moderate-sized organizations. In addition, most developers who traditionally wrote applications for UNIX are now targeting this market by writing software for NT. NT is also meeting midsized business computing needs as an Internet server and a file and print server. In networks with a few critical servers, NT is replacing NetWare at an increasing rate. In both the small and midsized business environments, NT can easily manage the tasks at hand.

The weakness most UNIX users identify in NT is its lack of scalability for large and complex environments. During the past 10 years, major software vendors, such as Oracle and SAP, have developed and perfected their applications on UNIX machines. This type of development is only starting to appear on PC-based NT systems. In addition, scalable NT clustering solutions are just coming into play.

Another criticism about NT is the infamous blue screen of death. NT crashes on occasion, and the results can be serious. However, as the NT environment continues to develop, such crashes will become less frequent. Many network environments have minimal difficulty with these types of interruptions.

The final problem many users identify with NT is that you have to consistently reboot the system. This problem is serious. In any environment running 24 * 7 applications, downtime is unacceptable. You can argue that Microsoft's client/server clustering solves this downtime, but you have to break the cluster to apply a service pack. In such a situation, you have to get past a vulnerable period during which the broken cluster might fail. Most large environments need scalability, redundancy, and mandatory uptime (in some networks, the annual downtime has to be less than 4 hours). In its current incarnation, NT is suspect in its ability to provide such uptime; however, if you carefully load balance and plan your network, NT provides a reasonable computing environment that you can easily maintain.

So, is NT ready for the enterprise? Yes, but you can't add NT in a haphazard manner to your computing environment. You must properly set up and care for NT to establish the rules of the environment. In such circumstances, NT functions well. As evidence, consider the increase in NT sales relative to other network environments (with the possible exception of high-end UNIX systems, which NT 5.0 might supplant).

I'm running Windows NT on my notebook. Recently, the mouse pointer disappeared. I tried to reinstall the mouse and even tried using different mouse drivers, but I can't get the pointer to reappear. What's going on?

I'm aware of this type of problem on old Gateway notebooks. The cure, at least for Gateway notebooks, is to remove all peripheral devices (including batteries and the hard disk) and let the CMOS lose its settings. When you put the system back together, it will rescan the hardware and detect the mouse. If you're using a newer system, ask the vendor for a firmware update.

How do I back up my standalone Windows NT system?

The easiest approach to backing up one NT system is to use a tape drive (I prefer SCSI-based tape systems). I recommend you use NT's resident backup program, NT Backup, which you access from Start, Programs, Administrative Tools, Backup. In addition, several third-party vendors make applications that let you back up your information to disk, but they can be expensive for an individual user.

Recovering from a crash is something you need to plan ahead for. The easiest recovery (after trying to use the Last Known Good command) is to install NT and perform a total system restore. You can even install NT to the same directory, and the restore will overwrite the previous installation.

My company recently sold one of its divisions, and I am merging that division's Windows NT domain into the new owners' NT domain. We use a Single Master Domain structure (with multiple resource domains), and I assume the new owners use the same configuration. How can I merge the two domains gracefully?

I'm not exactly sure what you mean by merging the domains, but you can't add the existing domain controllers to your existing Single Master Domain. All domain controllers must have the same primary security ID (SID), a requirement that limits your options for adding new domain controllers. Reinstalling NT is the only way you can incorporate the new domain controllers (unfortunately, you lose the entire user base). Several SID changing programs are available, but none let you synchronize domain controllers.

My company recently began deploying Windows NT Workstation 4.0 on Compaq DeskPro 4000 and 6000 PCs with SCSI hard disks and IDE CD-ROM drives. These PCs come with interrupt sharing on the PCI bus. At our local site, we successfully reconfigured the IDE CD-ROM drive from cable select to primary, and we reassigned the interrupts so that no sharing exists. However, our remote sites are constantly having problems with corrupt or erased user profiles and PCs crashing. I've heard that NT supports IDE cable select and PCI bus interrupt sharing. Can you shed any light on this situation?

With NT 4.0, I suspect that the PCI bus interrupt sharing is causing the problem. Your solution to reconfigure the IDE CD-ROM drives and reassign the interrupts seems logical to me. Furthermore, you aren't having the file corruption problems the other sites are having. I suggest you tell the other sites to bite the bullet and try your approach. (By the way, hardware problems are generally responsible for corrupt files and PC crashes.)

We have a Windows NT Server 4.0 machine in our office that provides Internet access for about 20 users. Lately, this machine has been locking up for no apparent reason. To shut down the machine, I have to press the power button (pressing Ctrl+Alt+Del does nothing) and wait a few seconds before restarting the computer. Occasionally, the system reboots and performs a check disk. Do you have any idea why this happens?

The fact that Ctrl+Alt+Del doesn't reboot the system means that you have a hardware lock and not a software lock. Several factors can contribute to this problem. I suspect the problem is memory related. Mismatched SIMMs can cause a hardware failure, which can be difficult to troubleshoot because the events at the time of failure are rarely the same. You might also have a problem with the bus on the motherboard. I have seen similar problems occur on inexpensive clones. Finally, you can investigate the video card and driver. Certain older video cards cause systems to lock in NT. Fixing this type of problem is difficult. You can try the process of elimination, but no magic elixir exists.

How do I defragment Windows NT's pagefile.sys file?

You need to delete the paging file, and then defragment the hard disk. When you re-create the paging file, it will be continuous. You can configure the latest version of Executive Software's Diskeeper software to defragment your hard disk on boot.

How can I maximize safety and minimize hassle while controlling viruses in my company's network?

Good question. I don't like terminate-and-stay-resident (TSR) antivirus programs and services that monitor everything you do. However, you can protect yourself from viruses without these tools.

To combat viruses, you need to know your enemy. No known viruses damage hardware: All viral infections are software related. You must run or execute a virus before it can cause an infection, and viruses in compressed files do nothing. Finally, viruses are ineffective on write-protected disks.

Given this information, you can disable booting from your 3.5" drive on your servers. Keep boot sector repair tools available in case you need them (for information about these tools, see "Ask Dr. Bob Your NT Questions," March 1998 and April 1998). You need to scan your systems often with an up-to-date third-party antivirus utility. If concept and related viruses are a problem, make your Word document template (i.e., read only. Don't dual boot your systems because you won't have the security of NTFS. Download the latest virus information files regularly, and use this information to protect your network.