Microsoft Diagnostics and Recovery Toolset Overview

Microsoft Diagnostics and Recovery Toolset Overview Microsoft Diagnostics and Recovery Toolset (DaRT) provides a set of tools that help IT shift desktop repair planning from reactive to proactive, saving time and reducing the challenges associated with troubleshooting and repairing desktop system failures. This white paper offers an overview of DaRT: its benefits, its capabilities, and how to evaluate it.

DART OVERVIEW INTRODUCTION 1 Introduction A user frantically calls the Help desk. His PC keeps crashing, and your manager sends you to fix the problem. At the user s desk, you log on to the Windows operating system and use the troubleshooting tools available. You look in Event Viewer for clues, and you determine that the problem is a faulty device driver. You then use the Computer Management console to disable that driver. Windows includes many such tools to help you diagnose and fix problems. But what do you do if you cannot start Windows? Part of the Microsoft Desktop Optimization Pack (MDOP), illustrated below, DaRT helps IT: Easily recover PCs that have become unusable Rapidly diagnose probable causes of issues Quickly repair unbootable or locked-out systems

DART OVERVIEW INTRODUCTION 2 DaRT includes fourteen administrative, system and network tools for troubleshooting and desktop recovery, even when Windows Safe Mode or normal boot will not function. For example, recover deleted files or partitions with File Restore or reset lost or forgotten local passwords with Locksmith. Additionally, the DaRT Defender tool ensures that malware is not loaded into the computer s memory and cannot remain hidden by scanning the infected operating system while it is offline. The tools in DaRT provide a foundation for shifting desktop repair procedures from reactive to proactive. Organizations can develop recovery image deployment and support plans that best fit their IT staffing and infrastructure requirements. A proactive approach can help save time and reduce the challenges associated with troubleshooting and repairing system failures, while getting users back to productivity faster without compromising settings, preferences, or user data, as with reimaging. With a desktop repair plan in place, the simple image creation process, coupled with an easy to use tool menu, allows organizations to rapidly deploy, use, and benefit from DaRT. Deploying via bootable media such as CD, DVD, or USB is one of the fastest routes to deployment. However, depending on a company s infrastructure, deploying locally to end-user machines or via network boot servers may provide more long term benefit.

DART OVERVIEW WHAT S NEW IN DART 8 3 What s New in DaRT 8 DaRT 8 is the newest version of the toolset, and it is part of the MDOP 2012 release. It includes many new features that Table 1 describes. Table 1 New Features in DaRT 8 Support for new software and hardware platforms: A reimagined DaRT Recovery Image Wizard: Improved Windows PowerShell scripting: Support for Windows 8 and Windows Server 2012 Support for GUID Partition Tables (GPTs) Transparent Unified Extensible Firmware Interface (UEFI) machine boot integration Built on Windows PowerShell cmdlets Native support for USB media deployment Support for WIM and ISO image file formats Ability to create 32- and 64-bit images on a single PC Four new DaRT cmdlets Scripting DaRT recovery images is similar to scripting other imaging processes End-to-end scripting enabled by DISM cmdlets

DART OVERVIEW CREATING RECOVERY IMAGES 4 Creating Recovery Images You use the DaRT Recovery Image Wizard to create custom DaRT recovery images. These recovery images start Windows RE, from which you can start the DaRT tools. Microsoft reimagined the DaRT Recovery Image Wizard for DaRT 8. It is built on Windows PowerShell cmdlets, and it can generate scripts that you can use later to rebuild recovery images by using the same settings. It includes native support for USB media deployment, so you no longer have to use an external tool to create bootable USB drives. It also generates WIM images in addition to ISO files. You can more easily deploy recovery images by using your existing deployment infrastructure (see the section titled Deploying Recovery Images ). DaRT supports Windows 8 and Windows Server 2012. It has minimal hardware requirements, and both x86 and x64 versions are available. However, DaRT does not support cross-platform recovery images. Creating recovery images by using the DaRT Recovery Image Wizard is simple. On the Start screen, type DaRT and click DaRT Recovery Image to start the wizard. Table 2 on page 5 describes each page of the wizard.

DART OVERVIEW CREATING RECOVERY IMAGES 5 Table 2 DaRT Recovery Image Wizard Page Description The wizard bases DaRT recovery images on Windows RE, which Windows 8 and Windows Server 2012 provide. You must use x86 Windows to build 32-bit DaRT recovery images. Likewise, use x64 Windows to build 64-bit DaRT recovery images. You can create recovery images for both system types on a single PC, but you cannot create cross-platform recovery images (i.e., one image that works on both x86 and x64 system types). By default, the wizard enables all DaRT tools for the local user. However, you can disable some or all of the tools for the local user while allowing the Help desk full access to them. For example, you can make extremely powerful tools (e.g., Disk Wipe, Locksmith, and Registry Editor) unavailable to the local user.

DART OVERVIEW CREATING RECOVERY IMAGES 6 Using Remote Connection, the Help desk can connect to end users PCs by using the Remote Connection Viewer and use the DaRT tools to troubleshoot and repair their PCs. When you enable remote connections, you can also specify a port number and a welcome message. If you do not specify a port number, Remote Connection will assign a random port number. For more information about Remote Connection, see Using Remote Connection, later in this white paper. This page contains four tabs, each of which allows you to further customize and configure the DaRT recovery image: Drivers. Add device drivers that Windows 8 does not provide in the box. WinPE. Select optional Windows Preinstallation Environment (PE) components to include in the DaRT recovery image. Crash Analyzer. Add the Windows 8 Debugging Tools to the DaRT recovery image. Crash Analyzer relies on the Debugging Tools to analyze memory dump files. You can install them on the computer you are using to create the DaRT recovery image, thereby including them in the image, or you can install them on each PC that you repair. Microsoft recommends including the Debugging Tools in the DaRT recovery image. Download the Windows 8 Debugging Tools as part of the Windows Driver Kit 8.

DART OVERVIEW CREATING RECOVERY IMAGES 7 Defender. Microsoft recommends downloading the latest malware definitions from the Internet when you create the recovery image and also when you start Defender on Internet connected PCs. Specify a path and name for the image file. (The wizard will create a subfolder based on the x86 or x64 system type.) New for DaRT 8, the wizard can create WIM image files in addition to ISO files. You can also generate a Windows PowerShell script that will build a DaRT recovery image with the same configuration, and you can add or change files in the DaRT recovery image. When finished, the wizard displays the location where it created the DaRT recovery image and lists the files it created. You can also choose a recordable CD, DVD, or USB drive and click Create Bootable Media to create bootable media without using an external image burner, Windows 7 USB/DVD Download Tool, or other tool. Otherwise, you can deploy the ISO or WIM file using the methods that the section titled Deploying Recovery Images describes.

DART OVERVIEW EXPLORING THE DART TOOLS 8 Deploying Recovery Images Support staff would traditionally lug around a DaRT CD, DVD, or USB drive to use the DaRT recovery image. DaRT 8 offers many other deployment choices that are logistically simpler. The end-user and support experience improves greatly when the recovery image is always available locally or remotely. Based on Windows RE, the DaRT recovery image is simply a Windows PE image. As a result, you can generally deploy the DaRT recovery image using the same tools and techniques you use to deploy Windows RE or Windows PE boot images, including the following (see Table 3 on page 9 for a comparison): Local installation. By installing the DaRT recovery image locally, users can start it by using advanced startup options in Windows 8. You can deploy the DaRT recovery image locally by using Microsoft System Center 2012 Configuration Manager, the Microsoft Deployment Toolkit 2012 (MDT 2012), or any other electronic software distribution (ESD) tool. The process automates local installation of DaRT tools on each system by using Reagentc.exe so that DaRT is always available. Network boot. To network-boot the DaRT recovery image, deploy it by using Windows Deployment Services (Windows DS). Deployment via Windows DS can be the quickest and simplest way to make the DaRT recovery image available to connected users in production. This method can also make updating recovery images simpler because you store them centrally instead of locally on each PC. USB drives. DaRT 8 now offers native support in the DaRT Recovery Image Wizard for creating USB media. In previous versions, additional tools (e.g., the Windows 7 USB/DVD Download Tool) were required to install the DaRT recovery image on USB drives. Removable disks. Of course, DaRT has always supported burning the recovery image to CDs or DVDs. However, the new alternatives are far simpler and more convenient.

Portability Infrastructure Requirement Availability Centralized Updates Network Requirement Remote Support DART OVERVIEW EXPLORING THE DART TOOLS 9 Table 3 Deployment Choices for DaRT Recovery Images Deployment Method Manual Local Installation Automated Local Installation Window DS USB Drive CD or DVD =good, =better, =best After you start a PC by using media containing a DaRT recovery image, Windows RE asks a few simple questions to initialize the environment. These questions include whether to initialize network connectivity in the background by using DHCP (you can manually configure network connectivity later by using the TCP/IP Configuration tool); which language and keyboard you want to use; and whether you want to start Windows 8, troubleshoot the PC, or turn off the PC. To start the DaRT tools, click Troubleshoot, click Microsoft Diagnostics and Recovery Toolset (see Figure 1 on page10), and then choose the offline Windows installation that you want to troubleshoot. After DaRT starts, you will see the Diagnostics and Recovery Toolset window.

Figure 1 Troubleshoot screen DART OVERVIEW EXPLORING THE DART TOOLS 10

DART OVERVIEW EXPLORING THE DART TOOLS 11 Exploring the DaRT Tools Figure 2 shows the Diagnostics and Recovery Toolset window. From here, you can launch any of the individual tools that you made available in the DaRT recovery image. You can also use the Solution Wizard to choose the best tool, based on a brief interview. Click Help to see detailed instructions for using each tool. The following sections provide an overview of each tool. Figure 2 Diagnostics and Recovery Toolset Window

DART OVERVIEW EXPLORING THE DART TOOLS 12 Registry Editor You can use Registry Editor, which Figure 3 shows, to edit the registry of the offline Windows installation that you are troubleshooting. Tasks include adding, removing, and editing keys and values; and importing REG files. Registry Editor enables you to make registry edits that could help repair a system that will not boot. You can also use Registry Editor to edit values that the offline Windows installation locks while it is running. Figure 3 Registry Editor Notice in Figure 3 that HKEY_CURRENT_USER is missing. That is because a user did not log on to the installed operating system. Instead, Registry Editor populates HKEY_USERS with all the user hive files found in the target installation. Additionally, HKEY_LOCAL_MACHINE does not contain a HARDWARE registry key.

DART OVERVIEW EXPLORING THE DART TOOLS 13 Serious problems might occur if you modify the registry incorrectly by using Registry Editor. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that you can solve these problems. Modify the registry at your own risk.

DART OVERVIEW EXPLORING THE DART TOOLS 14 Locksmith The Locksmith Wizard (Figure 4) is a simple tool that allows you to set the password for any local account on the offline Windows installation that you are troubleshooting. You do not need to know the current password. However, the password you set must comply with any requirements that a local Group Policy Object (GPO) defines, including password length and complexity. Use this tool in the event that the password for a local account (e.g., the local Administrator account) is unknown. This tool cannot set passwords for domain accounts. Figure 4 Locksmith Wizard Crash Analyzer By using Crash Analyzer, you can quickly determine the cause of an issue by analyzing memory dump files on the offline Windows installation that you are troubleshooting. Based on this

DART OVERVIEW EXPLORING THE DART TOOLS 15 information, you can take corrective action. Crash Analyzer can eliminate much of the guesswork involved in diagnosing crashes. For example, if Crash Analyzer reports that a device driver called myfault.sys is the cause, as Figure 5 shows, you can disable the device driver by using the Services and Drivers item in Computer Management (see the Computer Management section). After discovering and disabling the faulty device driver, you can try to start the repaired Windows installation. Figure 5 Crash Analyzer Crash Analyzer requires the Windows 8 Debugging Tools. As described in the Creating Recovery Images section, you can include the Debugging Tools in the DaRT recovery image or you can install them on each PC that you are troubleshooting. Microsoft recommends that you include the tools in the DaRT recovery image. Otherwise, you must locate the Debugging Tools each time you use Crash Analyzer. In addition to the Debugging Tools, Crash Analyzer requires symbol files for the operating system that you are repairing. Symbol files map memory addresses to names, helping to provide

DART OVERVIEW EXPLORING THE DART TOOLS 16 meaningful information for troubleshooting. You download the symbol files when you use Crash Analyzer to troubleshoot a PC. (An Internet connection is required while troubleshooting.) Even if you plan to reimage the PC, running Crash Analyzer to determine the cause of the issue is a good idea. The image might have a bad driver that is causing intermittent problems in your environment, and Crash Analyzer can help you see these patterns and improve its stability. If you do not have access to symbols or the Debugging Tools on the PC that you are troubleshooting, you can copy the memory dump file to another PC and use the standalone version of Crash Analyzer to diagnose the issue. After installing DaRT on the PC, type Crash Analyzer on the Start screen, and click Crash Analyzer. File Restore In Windows, the Recycle Bin helps prevent users from permanently deleting files by mistake. However, users sometimes realize that they need a particular deleted file only after emptying the Recycle Bin. In other cases, files are too big to fit in the Recycle Bin, or an application deletes the files. File Restore can help restore such deleted files. Figure 6 on page 17 shows the File Restore user interface. First, you must find the file you want to restore. File Restore has filtering capabilities to help expedite this process. For instance, you can use a file mask to search for specific filename patterns. Additionally, you can limit results to a certain path, date range, or size range. File Restore can even find files in deleted directories. For each file that File Restore finds, it indicates whether recovery is likely or unlikely.

DART OVERVIEW EXPLORING THE DART TOOLS 17 Figure 6 File Restore File Restore is not limited to regular disk volumes. File Restore can find and restore files on lost volumes or on volumes that Windows BitLocker Drive Encryption protects. In the first case, File Restore can scan for and locate lost volumes, which you can then search for deleted files. In the second case, File Restore gives you the ability to unlock BitLocker-encrypted volumes by manually providing the recovery password or loading the recovery key from a file.

DART OVERVIEW EXPLORING THE DART TOOLS 18 Disk Commander By using Disk Commander, you can recover and repair disk partitions or volumes. As Figure 7 on page 19 shows, you can choose from the following recovery processes: Restore the Master Boot Record (MBR) or the header of the GUID Partition Table (GPT). This option repairs damaged boot code in the MBR on a disk or the header of the GPT, without affecting existing partition tables. Recover one or more lost volumes. This option scans a disk for lost volumes and allows you to recover them. Restore partition tables from Disk Commander backup. This option restores partition tables from a backup. Disk Commander gives you the opportunity to back up partition tables before making changes. Save partition tables to Disk Commander backup. This option backs up partition tables. The backup includes partition table entries and boot sectors for each partition. Microsoft recommends that you back up a disk before using Disk Commander to repair it. By using Disk Commander, you can potentially damage volumes and make them inaccessible. Additionally, changes to one volume can affect other volumes because volumes on a disk share a partition table. Disk Commander does not support recovering deleted BitLockerencrypted volumes.

Figure 7 Disk Commander DART OVERVIEW EXPLORING THE DART TOOLS 19

DART OVERVIEW EXPLORING THE DART TOOLS 20 Disk Wipe Many organizations simply format PCs hard disks when they donate, recycle, or discard them. However, just formatting the hard disk might not destroy sensitive company or personal data on that disk. As various news accounts have shown, malicious people can get their hands on PCs that companies discard and can recover sensitive data. Disk Wipe, which Figure 8 shows, can erase all data from a disk or volume. Two algorithms are available: You can use a single-pass overwrite or four-pass overwrite, the latter of which meets U.S. Department of Defense standards. After wiping a disk or volume, you cannot recover the data, so verify the size and label of a volume before erasing it. Figure 8 Disk Wipe

DART OVERVIEW EXPLORING THE DART TOOLS 21 Computer Management The Computer Management console that you see in Figure 9 on page 22 will be familiar to any IT professional. DaRT tailors the console for the purpose of diagnosing and repairing problems that can prevent the offline Windows installation from booting. The items in this console include the following: System Information. This item displays information about the system that you are repairing. Information includes the Windows version, registered owner and organization, the computer name as known by the installed operating system, and the computer name that DaRT randomly assigned to the system. Event Viewer. This item enables you to view the event logs of the offline Windows installation that you are troubleshooting. You can use Event Viewer to look for entries that can help you diagnose the problem. Autoruns. This item configures the programs that start automatically when the operating system starts. By using Autoruns, you can stop a program from starting automatically when you suspect that the program is preventing Windows from starting. Services and Drivers. This item manages the services and device drivers that start when the target Windows installation starts. For every service and device driver, you see an entry that indicates its startup type, a description, a display name, and so on. You can change the startup type to Boot, System, Automatic, Disabled, or Delayed Auto-start. If you have identified a service or device driver that is preventing the operating system from starting, you can disable it here. Disk Management. This item displays drive information, creates new partitions or volumes, and formats drives. Disk Management in DaRT is similar to Disk Management in Windows.

Figure 9 Computer Management DART OVERVIEW EXPLORING THE DART TOOLS 22

DART OVERVIEW EXPLORING THE DART TOOLS 23 Explorer Sometimes, before you attempt to repair or reimage a system, you need to salvage businesscritical information that the user stored on a local drive. In DaRT, you can use Explorer to browse the PC s file system and network shares. Because you can map drive letters to network shares, you can easily copy and move files from the system to the network for safekeeping or from the network to the system to restore them. Figure 10 shows Explorer. Figure 10 Explorer Solution Wizard DaRT has many tools, and figuring out which one to use can be confusing initially. The Solution Wizard (Figure 11 on page 24) asks you a series of questions and then recommends the best tool for the job, based on your answers. This wizard helps you determine which tool to use when

DART OVERVIEW EXPLORING THE DART TOOLS 24 you are not familiar with the tools in DaRT. After becoming familiar with DaRT, you are more likely to start the correct tool for each job, without the help of the Solution Wizard. Figure 11 Solution Wizard TCP/IP Configuration When you start the DaRT boot media, it obtains its TCP/IP configuration (IP address and DNS server) from DHCP by default. If DHCP is unavailable, you can manually configure TCP/IP by using the TCP/IP Configuration tool, which Figure 12 on page 25 shows. First, you choose a network adapter, and then you configure the IP address and DNS server for that adapter. Click Advanced to configure advanced TCP/IP settings.

Figure 12 TCP/IP Configuration DART OVERVIEW EXPLORING THE DART TOOLS 25

DART OVERVIEW EXPLORING THE DART TOOLS 26 Hotfix Uninstall The Hotfix Uninstall Wizard, which Figure 13 shows, can remove hotfixes or service packs from the offline Windows installation that you are troubleshooting. Use this tool when a hotfix or service pack is potentially preventing the operating system from starting. Microsoft recommends that you use this tool to uninstall only one hotfix at a time, even though the tool allows you to uninstall more than one at a time. Be aware that programs that you have installed or updated after installing the hotfix might not work correctly after you uninstall the hotfix. Figure 13 Hotfix Uninstall Wizard

DART OVERVIEW EXPLORING THE DART TOOLS 27 SFC Scan Use the System File Repair Wizard (Figure 14) to repair system files that are preventing the Windows installation from starting. The System File Repair Wizard can automatically repair system files that are corrupted or missing. Alternatively, the wizard can prompt you before performing any repairs. Figure 14 System File Repair Wizard File Search Before reimaging a PC, recovering files from the local hard disk is important particularly when the user might not have backed up or stored the files elsewhere. Although the Explorer tool can be helpful, File Search can help you find documents when you do not know the file path or when you need to search for general types of files across all the local hard disks. File Search

DART OVERVIEW EXPLORING THE DART TOOLS 28 (Figure 15) enables you to search the PC for files. You can search for specific filename patterns in specific paths. Additionally, you can limit results to a date range or size range. In recovery scenarios, when repairing the installed operating system is not possible, you can use File Search to find users documents and copy them from the PC. Figure 15 File Search Windows Defender Offline A good antivirus and anti-malware strategy is crucial to preventing malicious and other potentially unwanted software from negatively impacting your organization Although real-time scanner tools like Microsoft Forefront or Windows Intune Endpoint Protection are vital, today s ever-changing landscape requires many different tools to defend your environment. Malware that uses rootkits can mask itself from the running operating system. If a rootkitenabled virus or spyware makes its way to the system, most real-time scanning and removal

DART OVERVIEW EXPLORING THE DART TOOLS 29 tools can no longer see it or remove it. Because Windows Defender Offline scans while the installed operating system is offline, you can attack the rootkit without it hiding from you. Figure 16 shows Windows Defender Offline. It can help detect malware and unwanted software and alert you to security risks. When Windows Defender Offline detects malicious or unwanted software, it prompts you to remove, quarantine, or allow each item. Figure 16 Windows Defender Offline On Internet-connected PCs, Windows Defender Offline will automatically download the latest malware definitions. However, Microsoft recommends that you also download the definitions when you create the DaRT recovery image by using the DaRT Recovery Image Wizard. Doing so ensures that malware definitions are available when you are troubleshooting PCs without Internet connections even though they might be out of date.

DART OVERVIEW USING REMOTE CONNECTION 30 Using Remote Connection DaRT Remote Connection can help reduce the time and effort required to support end users. You can connect to client PCs and use the DaRT tools remotely without visiting users desks. You enable Remote Connection when you create recovery images by using the DaRT Recovery Image Wizard (see the section titled Creating Recovery Images, earlier in this white paper). When users require remote assistance, you talk them through starting the PC into DaRT. After starting DaRT, they click Remote Connection and confirm that they want to share the DaRT tools; then, as Figure 17 shows, Remote Connection displays a ticket number, IP address, and port number that the user gives to you. Figure 17 Remote Connection

DART OVERVIEW USING REMOTE CONNECTION 31 You then use the Remote Connection Viewer to connect to the DaRT tools remotely (Figure 18). To simplify the process and reduce the amount of handholding required to get Remote Connection started, you can optionally configure the DaRT recovery image to start Remote Connection automatically whenever users start their PCs with the recovery image. See the DaRT 8 Help for more information. Figure 18 Remote Connection Viewer You can also restrict local end-user access to the DaRT tools while retaining full access to them through the Remote Connection Viewer. Simply disable all of the tools on the Tool Selection page of the DaRT Recovery Image Wizard. This configuration only disables the tools for the local user. It does not hide them, and it does not disable the Remote Connection tool. When users start the DaRT tools, they see that all of the tools are unavailable except for Remote Connection. However, when you connect to the DaRT tools by using Remote Connection Viewer, you still have unrestricted access to the DaRT tools.

DART OVERVIEW CUSTOMIZING REMOTE CONNECTION 32 Customizing Remote Connection Without customization, using Remote Connection requires assistance. Additionally, its default configuration might not match your requirements (e.g., you might want to perform actions while the user is away). You can customize Remote Connection to support advanced options, though. The configuration file winpeshl.ini in \Windows\System32\ on the DaRT recovery image allows you to configure custom actions when DaRT starts. For example, you can launch the following applications: RemoteRecovery.exe nomessage. This initiates the Remote Connection and bypasses the confirmation dialog. Remote Connection continues as if the user had clicked Yes. WaitForConnection.exe. This prevents the script from continuing until either Remote Connection is not running or a valid connection is established with the user s PC. To customize Remote Connection, modify winpeshl.ini on the Create Image page of the DaRT Recovery Image Wizard. Listing 1 shows an example that starts Remote Connection and waits for the connection before starting Windows RE. Listing 1 Winpeshl.ini [LaunchApps] "%windir%\system32\netstart.exe -network -remount" "cmd /C start %windir%\system32\remoterecovery.exe -nomessage" "%windir%\system32\waitforconnection.exe" "%SYSTEMDRIVE%\sources\recovery\recenv.exe" When DaRT starts, it creates the file inv32.xml in \Windows\System32\ on the RAM disk. This file contains connection information: IP address, port, and ticket number. You can copy this file to a network share to trigger a Help desk workflow. For example, a custom program can check the network share for connection files, then create a support ticket or send email notifications.

DART OVERVIEW EVALUATING DART 33 Evaluating DaRT DaRT helps IT easily recover PCs that have become unusable, rapidly diagnose probable causes of issues, and quickly repair unbootable or locked-out systems, all without leaving their desks and much faster than the average time it takes to reimage the machine. DaRT allows administrators to shift desktop repair planning from reactive to proactive, saving time and reducing the challenges associated with troubleshooting and repairing system failures. With a plan in place, the simple image creation process, coupled with an easy to use tool menu, allows organizations to rapidly deploy, use, and benefit from the toolset. DaRT is part of the Microsoft Desktop Optimization Pack (MDOP), which is an add-on license available to Software Assurance customers. Begin your evaluation today: Download and evaluate DaRT as part of MDOP. MDOP is available to Volume Licensing customers, Microsoft Development Network (MSDN) subscribers, and Microsoft TechNet subscribers. See MDOP on Microsoft.com. To learn how DaRT and MDOP for Software Assurance can help you better troubleshoot and repair PCs, see http://go.microsoft.com/fwlink/?linkid=160297. See MDOP on TechNet. For technical information about DaRT and MDOP for Software Assurance, see http://www.microsoft.com/technet/mdop. This toolset enables us to restore clients instantly without rebuilding them saving up to six hours per instance. David Smith, Technical Support Center, UMC Health System