Ottawa PC Users' Group (OPCUG)


   Copyright and Usage

   Privacy Policy

   Contact Us



by Chris Taylor

In April and May, I reviewed portions of the Winternals Administrator’s Pak 3.0 — ERD Commander, Remote Recover, and Disk Commander. This month, I wrap up the Admin Pak with reviews of NTFSDOS Pro and Monitoring Tools.

When NTFS was introduced by Microsoft back with Windows NT v3, many hailed it as a real breakthrough. Finally, we had a journaling file system that was far more robust than the old FAT file system. But with that robustness came a price. It was no longer possible to access a disk that was formatted as NTFS unless you were in Windows NT. 

That made for a real problem when it came to trouble-shooting. If you could not get Windows NT to boot, you could not get access to the file system to attempt to fix the problem. A real “catch-22”.

Well, the folks at Winternals came to the rescue with NTFSDOS. Currently at v4.02 in the “Pro” version, it permits you to access NTFS-formatted drives from MS-DOS. NTFSDOS Pro uses the existing NTFS drivers from Windows NT/2K/XP. Since it is Microsoft’s driver code being loaded, compatibility is assured. Very slick!

You must supply your own DOS boot disk and it must be at least DOS5. However, it is recommended that you use at least DOS7 — the version included with Windows 95 and 98 — as that is the first version to support long file names. As well, to set up an NTFSDOS boot disk, you need to have a working copy of NT, 2K, or XP somewhere, as it needs to make copies of some of the files.

A wizard walks you through the creation of a pair of diskettes. The instructions they provide might lead you to believe you can add NTFSDOS Pro to a bootable DOS disk. The problem is, once the disk is bootable, there is not enough remaining disk space to add the required files for NTFSDOS. Fortunately, it is easy enough to work around this problem. Just feed blank, formatted floppies to the wizard. Then, boot with a bootable DOS disk, swap out the disk for the disk containing NTFSDOS and load the program.

Once loaded, NTFSDOS will find all hard drive partitions and assign them drive letters. From there, you have complete read/write access to the NTFS partitions. You can replace corrupted files, edit configuration files, run anti-virus software, etc.

Also included is NTFSCHK, which is similar to CHKDSK included in NT, 2K, and XP. It allows you to boot from DOS and perform a standard repair process on an NTFS volume. Very nice.

The final portion of the Administrator Pak v3.0 is Monitoring Tools, which is actually a pair of programs—Filemon/EE and Regmon/EE. These are two terrific trouble-shooting programs designed to shed some light on what is going on under the hood. Filemon/EE monitors accesses to the file system and Regmon/EE monitors accesses to the registry.

More frequently that I would like, I have seen programs fail (most frequently installation programs) with obscure messages such as “file not found”. The problem is that they frequently give you no clue as to what file was not found. 

Filemon/EE, monitors all attempted file system accesses. It gives a time stamp, the process that was attempting the access, what type of request was attempted, the full path to the file being accessed, the result, and “Other”. Typically, this last bit of information gives you things like an offset into the file being accessed, attributes being set on a file, etc.

If you are having a problem with file access, you can start Filemon/EE and then run the problem program. Once you get the error, you can switch over to Filemon/EE and look for the error. Then you at least have a fighting chance of figuring out what went wrong and how to fix it. I will caution you, there is typically a huge amount of info you have presented to you. On my system, with about a dozen programs running, but (I thought) not doing much, I generated over 3,000 lines of information in Filemon/EE in under a minute!

Also be aware that, unless you are a programmer, it is highly unlikely you will really understand all the information presented. File system requests such as “fsctl_is_volume_mounted” are Greek to me. Fortunately, in most cases you are looking for more obvious problems, such as a failure of an “open” request.

Regmon/EE works the same way as Filemon/EE, but instead monitors registry accesses. The information it reports is the time stamp, the process attempting a registry access, what the request was (such as querying a key or setting a value), the path in the registry, the result, and “Other”. Typically, the “Other” column is used to detail values read or written.

Like Filemon/EE, Regmon/EE generates a lot of information. On my system, I had about 500 registry accesses in the first minute of operation. And again, like Filemon/EE, most of it was pretty Greek to me. But if you are trying to trouble-shoot a problem, it may jump out at you when you see, for example, a registry write being denied. Maybe someone tightened down security on registry keys more tightly than a particular application can deal with. 

Filemon/EE and Regmon/EE share many capabilities. First, the /EE portion of the name stands for “Enterprise Edition” and indicates that you can monitor a remote system over the network. You can also filter and highlight lines based on certain text. You can pause scrolling and capturing of data. You can print or save out the information to a file. And you can set the windows to be “always on top”.

Like most of Winternals programs, both Filemon/EE and Regmon/EE provide a wealth of information that generally will not help the true novice. But if you have any degree of skill at trouble-shooting, they provide you with that extra information you may need to understand what is going wrong.

All three programs in this review are available in more limited forms from the site. Sysinternals is run by the Winternal folks, but contains a wealth of free utilities. Among other things at the site, you can find NTFSDOS v3.02, Filemon v4.34, and Regmon v4.34

NTFSDOS works basically the same as NTFSDOS Pro, but in read-only mode. Filemon and Regmon are very similar to the “EE” versions but lack the ability to save to a log file as the data is generated and they can only access the local system, not other systems over the wire.

System Requirements

  • NTFSDOS Pro – a drive formatted with NTFS and a DOS bootable diskette (at least DOS5, DOS7 recommended)
  • Monitoring Tools – Windows 95 through Windows XP supported.

Bottom Line:

Administrator’s Pak v3.0 – US$699
NTFSDOS Pro v4.02 – US$299
Monitoring Tools – US$44
Winternals Software
Web site:

Originally published: June, 2002

top of page



Archived Reviews





The opinions expressed in these reviews
do not necessarily represent the views of the
Ottawa PC Users' Group or its members.