If ever you needed proof that you don't have to be a developer to be enthusiastic about software development, it could well be Edwin Brasch the president and CEO of Winternals Software. An entrepreneur by background, he was brought onboard by the founders, who wanted to turn their fledgling shareware and freeware outfit into a real company.

The result is one of a select group of companies able to delve into the darkest - or in this case, bluest - depths of an operating system, areas where even the system's developers don't care to tread. At the same time, it has hung onto its roots and still publishes a fair bit of freeware.

"It started with point solutions for administrators, such as freeware tools to write to NTFS partitions from DOS," says Brasch. He adds that it has evolved since, based on the realisation that Windows system administrators waste time every day on things they shouldn't have to worry about, such as rebuilding failed servers.

"Administrators spend 70 to 80 percent of their time on maintenance, when they should be spending it on doing new things," he says.

"The big challenge when a system goes down is to rebuild from scratch. It's usually a software issue. We found a way to keep the system in its dead state and rebuild or reboot it."

This technology enables you to boot a blue-screened machine from a CD and even repair it over the LAN, he says. It relies on a Windows PE (preinstallation environment) client licensed from Microsoft, and is sold as part of a diagnostic and recovery tools bundle called the Administrators Pak.

"Customers said that's great after-the-fact technology, but it'd be better if it could diagnose the problem too - it could be a corrupt file or a missing driver, but you need that basic knowledge to fix it," Brasch says. "So we put together an intelligent recovery solution, called Recovery Manager, that diagnoses the differences between the points when the system was working and not working.

Patch roll-back
"It usually takes less than 10 minutes to copy the changed files from a central location - 75 percent of blue-screens are the O/S or a service pack, not hardware or apps, so you just roll back the O/S. The demo we like to do is a patch roll-back from a half-deployment and reset."

It can be hard to explain where all this fits in the software ecosystem, he adds. Sure, it can intervene when patching or a service pack goes wrong, or help recover a damaged system, but it's system level, not application level.

"The problem is one of balancing security - installing the latest patches as soon as possible, and so on - with stability. We're the safety-net that says 'Deploy the patch'," Brasch says.

"It isn't deployment and it isn't backup. It's keeping systems running, and stopping them from going down. We also put together a comprehensive report on what happened - that gives you the tools to analyse it. The key though is the ability to get back up and running, then analyse the problem later."

Part of Winternals' success has been its ability to stay self-funded and avoid the venture capitalists in the seven years that he's been CEO, says Brasch. "That's enabled us to write software that's hard to do - VCs are only interested in growth," he explains. "We now have 70,000 paying customers, plus 30,000 downloads a day on Sysinternals [the company's freeware outlet]."

And the hard work is continuing, he says, with version 2.5 of Recovery Manager due at the end of this year.

"That will support bare-metal restore," he adds. "The next step after that is base-lining - keeping systems on spec. Then it's protection for Active Directory, Exchange, SQL Server, etc."

Looking forward, he says that one of the big trends that Windows admins need to track is how user rights are managed.

"The big challenge for Microsoft and its customers is technologies and apps that need administrator rights - a lot of the problems that occur are down to user rights," he explains. "So we are moving towards application rights management, which has now been dropped from Longhorn - it lets you deploy white-listed software but blocks other software, and also lets you run administrator-mode software on a non-admin system."