Best free tools for w d a


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Best free tools for w d a

  1. 1. The Best Free Tools for Windows Desktop Administration(Yes! Right Here! Right Now!)(You Are in the Right Session!)(You Have Made an Excellent Choice!)<br />Greg Shields, MVPPartner and Principal<br />
  2. 2. This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it within your own organization however you like.<br />For more information on our company, including information on private classes and upcoming conference appearances, please visit our Web site, <br />For links to newly-posted decks, follow us on Twitter:@concentrateddon or @concentratdgreg<br />This work is copyright ©Concentrated Technology, LLC<br />
  3. 3. Overview<br />Server&Security<br />File<br />&<br />Disk<br />NetworkMonitoring<br />&Troubleshooting<br />
  4. 4. Agenda<br />Topics<br />Part I: Server & Security Tools<br />Part II: File & Disk Tools<br />Part III: Network Monitoring & Troubleshooting<br />The intent of this session is to dump on youas many FREE tips and toolthat I can in a short 75 minutes.<br />
  5. 5. You May Applaud Now.<br />I must warn you.<br />You may have used some of these tools before.<br />You may have seen some of these tools before.<br />This Game Is Interactive!<br />When you see a tool that’s saved your kiester, you must HOWL GRACIOUSLY.<br />Conversely, when you see one that’s kickedyour kiester...<br />…I want to know! <br />
  6. 6. So, Where am I Gonna’ Get all this Stuff?<br />Process Explorer is freeware. Download from:<br />Memtest86 is shareware. Download it from:<br />WSName.exe is freeware (though the author begs you to click a few of his Google ads if you like it) and can be downloaded from:<br />Systenance Index.dat Analyzer is freeware and can be downloaded from <br />Although Diskeeper’s flagship products are not freeware, Diskeeper Disk Performance Analyzer is. You can get a copy of it from:<br /> is an on-line resource accessible at KeePass is an open-source tool that can be downloaded from:<br />LookInMyPC is advertising-driven, but freeware and can be downloaded from:<br />NewSID is a freeware Sysinternals tool (man, they’ve got lots of tools…). Download NewSID at:<br />PSTools are freeware. Download from:<br />SetAcl is freeware. Download it from:<br />AccessEnum is a SysInternals tool and is freeware. Download it at:<br />You can access easyVMX from<br />OpenFiler is an open source tool that can be downloaded from:<br />WinSCP is a freeware tool and can be downloaded from:<br />WinDirStat or “Windows Directory Statistics” is a freeware tool and can be downloaded from:<br />DiskPart is part of the Windows Resource Kit.<br />Daemon Tools appears to be freeware and available from:<br />JDiskReport is freeware. Download at:<br />
  7. 7. So, Where am I Gonna’ Get all this Stuff?<br />Notepad++ supports 44 languages, including some other useful ones like shell, SQL, batch, KIXtart, and XML formats. It can be downloaded from:<br />FPort is a freeware Foundstone tool that can be downloaded from:<br />TCPView is freeware. Download it from Sysinternals at:<br />SpiceWorks is ad-driven but freeware and can be downloaded from:<br />The Dude is freeware, has potentially one of the best names of any tool in this session, and can be downloaded from:<br />Visionapp is a freeware product and can be downloaded from:<br />Angry IP Scanner is a freeware tool and can be downloaded from:<br />Wireshark is licensed as open source and can be downloaded from:<br />HowNetWorks is freeware available from the VMware site. As it runs in a VMware virtual machine, it requires a version of VMware installed to host the virtual machine. You can download it from:<br />M0n0wall can be downloaded either as a binary or as a pre-built VMware Appliance. Either are easy to set up and use, though the appliance is a little easier/faster. Download the binaries and documentation from: http://m0n0.chDownload the VMware appliance from:<br />Iometer<br />Hyper-V Monitor Gadget<br />EventSentry Light<br />SpecOps Software Gpupdate<br />ShellRunAs<br />Recuva<br />
  8. 8. Part I:Server & Security<br />
  9. 9. Process Explorer<br /> tool<br />Extensivelisting of processes<br />Can use in place of Task Manager<br />LOTS of features<br />Individual performance graphs for each process<br />Search for files, handles, named pipes, etc<br />Takes a little practice<br />
  10. 10. Memory Issues<br />Memtest86<br />Runs a thorough, stand-alone memory test for x86 architecture RAM<br />Can build a bootable CD from an ISO image<br />Allow to test for at least one full pass of all 9 tests<br />If errors occur, try reseating or re-ordering RAM. If they still occur, replace.<br />While Vista & Server 2008 have their own memory diagnostic tool built in, this works well for older O/S’s.<br />Like XP, you crazy XP hold outs!<br />
  11. 11. Rename en masse<br />WSName.exe<br />Easy to use tool to rename workstations, in Workgroups and in Domains!<br />Rename remote machines<br />Use batch files or VBScript along with this tool to rename multiple machines or an entire network.<br />Very handy for migrations. Vista aware, W7 soon.<br />
  12. 12. oldCmp.exe<br />An ancient JoeWare tool that remains useful today!<br />Command-line AD tool used to identify and remove stale computer accounts.<br />Computer accounts reported on or removed based on last DS access.<br />HTML reports<br />DHTML reports<br />CSV reports<br />
  13. 13. ShellRunAs<br />Windows Vista and Server 2008 no longer natively have the Run as… context menu item!<br />Replaced with the Run as Administrator item.<br />An omission that happens because of UAC.<br />Lacking this, no way to run processes under alternate credentials.<br />Get it back with ShellRunAs.<br />GUI and command-line exposure<br />
  14. 14. Diskeeper Disk Perf. Analyzer<br />Intended to drive you to Diskeeper’s for-cost defragmentation tools<br />…but good for finding disk-based performance bottlenecks.<br />Target multiple systems or entire network.<br />Results show perf. loss reports based on fragmentation.<br />
  15. 15. IOmeter<br />Designed to measure disk subsystem performance.<br />With disk being a major bottleneck for many applications, provides an understanding of relative speed.<br />
  16. 16.<br />Generates difficult to crack passwords.<br />For users and administrators.<br />Point your users to this web site when they complain.<br />
  17. 17. KeePass<br />Highly secured (AES & Twofish) password tool.<br />Stores passwords in encrypted format, requires master password to unlock the contents.<br />Can use master password plus separate encryption key<br />Copy/Paste toclipboard capabilitywith timed wipe<br />Nifty passwordgeneration tools<br />Hide & unhidepasswords<br />
  18. 18. Completely Disable UAC<br />UAC had great intentions, but let’s be honest – it is truly annoying.<br />Not that I’m recommending you ever do this. But if you wanted to completely disable UAC, split tokens, virtualization, and all the other new security features…<br />Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options | User Account Control<br />User Account Control: Admin Approval Mode for the Built-in Administrator account (Disabled)<br />User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode (Elevate without prompting)<br />User Account Control: Detect application installations and prompt for elevation (Disabled)<br />User Account Control: Only elevate executables that are signed and validated (Disabled)<br />User Account Control: Run all administrators in Admin Approval Mode (Disabled)<br />User Account Control: Switch to the secure desktop when prompting for elevation (Disabled)<br />[This is under “other”] User Account Control: Only elevate UIAccess applications that are installed in secure locations (Disabled)<br />
  19. 19. The RAID 1 Undo<br />Personally, my favorite little “trick”<br />Most server-class equipment includes hardware RAID<br />However, most admins are used to RAID 5 for its expandability<br />Use “The RAID 1 Undo” immediately prior to major software changes, like patching. Here’s the trick:<br />Just before the patch, yank one of the drives.<br />If the patch goes well after the reboot, reseat the drive and let the RAID rebuild.<br />If the patch doesn’t go well, then power down the machine, pull the now “bad” drive and drop in the “good” drive.<br />Once the system restarts, reseat the “bad” drive and let the RAID rebuild.<br />
  20. 20. SpecOps Gpupdate<br />Tool that augments ADUC with additional right-click functionality for managing computers.<br />Gpupdate<br />Restart<br />Shut Down<br />Start (via WOL)<br />Immediatelyinstall WSUSupdates<br />Graphicalreporting<br />
  21. 21. Extremely<br />Useful!<br />The PSTools<br />SysInternals Suite of Tools<br />Should be an important component of any administrator’s quiver<br />UNIX-like tools<br />Psexec –Remote command execution<br />Psfile –List files opened by remote systems<br />Psgetsid –Get computer or user SID’s<br />Psinfo –Get local or remote computer information<br />Pslist –List local or remote running processes<br />Psloggedon – Lists logged on users<br />Psloglist – View local or remote Event Logs<br />Pspasswd – Change local or remote passwords<br />Psservice – Views/Modifies local or remote service config<br />Psshutdown – Shutdown/Reboot local or remote machines<br />Pssuspend – Suspend local or remote processes<br />
  22. 22. PSExec<br />Easily the most useful of all the PSTools<br />Launch remote processes:<br />Psexec <ComputerName> iexplore.exe<br />Start remote command shell:<br />Psexec <ComputerName> cmd<br />Verify Terminal Server logged-on users:<br />Psexec <ComputerName> quser<br />
  23. 23. Hyper-V Monitor Gadget<br />Once Hyper-V is installed, it is challenging to determine the state of virtual machines from the server console<br />This sidebar gadget shows virtual machines and their status<br />Enables Turn Off | Shut Down | Save | Start functionality<br />Can monitor multiple serversreport on status, and RDP.<br />Install to your managementVista workstation.<br />
  24. 24. Part II:File & Disk<br />
  25. 25. icacls<br />Icacls > xcacls.vbs > xcacls > cacls<br />Configuring perms at the command line is harder than you’d think.<br />This is due to how Windows permissions themselves are now very complex.<br />Icacls can configure DACLs, SACLs, and now Integrity Levels<br />Must set permission on (OI)(CI) for object and container.<br />
  26. 26. icacls<br />Icacls C:Shared /inheritance:r /grant:r “Domain Users”:(OI)(CI)R /grant:r “File Admins”:(OI)(CI)F<br />Icacls C:SharedFinance /inheritance:r /grant:r “Finance Users”:(OI)(CI)R /grant:r “File Admins”:(OI)(CI)F<br />Icacls C:SharedFinanceBudget /grant:r “Budget Users”:(OI)(CI)M<br />Icacls C:SharedFinanceMetrics /grant:r “Metrics Users”:(OI)(CI)M<br />Icacls C:SharedMarketing /inheritance:r /grant:r “Finance Users”:(OI)(CI)R /grant:r “File Admins”:(OI)(CI)F<br />Icacls C:SharedMarketingProduct /grant:r “Product Users”:(OI)(CI)M<br />Icacls C:SharedMarketingRestricted /inheritance:r /grant:r “File Admins”:(OI)(CI)F /grant:r “Restricted Users”:(OI)(CI)M<br />
  27. 27. Visual Tool for ACL’s<br />AccessEnum<br />Visual tool for seeing ACE’s in ACL’s<br />Good at finding differing ACE’s in down level ACL’s<br />Useful for locating long paths<br />
  28. 28. Recuva<br />Freeware undelete program<br />Identifies files that have been deleted and can be restored. Does not need to be present when the file was deleted.<br />Capable ofsearching medialike digitalcamera cards,etc.<br />Shows recoverableand unrecoverablefiles.<br />
  29. 29. OpenFiler<br />Looking for a low-end iSCSI target for a file server?<br />Useful for ESX datastores. Win2008 cluster support soon.<br />OpenFiler “appliance” is configured via web interface.<br />Can also be used as a NFS or NAS device.<br />
  30. 30. StarWind iSCSI SAN Software<br />Windows-based iSCSI Target.<br />Works with ESX and Hyper-V hosts<br />Fully Windows Failover Clustering capable<br />(I like it better than OpenFiler…)<br />
  31. 31. WinSCP<br />Transferring files between UNIX/Linux and Windows machines is challenging from the command-line.<br />Linux “smbclient” tool, but without all the command line nastiness.<br />WinSCP is a graphical tool to do this.<br />Like FTP, but with security.<br />Also supportsSFTP.<br />
  32. 32. WinDirStat<br />Graphical representation of file sizes across the disk.<br />Pac Man Rocks!<br />Assists users/administrators with eliminating files.<br />Odd looking at first, but the graphical view immediately draws the eye toproblem spots onthe disk drive.<br />Easy to distributeto users to havethem do theirown cleanupactivities.<br />
  33. 33. Daemon Tools / Virtual CloneDrive<br />Service for mounting ISO images<br />Resides in system tray and creates mounted drive letters<br />Generates/uses software CD’s for virtual machines<br />Can emulate some forms of copy protection<br />Daemon Tools: Like CloneDrive, but with Malware!<br />
  34. 34. Disk Usage Reporting<br />JDiskReport<br />Java-based tool that scans a file tree and reports statistics on use.<br />Can scan large areas, but tends to crash with very large scans<br />Can report on usage by extension, size, location.<br />Pie charts, bar charts.<br />Show your users how much space they’re wasting!<br />
  35. 35. Notepad++<br />Multiple-language markup and editing tool<br />Supports VBScript among others<br />Numerous built-in text manipulation macros<br />Neat zooming, highlighting, and level collapsing features<br />
  36. 36. Part III:Network Monitoring& Troubleshooting<br />
  37. 37. FPort<br />Foundstone tool for “enhanced netstat”<br />Does a better job than netstat at mapping ports to processes, PID’s, and process paths<br />
  38. 38. Tcpview<br />GUI view of TCP/UDP connections<br />Shows opening and closing in different colors<br />No service or permanent footprint<br />
  39. 39. DSL Speed Testers<br />On-line speed testers, intended for DSL users can be helpful for any network connection.<br /> stest<br />Be aware of firewalls and proxies<br />
  40. 40. DSL Speed Testers<br /><br /><br />
  41. 41. EventSentry Light<br />Very basic Event Log, log file, and system health management across multiple machines.<br />System health monitors for disk space, software installs/uninstalls, limited performance counters.<br />Alerts and notifications through numerous mechanisms.<br />Limited capabilities, designed to whet the appetite for the full version.<br />
  42. 42. SpiceWorks<br />Surprisingly full-featured multi-platform help desk/ management utility in a small 6M footprint.<br />Ad-driven.<br />Designed for the < 250 machine networks.<br />Built-in help desk ticketing system.<br />Built-in over-the-network automated inventory system.<br />Built-in reporting system with canned and administrator-created reports with smartly-designed reports.<br />Built-in remote control.<br />Built-in SMS/email/alerting.<br />Scanning can be resource intensive.<br />
  43. 43.
  44. 44. The Dude<br />Freeware network scanning and mapping utility.<br />Discovers numerous device types<br />Even found my printer!<br />SNMP device enumeration/manipulation.<br />Syslog, Alerting, Probing, the NMS gamut.<br />
  45. 45. NetWrix AD Change Reporter<br />Reports changes to AD.<br />Delivers reports with summary and detailed (before/after) information via email.<br />Handy for maintaining compliance.<br />Part of NetWrix family of products.<br />
  46. 46. visionapp Remote Desktop<br />Central console for all Terminal Services connections.<br />Create credential stores for auto-login.<br />Central management of all your Windows servers<br />Nice screenauto-adjustmentfeature.<br />
  47. 47. Angry IP Scanner<br />Super-fast tool for scanning IP and port ranges ranges<br />Can identify any IP range for scanning.<br />Utilities for showing target network info and opening/viewing remote computer.<br />
  48. 48. RDP Port Trickery!<br />Need to connect to your home network, but don’t want to expose RDP through your firewall?<br />Reconfigure RDP to listen on a non-standard port!<br />Outbound firewalls often don’t filter/scan non-80/443 TCP ports<br />Use 444/tcp to bypass outbound filters<br />
  49. 49.<br />Remote access to any machine from any network.<br />Requires the target machine to have functioning Internet access.<br />One of a suite of remoting products (of increasing cost).<br />
  50. 50. Wireshark<br />Powerful and freeware protocol analyzer<br />Open source<br />Many packet parsers for identifying traffic<br />Continuously updated and very commonly used<br />
  51. 51. HowNetWorks<br />Graphical Ubuntu-based VMware-homed Ethereal wrapper<br />Makes Ethereal much easier to use<br />Groupings of flows, identities, and protocols<br />Interesting flows can be further packet-inspected in Ethereal<br />Captures all incoming traffic. Must mirror port of interest to HowNetWorks virtual system.<br />
  52. 52. m0n0wall<br />Graphical VMware appliance software firewall<br />VMware has capability of connecting machines in private networks, but no built-in firewall.<br />m0n0wall is a small-signature, easy to setup firewall that can serve that purpose<br />
  53. 53. The Best Free Tools for Windows Desktop Administration(Yes! Right Here! Right Now!)(You Are in the Right Session!)(You Have Made an Excellent Choice!)<br />Greg Shields, MVPPartner and Principal<br />
  54. 54. This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it within your own organization however you like.<br />For more information on our company, including information on private classes and upcoming conference appearances, please visit our Web site, <br />For links to newly-posted decks, follow us on Twitter:@concentrateddon or @concentratdgreg<br />This work is copyright ©Concentrated Technology, LLC<br />