The following Document outlines what we believe are the top 20 Windows tools every System Administrator should know or be familiar with. Some will you most likely already know about, but we hope you'll find plenty of information here that you didn't know.
Everyone that deals with Windows in a system administrator capacity has to know about Task Manager. The nice thing is it keeps getting better with each new version of Windows.
2. 1. Task Manager – CPU and memory usage
Everyone that deals with Windows in a
system administrator capacity has to know
about Task Manager. The nice thing is it
keeps getting better with each new version
of Windows.
The screenshots below show Task Manager
from Windows 2008 R2. To make sure you
see everything, click the button (a check
box in older versions) in the lower left
corner.
3. 1. Task Manager – CPU and memory usage
The Processes tab is probably the most useful. Here you can see the
list of running processes, how much memory and CPU each process is
using, the user account the process is running under and more.
In addition, you can click View -> Select Columns… to show even
more information, such as the Session ID a process is in, the full path
to the executable, how much virtual memory the process has
allocated, and more. One stop system administrator goodness
But wait, there's more!
4. 1. Task Manager – CPU and memory usage
The Performance tab gives some nice
charts of CPU utilization. You can also see
total memory, kernel memory, etc.
A low amount of Free memory is not a bad
thing — it often means Windows is using
your RAM to cache parts of the hard disk,
thus speeding up many operations. If the
RAM is needed, the caches will give it back.
One of the best kept secrets, the Resource
Monitor, is also accessible from here.
5. 2. Resource monitor – high level disk I/O tracking
Have you ever been using a computer or server and noticed it get really
sluggish? Sometimes you can hear the disk thrashing and know that
some process is busier than you want it to be.
If you're lucky, you can
check Task Manager and sort
by CPU to see which process
is using a lot of CPU. But in
many cases, the offending
process is doing very little
with CPU because it's so
busy thrashing the disk.
Resource Monitor lets you
find the culprit.
6. 2. Resource monitor – high level disk I/O tracking
Start the Resource Monitor and click the Disk tab. Expand the
"Processes with Disk Activity" drop down. Sort the list by the "Total
(B/sec)" column to quickly see which process is so busy.
To further understand what is happening, you can expand the "Disk
Activity" drop down and sort that list by "Total (B/sec)".
Looking at the file names will sometimes give a hint about whether the
process is doing a backup, writing to a log file, or some other activity.
7. 3. Performance Monitor (aka Perfmon)
Performance Monitor is a real gem on Windows, and many IT folks
would benefit by becoming more comfortable with it. The operating
system publishes many useful stats here (active database connections,
active HTTP connections, CPU usage, time per disk read, network
usage, process memory, etc.)
In addition, other application
providers can also include
stats, and most (all?) of
Microsoft‘s major apps do,
like IIS, MS SQL Server and
Exchange.
8. 3. Performance Monitor (aka Perfmon)
When you first start perfmon.exe or perfmon.msc (they‘re the same),
it‘s not much to look at. Make sure to click the ―Performance Monitor‖
node, and then the green plus symbol to add counters to watch.
There are soooo many
counters that can be
monitored that this article
can't even begin to cover
them all. One thing that will
help though – when you‘re
looking at the list of
counters, check the ―Show
description‖ box at the
bottom left corner – this will
help you understand what
the selected counter does.
9. 3. Performance Monitor (aka Perfmon)
Also note that Perfmon can connect to other computers on your
network and display their counter values.
(Side note, there is a
compiled list of typical
counters to monitor for
Microsoft Exchange at:
http://www.poweradmin.com
/help/latestSMHelp.aspx?pag
e=howto_monitor_exchange.
aspx )
10. 4. Services
The Services applet
(services.msc — it‘s the gear
looking thingy in
Administrator Tools) is
where you can control the
service processes that are
running on Windows. Of
particular interest to IT
admins is the service‘s start
up type (usually automatic
or manual) and the Log On
As account.
11. 4. Services
'Recovery' is a cool under-used
feature. Right click a service and
go to Properties. Here you can tell
Windows what it should do if the
service stops unexpectedly
(crashes). Restarting the service
is often a good option.
12. 5. Event Log Viewer – system logs, errors and events
The Windows Event Log Viewer shows a wealth of information about
problems that might be happening on a server, including hardware
errors, server restarts and more.
The Application and System
logs are typically where you'll
find what you're looking for,
but there are more logs than
that on modern Windows. If
you have a blue screen, a
server hang, or an
application misbehaving, look
in the Event Log first.
13. 6. PsExec – start apps on remote computers
PsExec is not an app that comes with Windows, but it‘s a free utility
from Microsoft (originally from Sysinternals) that lets you start apps on
a remote computer.
In the simple example above,
PsExec was started locally, to
run ipconfig on a remote
computer (‗archive‘) to find
out what gateway it is using.
PsExec can be very handy in
many situations. If you need
a redistributable PsExec, take
a look at PAExec.
14. 7. Process Monitor - low level file I/O & registry spying
Another beauty from Microsoft (Sysinternals) is Process Monitor. From
the web page: Process Monitor is an advanced monitoring tool for
Windows that shows real-time file system, Registry and process/thread
activity.‖
The power is in the filtering –
you can have it show you
only registry access to a
particular key, or file I/O
operations taking place in a
specific folder, or from a
specific program. It‘s a great
help when something ought
to work but doesn‘t because
you can (for example) see
where a file or registry read
is failing.
15. 8. Task Scheduler
Unix has its cron, and Windows has Task Scheduler. (Well, Windows
also has ‗at‘, but that‘s another story). Task Scheduler can be found in
Administrator Tools, or started via taskschd.msc. From the screenshot,
you can see that various companies (Google and Adobe for example)
will create scheduled tasks so
their applications are launched
periodically for some
background processing.
Windows itself has many tasks
it uses. And of course, you can
easily create your own. One
simple example is to compress
and/or move log files. Or run a
periodic database cleanup
script. Or to check for updates.
Or ….
16. 9. Netstat – view network connections
Being familiar with netstat signals you‘re no mere hobbyist, but a
serious IT professional. Netstat shows the status of current network
connections – run it without any command line arguments and that‘s
what you‘ll see.
To see connections along with
the process that created them,
run netstat –b. To see current
connections as well as ports
that are listening for incoming
connections, run netstat –ab as
shown to the right:
Note that the process involved
with the port is shown below
the port information. So
mysqld is listening on port
3306, not 3389.
17. 10. Wireshark – view network packets
If you ever need to see network packets entering and leaving a
computer, look no further than Wireshark. This is a fantastic piece of
free software that will capture every packet, and even better, break
each one down into its appropriate protocol headers and content. Below
I‘ve clicked a packet for an HTTP 302
redirect message coming in from a
web server.
The documentation is great, and
once you get the hang of it, you
can spy on all of the applications
on your computer, see what
servers they are talking too, and
what information is being sent and
received.
18. 11. RegEdit – configure all the things!
Anyone that‘s been in IT for long surely must have taken a peek at their
registry. This is where most of the configuration data for most apps and
most of the operating system still lives, even in 2013.
One handy feature is you can
export and import branches of the
registry. BUT, do NOT do this if
you’re not absolutely sure
what you’re doing. This can
REALLY screw up your machine.
Also note, I‘ve not seen it
documented, but you can export
files that are bigger than what the
importer will read in (IIRC, the
importer will only read the first
64KB or so of a registry file).
19. 12. Server Monitoring
If you have more than one or two servers to keep track of, automate
the monitoring of those servers so you don‘t have to sit and babysit
them. There are many good products on the market, all of which will
monitor for low disk space, high CPU usage, event log errors, crashed
services and more. We're partial to PA Server Monitor, but GFI and
SolarWinds also make nice products.
If you like low-level control with
scripts and config files to spelunk
through, Nagios is a very popular
(and free) open source product
that is very well respected. Open
Source Server Monitor List tries to
collect all of the big names in open
source monitoring.
20. 13. Password Management
If you‘re in IT, it‘s very likely you have the keys to the kingdom, so to
speak. Please, oh please, don‘t store your passwords in a text file or
Excel spreadsheet. solutions you should consider.
And do make them long, with non-
alphanumeric characters thrown
in. This will help keep your systems
safe. But then you have passwords
that you can‘t remember. So you
need a password manager. KeePass
and LastPass are two excellent open
source
21. 14. Ping and tracert – simple connectivity test
Ping is a quick test to check and
see if:
• A connection to the target IP
address is possible
• How fast the connection is (in
milliseconds)
• How stable the connection is
(i.e. were packets dropped)
Simply run: ping.exe google.com
22. 14. Ping and tracert – simple connectivity test
A bit more interesting is tracert (trace route). This uses a bunch of
ping packets to detect each computer between you and the target
server, and lists how long each hop is. This can help diagnose where a
network link is down, or if there is possibly a routing problem.
Here you can see the route packets take from an example PC to
google.com:
There are some neat visual trace
route tools on the Internet that
display the different network hops
on a map. A quick Google search
will show you a list of them.
Be sure to run -? after both of the
commands above to see the
various command line options
that are also useful.
23. 15. Net.exe and SC.exe
Need to stop a service but don‘t want to launch services.msc, wait for
the service list to load, find the service, and press the stop button?
Net.exe to the rescue!
Services have a short "service name" and a more descriptive "display
name.‖ Either can be used with the net.exe command. If using the
display name (which usually contains spaces), enclose it in quotes. In
the example below I‘ve stopped and started the Windows Update
service.
Another handy command is the
sc.exe (Service Control) command
– it lets you install, remove, and
query services. Just run ―sc.exe
query‖ to get a quick list of all the
services on the computer and the
current status.
24. 16. Notepad++ – for viewing large log files
Opening a 100MB log file in Notepad is a pain. WordPad is slightly
quicker, but it can‘t open files that are currently being written to (as
many log files are). Notepad++ handles large files with ease.
One great feature is the ―Find All
in Current Document‖. In this
contrived example, we're looking
for all requests in an IIS log file
that came from 192.168.7.37.
Piece of cake – they‘re all shown
together. You can also mark
matching lines, etc. And did I
mention it can open huge files
without breaking a sweat? Huge
fan here!
25. 17. Remote Desktop
Remote Desktop apps are life savers when you need to look at a server
and don‘t want to walk into the server room. Windows Remote
Desktop app (aka RDP) is great.
There are RDP clients for Linux, OSX and even the iPhone (and
probably more than that). You might have known that you can
copy/paste text, URLs, etc. from the remote desktop to your
workstation and vice versa.
But did you know you can also copy/paste files as a simple form of
remote file copy? Very useful.
26. 18. Speedfan – server temperature display
There aren‘t many good ways to see a server‘s internal hardware
temperatures, even though most motherboards have built-in
temperature probes. SpeedFan is a great utility that can read those
probes and display them in a simple user interface. If you want to
access those temperatures from across the
network, use Power Admin‘s free SpeedFan
HTTP Agent app.
Please note: There are a few reports of
server blue screens with SpeedFan,
particularly on Dell hardware, so try it out
on a staging server before putting it on the
production server.
Which leads us to…
27. 19. Blue screen crash analysis
If you‘ve got a server crashing, there is a cool service by OSR where
you can upload the crash dump file and their system will do a quick
automated review of the crash dump and give you a starting point for
the cause of the crash (hopefully even showing the offending driver
that was involved).
How do you use their service?
Configure Windows to create a crash
dump of course!
Go to Start and right-click on My
Computer and choose Properties.
From there, choose the ―Advanced
System Settings‖ link. This will lead
you to the System Properties dialog
in the next slide:
28. 19. Blue screen crash analysis
The Settings button will show this dialog…
Choose the memory dump type (which controls
how much data is dumped). Depending how
much RAM you have, a Kernel memory dump
may be too large for the free OSR service. So
you may need to choose the Small Memory
dump option.
You can also see where the dump file will be
written, which in this case is
C:WindowsMEMORY.DMP. Often this will
already be configured and the MEMORY.DMP file
is out there waiting for you. NOTE: When
choosing a Kernel memory dump, you specify the
file to save to. When choosing a Small Memory
dump, you specify the folder where the dump will
be stored.
29. 19. Blue screen crash analysis
This .DMP file is what you zip and upload to the OSR page for analysis:
http://www.osronline.com/page.cfm?name=analyze
30. 20. That’s all!
Your suggestion here!
OK, we cheated, there are only 19! :)
What do you recommend for #20?
If you like this, please share us or leave your comments below!
Follow us @poweradmn
Circle us Google+
Visit our blog: http://www.poweradmin.com/blog?ref=slideshare