20 Windows Tools Every SysAdmin Should Know


Published on

The following Document outlines what we believe are the top 20 Windows tools every System Administrator should know or be familiar with. Some will you most likely already know about, but we hope you'll find plenty of information here that you didn't know.

Everyone that deals with Windows in a system administrator capacity has to know about Task Manager. The nice thing is it keeps getting better with each new version of Windows.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

20 Windows Tools Every SysAdmin Should Know

  1. 1. 20 Windows ToolsEvery SysAdmin Should Know
  2. 2. 1. Task Manager – CPU and memory usageEveryone that deals with Windows in asystem administrator capacity has to knowabout Task Manager. The nice thing is itkeeps getting better with each new versionof Windows.The screenshots below show Task Managerfrom Windows 2008 R2. To make sure yousee everything, click the button (a checkbox in older versions) in the lower leftcorner.
  3. 3. 1. Task Manager – CPU and memory usageThe Processes tab is probably the most useful. Here you can see thelist of running processes, how much memory and CPU each process isusing, the user account the process is running under and more.In addition, you can click View -> Select Columns… to show evenmore information, such as the Session ID a process is in, the full pathto the executable, how much virtual memory the process hasallocated, and more. One stop system administrator goodnessBut wait, theres more!
  4. 4. 1. Task Manager – CPU and memory usageThe Performance tab gives some nicecharts of CPU utilization. You can also seetotal memory, kernel memory, etc.A low amount of Free memory is not a badthing — it often means Windows is usingyour RAM to cache parts of the hard disk,thus speeding up many operations. If theRAM is needed, the caches will give it back.One of the best kept secrets, the ResourceMonitor, is also accessible from here.
  5. 5. 2. Resource monitor – high level disk I/O trackingHave you ever been using a computer or server and noticed it get reallysluggish? Sometimes you can hear the disk thrashing and know thatsome process is busier than you want it to be.If youre lucky, you cancheck Task Manager and sortby CPU to see which processis using a lot of CPU. But inmany cases, the offendingprocess is doing very littlewith CPU because its sobusy thrashing the disk.Resource Monitor lets youfind the culprit.
  6. 6. 2. Resource monitor – high level disk I/O trackingStart the Resource Monitor and click the Disk tab. Expand the"Processes with Disk Activity" drop down. Sort the list by the "Total(B/sec)" column to quickly see which process is so busy.To further understand what is happening, you can expand the "DiskActivity" drop down and sort that list by "Total (B/sec)".Looking at the file names will sometimes give a hint about whether theprocess is doing a backup, writing to a log file, or some other activity.
  7. 7. 3. Performance Monitor (aka Perfmon)Performance Monitor is a real gem on Windows, and many IT folkswould benefit by becoming more comfortable with it. The operatingsystem publishes many useful stats here (active database connections,active HTTP connections, CPU usage, time per disk read, networkusage, process memory, etc.)In addition, other applicationproviders can also includestats, and most (all?) ofMicrosoft‘s major apps do,like IIS, MS SQL Server andExchange.
  8. 8. 3. Performance Monitor (aka Perfmon)When you first start perfmon.exe or perfmon.msc (they‘re the same),it‘s not much to look at. Make sure to click the ―Performance Monitor‖node, and then the green plus symbol to add counters to watch.There are soooo manycounters that can bemonitored that this articlecant even begin to coverthem all. One thing that willhelp though – when you‘relooking at the list ofcounters, check the ―Showdescription‖ box at thebottom left corner – this willhelp you understand whatthe selected counter does.
  9. 9. 3. Performance Monitor (aka Perfmon)Also note that Perfmon can connect to other computers on yournetwork and display their counter values.(Side note, there is acompiled list of typicalcounters to monitor forMicrosoft Exchange at:http://www.poweradmin.com/help/latestSMHelp.aspx?page=howto_monitor_exchange.aspx )
  10. 10. 4. ServicesThe Services applet(services.msc — it‘s the gearlooking thingy inAdministrator Tools) iswhere you can control theservice processes that arerunning on Windows. Ofparticular interest to ITadmins is the service‘s startup type (usually automaticor manual) and the Log OnAs account.
  11. 11. 4. ServicesRecovery is a cool under-usedfeature. Right click a service andgo to Properties. Here you can tellWindows what it should do if theservice stops unexpectedly(crashes). Restarting the serviceis often a good option.
  12. 12. 5. Event Log Viewer – system logs, errors and eventsThe Windows Event Log Viewer shows a wealth of information aboutproblems that might be happening on a server, including hardwareerrors, server restarts and more.The Application and Systemlogs are typically where youllfind what youre looking for,but there are more logs thanthat on modern Windows. Ifyou have a blue screen, aserver hang, or anapplication misbehaving, lookin the Event Log first.
  13. 13. 6. PsExec – start apps on remote computersPsExec is not an app that comes with Windows, but it‘s a free utilityfrom Microsoft (originally from Sysinternals) that lets you start apps ona remote computer.In the simple example above,PsExec was started locally, torun ipconfig on a remotecomputer (‗archive‘) to findout what gateway it is using.PsExec can be very handy inmany situations. If you needa redistributable PsExec, takea look at PAExec.
  14. 14. 7. Process Monitor - low level file I/O & registry spyingAnother beauty from Microsoft (Sysinternals) is Process Monitor. Fromthe web page: Process Monitor is an advanced monitoring tool forWindows that shows real-time file system, Registry and process/threadactivity.‖The power is in the filtering –you can have it show youonly registry access to aparticular key, or file I/Ooperations taking place in aspecific folder, or from aspecific program. It‘s a greathelp when something oughtto work but doesn‘t becauseyou can (for example) seewhere a file or registry readis failing.
  15. 15. 8. Task SchedulerUnix has its cron, and Windows has Task Scheduler. (Well, Windowsalso has ‗at‘, but that‘s another story). Task Scheduler can be found inAdministrator Tools, or started via taskschd.msc. From the screenshot,you can see that various companies (Google and Adobe for example)will create scheduled tasks sotheir applications are launchedperiodically for somebackground processing.Windows itself has many tasksit uses. And of course, you caneasily create your own. Onesimple example is to compressand/or move log files. Or run aperiodic database cleanupscript. Or to check for updates.Or ….
  16. 16. 9. Netstat – view network connectionsBeing familiar with netstat signals you‘re no mere hobbyist, but aserious IT professional. Netstat shows the status of current networkconnections – run it without any command line arguments and that‘swhat you‘ll see.To see connections along withthe process that created them,run netstat –b. To see currentconnections as well as portsthat are listening for incomingconnections, run netstat –ab asshown to the right:Note that the process involvedwith the port is shown belowthe port information. Somysqld is listening on port3306, not 3389.
  17. 17. 10. Wireshark – view network packetsIf you ever need to see network packets entering and leaving acomputer, look no further than Wireshark. This is a fantastic piece offree software that will capture every packet, and even better, breakeach one down into its appropriate protocol headers and content. BelowI‘ve clicked a packet for an HTTP 302redirect message coming in from aweb server.The documentation is great, andonce you get the hang of it, youcan spy on all of the applicationson your computer, see whatservers they are talking too, andwhat information is being sent andreceived.
  18. 18. 11. RegEdit – configure all the things!Anyone that‘s been in IT for long surely must have taken a peek at theirregistry. This is where most of the configuration data for most apps andmost of the operating system still lives, even in 2013.One handy feature is you canexport and import branches of theregistry. BUT, do NOT do this ifyou’re not absolutely surewhat you’re doing. This canREALLY screw up your machine.Also note, I‘ve not seen itdocumented, but you can exportfiles that are bigger than what theimporter will read in (IIRC, theimporter will only read the first64KB or so of a registry file).
  19. 19. 12. Server MonitoringIf you have more than one or two servers to keep track of, automatethe monitoring of those servers so you don‘t have to sit and babysitthem. There are many good products on the market, all of which willmonitor for low disk space, high CPU usage, event log errors, crashedservices and more. Were partial to PA Server Monitor, but GFI andSolarWinds also make nice products.If you like low-level control withscripts and config files to spelunkthrough, Nagios is a very popular(and free) open source productthat is very well respected. OpenSource Server Monitor List tries tocollect all of the big names in opensource monitoring.
  20. 20. 13. Password ManagementIf you‘re in IT, it‘s very likely you have the keys to the kingdom, so tospeak. Please, oh please, don‘t store your passwords in a text file orExcel spreadsheet. solutions you should consider.And do make them long, with non-alphanumeric characters thrownin. This will help keep your systemssafe. But then you have passwordsthat you can‘t remember. So youneed a password manager. KeePassand LastPass are two excellent opensource
  21. 21. 14. Ping and tracert – simple connectivity testPing is a quick test to check andsee if:• A connection to the target IPaddress is possible• How fast the connection is (inmilliseconds)• How stable the connection is(i.e. were packets dropped)Simply run: ping.exe google.com
  22. 22. 14. Ping and tracert – simple connectivity testA bit more interesting is tracert (trace route). This uses a bunch ofping packets to detect each computer between you and the targetserver, and lists how long each hop is. This can help diagnose where anetwork link is down, or if there is possibly a routing problem.Here you can see the route packets take from an example PC togoogle.com:There are some neat visual traceroute tools on the Internet thatdisplay the different network hopson a map. A quick Google searchwill show you a list of them.Be sure to run -? after both of thecommands above to see thevarious command line optionsthat are also useful.
  23. 23. 15. Net.exe and SC.exeNeed to stop a service but don‘t want to launch services.msc, wait forthe service list to load, find the service, and press the stop button?Net.exe to the rescue!Services have a short "service name" and a more descriptive "displayname.‖ Either can be used with the net.exe command. If using thedisplay name (which usually contains spaces), enclose it in quotes. Inthe example below I‘ve stopped and started the Windows Updateservice.Another handy command is thesc.exe (Service Control) command– it lets you install, remove, andquery services. Just run ―sc.exequery‖ to get a quick list of all theservices on the computer and thecurrent status.
  24. 24. 16. Notepad++ – for viewing large log filesOpening a 100MB log file in Notepad is a pain. WordPad is slightlyquicker, but it can‘t open files that are currently being written to (asmany log files are). Notepad++ handles large files with ease.One great feature is the ―Find Allin Current Document‖. In thiscontrived example, were lookingfor all requests in an IIS log filethat came from of cake – they‘re all showntogether. You can also markmatching lines, etc. And did Imention it can open huge fileswithout breaking a sweat? Hugefan here!
  25. 25. 17. Remote DesktopRemote Desktop apps are life savers when you need to look at a serverand don‘t want to walk into the server room. Windows RemoteDesktop app (aka RDP) is great.There are RDP clients for Linux, OSX and even the iPhone (andprobably more than that). You might have known that you cancopy/paste text, URLs, etc. from the remote desktop to yourworkstation and vice versa.But did you know you can also copy/paste files as a simple form ofremote file copy? Very useful.
  26. 26. 18. Speedfan – server temperature displayThere aren‘t many good ways to see a server‘s internal hardwaretemperatures, even though most motherboards have built-intemperature probes. SpeedFan is a great utility that can read thoseprobes and display them in a simple user interface. If you want toaccess those temperatures from across thenetwork, use Power Admin‘s free SpeedFanHTTP Agent app.Please note: There are a few reports ofserver blue screens with SpeedFan,particularly on Dell hardware, so try it outon a staging server before putting it on theproduction server.Which leads us to…
  27. 27. 19. Blue screen crash analysisIf you‘ve got a server crashing, there is a cool service by OSR whereyou can upload the crash dump file and their system will do a quickautomated review of the crash dump and give you a starting point forthe cause of the crash (hopefully even showing the offending driverthat was involved).How do you use their service?Configure Windows to create a crashdump of course!Go to Start and right-click on MyComputer and choose Properties.From there, choose the ―AdvancedSystem Settings‖ link. This will leadyou to the System Properties dialogin the next slide:
  28. 28. 19. Blue screen crash analysisThe Settings button will show this dialog…Choose the memory dump type (which controlshow much data is dumped). Depending howmuch RAM you have, a Kernel memory dumpmay be too large for the free OSR service. Soyou may need to choose the Small Memorydump option.You can also see where the dump file will bewritten, which in this case isC:WindowsMEMORY.DMP. Often this willalready be configured and the MEMORY.DMP fileis out there waiting for you. NOTE: Whenchoosing a Kernel memory dump, you specify thefile to save to. When choosing a Small Memorydump, you specify the folder where the dump willbe stored.
  29. 29. 19. Blue screen crash analysisThis .DMP file is what you zip and upload to the OSR page for analysis:http://www.osronline.com/page.cfm?name=analyze
  30. 30. 20. That’s all!Your suggestion here!OK, we cheated, there are only 19! :)What do you recommend for #20?If you like this, please share us or leave your comments below!Follow us @poweradmnCircle us Google+Visit our blog: http://www.poweradmin.com/blog?ref=slideshare