This document provides an overview of free tools for Windows desktop administration. It discusses tools for server and security such as Process Explorer for process monitoring, Memtest86 for memory testing, WSName for renaming computers, and KeePass for password management. Additionally, it covers file and disk tools like Diskeeper Disk Performance Analyzer for analyzing disk fragmentation, as well as network monitoring and troubleshooting tools such as the PSTools from Sysinternals for remote administration tasks. The document provides download links for all the tools discussed.

1. The Best Free Tools for Windows Desktop Administration(Yes! Right Here! Right Now!)(You Are in the Right Session!)(You Have Made an Excellent Choice!)Greg Shields, MVPPartner and Principal Technologistwww.ConcentratedTech.com

2. This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it within your own organization however you like.For more information on our company, including information on private classes and upcoming conference appearances, please visit our Web site, www.ConcentratedTech.com. For links to newly-posted decks, follow us on Twitter:@concentrateddon or @concentratdgregThis work is copyright ©Concentrated Technology, LLC

3. OverviewServer&SecurityFile&DiskNetworkMonitoring&Troubleshooting

4. AgendaTopicsPart I: Server & Security ToolsPart II: File & Disk ToolsPart III: Network Monitoring & TroubleshootingThe intent of this session is to dump on youas many FREE tips and toolthat I can in a short 75 minutes.

5. You May Applaud Now.I must warn you.You may have used some of these tools before.You may have seen some of these tools before.This Game Is Interactive!When you see a tool that’s saved your kiester, you must HOWL GRACIOUSLY.Conversely, when you see one that’s kickedyour kiester...…I want to know! 

6. So, Where am I Gonna’ Get all this Stuff?Process Explorer is freeware. Download from: http://www.sysinternals.com/Utilities/ProcessExplorer.htmlMemtest86 is shareware. Download it from: http://www.memtest86.com/WSName.exe is freeware (though the author begs you to click a few of his Google ads if you like it) and can be downloaded from: http://mystuff.clarke.co.nz/wsname.aspSystenance Index.dat Analyzer is freeware and can be downloaded from http://www.systenance.com/indexdat.php Although Diskeeper’s flagship products are not freeware, Diskeeper Disk Performance Analyzer is. You can get a copy of it from: http://downloads.diskeeper.com/DiskPerformanceAnalyzer.exeSafePasswd.com is an on-line resource accessible at www.safepasswd.com. KeePass is an open-source tool that can be downloaded from: http://www.keepass.info/LookInMyPC is advertising-driven, but freeware and can be downloaded from: http://www.lookinmypc.comNewSID is a freeware Sysinternals tool (man, they’ve got lots of tools…). Download NewSID at: http://www.microsoft.com/technet/sysinternals/utilities/NewSid.mspxPSTools are freeware. Download from: http://www.microsoft.com/technet/sysinternals/utilities/PsTools.mspxSetAcl is freeware. Download it from: http://setacl.sourceforge.netAccessEnum is a SysInternals tool and is freeware. Download it at: http://www.microsoft.com/technet/sysinternals/utilities/AccessEnum.mspxYou can access easyVMX from http://www.easyvmx.com/easyvmx.shtml.OpenFiler is an open source tool that can be downloaded from: http://www.openfiler.comWinSCP is a freeware tool and can be downloaded from: http://winscp.net/eng/download.phpWinDirStat or “Windows Directory Statistics” is a freeware tool and can be downloaded from: http://windirstat.info/DiskPart is part of the Windows Resource Kit.Daemon Tools appears to be freeware and available from: http://www.daemon-tools.ccJDiskReport is freeware. Download at: http://www.jgoodies.com/freeware/jdiskreport/

7. So, Where am I Gonna’ Get all this Stuff?Notepad++ supports 44 languages, including some other useful ones like shell, SQL, batch, KIXtart, and XML formats. It can be downloaded from: http://notepad-plus.sourceforge.netFPort is a freeware Foundstone tool that can be downloaded from: http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/fport.htmTCPView is freeware. Download it from Sysinternals at: http://www.microsoft.com/technet/sysinternals/utilities/TcpView.mspxSpiceWorks is ad-driven but freeware and can be downloaded from: http://www.spiceworks.comThe Dude is freeware, has potentially one of the best names of any tool in this session, and can be downloaded from: http://www.mikrotik.com/thedude.phpVisionapp is a freeware product and can be downloaded from: http://www.visionapp.comAngry IP Scanner is a freeware tool and can be downloaded from: http://www.angryziber.comWireshark is licensed as open source and can be downloaded from: http://www.ethereal.com/HowNetWorks is freeware available from the VMware site. As it runs in a VMware virtual machine, it requires a version of VMware installed to host the virtual machine. You can download it from: http://www.vmware.com/vmtn/appliances/M0n0wall can be downloaded either as a binary or as a pre-built VMware Appliance. Either are easy to set up and use, though the appliance is a little easier/faster. Download the binaries and documentation from: http://m0n0.chDownload the VMware appliance from: http://www.vmware.com/vmtn/appliances/Iometer http://www.iometer.org/Hyper-V Monitor Gadget http://mindre.net/post/Hyper-V-Monitor-Gadget-for-Windows-Sidebar.aspxEventSentry Light http://www.netikus.net/products_downloads.htmlSpecOps Software Gpupdate http://www.specopssoft.com/products/specopsgpupdate/ShellRunAs http://technet.microsoft.com/en-us/sysinternals/cc300361.aspxRecuva http://www.recuva.com/

8. Part I:Server & Security

9. Process ExplorerSysinternals.com toolExtensivelisting of processesCan use in place of Task ManagerLOTS of featuresIndividual performance graphs for each processSearch for files, handles, named pipes, etcTakes a little practice

10. Memory IssuesMemtest86Runs a thorough, stand-alone memory test for x86 architecture RAMCan build a bootable CD from an ISO imageAllow to test for at least one full pass of all 9 testsIf errors occur, try reseating or re-ordering RAM. If they still occur, replace.While Vista & Server 2008 have their own memory diagnostic tool built in, this works well for older O/S’s.Like XP, you crazy XP hold outs!

11. Rename en masseWSName.exeEasy to use tool to rename workstations, in Workgroups and in Domains!Rename remote machinesUse batch files or VBScript along with this tool to rename multiple machines or an entire network.Very handy for migrations. Vista aware, W7 soon.

12. oldCmp.exeAn ancient JoeWare tool that remains useful today!Command-line AD tool used to identify and remove stale computer accounts.Computer accounts reported on or removed based on last DS access.HTML reportsDHTML reportsCSV reports

13. ShellRunAsWindows Vista and Server 2008 no longer natively have the Run as… context menu item!Replaced with the Run as Administrator item.An omission that happens because of UAC.Lacking this, no way to run processes under alternate credentials.Get it back with ShellRunAs.GUI and command-line exposure

14. Diskeeper Disk Perf. AnalyzerIntended to drive you to Diskeeper’s for-cost defragmentation tools…but good for finding disk-based performance bottlenecks.Target multiple systems or entire network.Results show perf. loss reports based on fragmentation.

15. IOmeterDesigned to measure disk subsystem performance.With disk being a major bottleneck for many applications, provides an understanding of relative speed.

16. SafePasswd.comGenerates difficult to crack passwords.For users and administrators.Point your users to this web site when they complain.

17. KeePassHighly secured (AES & Twofish) password tool.Stores passwords in encrypted format, requires master password to unlock the contents.Can use master password plus separate encryption keyCopy/Paste toclipboard capabilitywith timed wipeNifty passwordgeneration toolsHide & unhidepasswords

18. Completely Disable UACUAC had great intentions, but let’s be honest – it is truly annoying.Not that I’m recommending you ever do this. But if you wanted to completely disable UAC, split tokens, virtualization, and all the other new security features…Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options | User Account ControlUser Account Control: Admin Approval Mode for the Built-in Administrator account (Disabled)User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode (Elevate without prompting)User Account Control: Detect application installations and prompt for elevation (Disabled)User Account Control: Only elevate executables that are signed and validated (Disabled)User Account Control: Run all administrators in Admin Approval Mode (Disabled)User Account Control: Switch to the secure desktop when prompting for elevation (Disabled)[This is under “other”] User Account Control: Only elevate UIAccess applications that are installed in secure locations (Disabled)

19. The RAID 1 UndoPersonally, my favorite little “trick”Most server-class equipment includes hardware RAIDHowever, most admins are used to RAID 5 for its expandabilityUse “The RAID 1 Undo” immediately prior to major software changes, like patching. Here’s the trick:Just before the patch, yank one of the drives.If the patch goes well after the reboot, reseat the drive and let the RAID rebuild.If the patch doesn’t go well, then power down the machine, pull the now “bad” drive and drop in the “good” drive.Once the system restarts, reseat the “bad” drive and let the RAID rebuild.

20. SpecOps GpupdateTool that augments ADUC with additional right-click functionality for managing computers.GpupdateRestartShut DownStart (via WOL)Immediatelyinstall WSUSupdatesGraphicalreporting

21. ExtremelyUseful!The PSToolsSysInternals Suite of ToolsShould be an important component of any administrator’s quiverUNIX-like toolsPsexec –Remote command executionPsfile –List files opened by remote systemsPsgetsid –Get computer or user SID’sPsinfo –Get local or remote computer informationPslist –List local or remote running processesPsloggedon – Lists logged on usersPsloglist – View local or remote Event LogsPspasswd – Change local or remote passwordsPsservice – Views/Modifies local or remote service configPsshutdown – Shutdown/Reboot local or remote machinesPssuspend – Suspend local or remote processes

22. PSExecEasily the most useful of all the PSToolsLaunch remote processes:Psexec \\<ComputerName> iexplore.exe http://www.hampsterdance.comStart remote command shell:Psexec \\<ComputerName> cmdVerify Terminal Server logged-on users:Psexec \\<ComputerName> quser

23. Hyper-V Monitor GadgetOnce Hyper-V is installed, it is challenging to determine the state of virtual machines from the server consoleThis sidebar gadget shows virtual machines and their statusEnables Turn Off | Shut Down | Save | Start functionalityCan monitor multiple serversreport on status, and RDP.Install to your managementVista workstation.

24. Part II:File & Disk

25. icaclsIcacls > xcacls.vbs > xcacls > caclsConfiguring perms at the command line is harder than you’d think.This is due to how Windows permissions themselves are now very complex.Icacls can configure DACLs, SACLs, and now Integrity LevelsMust set permission on (OI)(CI) for object and container.

26. icaclsIcacls C:\Shared /inheritance:r /grant:r “Domain Users”:(OI)(CI)R /grant:r “File Admins”:(OI)(CI)FIcacls C:\Shared\Finance /inheritance:r /grant:r “Finance Users”:(OI)(CI)R /grant:r “File Admins”:(OI)(CI)FIcacls C:\Shared\Finance\Budget /grant:r “Budget Users”:(OI)(CI)MIcacls C:\Shared\Finance\Metrics /grant:r “Metrics Users”:(OI)(CI)MIcacls C:\Shared\Marketing /inheritance:r /grant:r “Finance Users”:(OI)(CI)R /grant:r “File Admins”:(OI)(CI)FIcacls C:\Shared\Marketing\Product /grant:r “Product Users”:(OI)(CI)MIcacls C:\Shared\Marketing\Restricted /inheritance:r /grant:r “File Admins”:(OI)(CI)F /grant:r “Restricted Users”:(OI)(CI)M

27. Visual Tool for ACL’sAccessEnumVisual tool for seeing ACE’s in ACL’sGood at finding differing ACE’s in down level ACL’sUseful for locating long paths

28. RecuvaFreeware undelete programIdentifies files that have been deleted and can be restored. Does not need to be present when the file was deleted.Capable ofsearching medialike digitalcamera cards,etc.Shows recoverableand unrecoverablefiles.

29. OpenFilerLooking for a low-end iSCSI target for a file server?Useful for ESX datastores. Win2008 cluster support soon.OpenFiler “appliance” is configured via web interface.Can also be used as a NFS or NAS device.

30. StarWind iSCSI SAN SoftwareWindows-based iSCSI Target.Works with ESX and Hyper-V hostsFully Windows Failover Clustering capable(I like it better than OpenFiler…)

31. WinSCPTransferring files between UNIX/Linux and Windows machines is challenging from the command-line.Linux “smbclient” tool, but without all the command line nastiness.WinSCP is a graphical tool to do this.Like FTP, but with security.Also supportsSFTP.

32. WinDirStatGraphical representation of file sizes across the disk.Pac Man Rocks!Assists users/administrators with eliminating files.Odd looking at first, but the graphical view immediately draws the eye toproblem spots onthe disk drive.Easy to distributeto users to havethem do theirown cleanupactivities.

33. Daemon Tools / Virtual CloneDriveService for mounting ISO imagesResides in system tray and creates mounted drive lettersGenerates/uses software CD’s for virtual machinesCan emulate some forms of copy protectionDaemon Tools: Like CloneDrive, but with Malware!

34. Disk Usage ReportingJDiskReportJava-based tool that scans a file tree and reports statistics on use.Can scan large areas, but tends to crash with very large scansCan report on usage by extension, size, location.Pie charts, bar charts.Show your users how much space they’re wasting!

35. Notepad++Multiple-language markup and editing toolSupports VBScript among othersNumerous built-in text manipulation macrosNeat zooming, highlighting, and level collapsing features

36. Part III:Network Monitoring& Troubleshooting

37. FPortFoundstone tool for “enhanced netstat”Does a better job than netstat at mapping ports to processes, PID’s, and process paths

38. TcpviewGUI view of TCP/UDP connectionsShows opening and closing in different colorsNo service or permanent footprint

39. DSL Speed TestersOn-line speed testers, intended for DSL users can be helpful for any network connection.www.dslreports.com/ stestBe aware of firewalls and proxies

40. DSL Speed Testerswww.pingtest.netwww.speedtest.net

41. EventSentry LightVery basic Event Log, log file, and system health management across multiple machines.System health monitors for disk space, software installs/uninstalls, limited performance counters.Alerts and notifications through numerous mechanisms.Limited capabilities, designed to whet the appetite for the full version.

42. SpiceWorksSurprisingly full-featured multi-platform help desk/ management utility in a small 6M footprint.Ad-driven.Designed for the < 250 machine networks.Built-in help desk ticketing system.Built-in over-the-network automated inventory system.Built-in reporting system with canned and administrator-created reports with smartly-designed reports.Built-in remote control.Built-in SMS/email/alerting.Scanning can be resource intensive.

44. The DudeFreeware network scanning and mapping utility.Discovers numerous device typesEven found my printer!SNMP device enumeration/manipulation.Syslog, Alerting, Probing, the NMS gamut.

45. NetWrix AD Change ReporterReports changes to AD.Delivers reports with summary and detailed (before/after) information via email.Handy for maintaining compliance.Part of NetWrix family of products.

46. visionapp Remote DesktopCentral console for all Terminal Services connections.Create credential stores for auto-login.Central management of all your Windows serversNice screenauto-adjustmentfeature.

47. Angry IP ScannerSuper-fast tool for scanning IP and port ranges rangesCan identify any IP range for scanning.Utilities for showing target network info and opening/viewing remote computer.

48. RDP Port Trickery!Need to connect to your home network, but don’t want to expose RDP through your firewall?Reconfigure RDP to listen on a non-standard port!Outbound firewalls often don’t filter/scan non-80/443 TCP portsUse 444/tcp to bypass outbound filters

49. LogMeIn.comRemote access to any machine from any network.Requires the target machine to have functioning Internet access.One of a suite of remoting products (of increasing cost).

50. WiresharkPowerful and freeware protocol analyzerOpen sourceMany packet parsers for identifying trafficContinuously updated and very commonly used

51. HowNetWorksGraphical Ubuntu-based VMware-homed Ethereal wrapperMakes Ethereal much easier to useGroupings of flows, identities, and protocolsInteresting flows can be further packet-inspected in EtherealCaptures all incoming traffic. Must mirror port of interest to HowNetWorks virtual system.

52. m0n0wallGraphical VMware appliance software firewallVMware has capability of connecting machines in private networks, but no built-in firewall.m0n0wall is a small-signature, easy to setup firewall that can serve that purpose

53. The Best Free Tools for Windows Desktop Administration(Yes! Right Here! Right Now!)(You Are in the Right Session!)(You Have Made an Excellent Choice!)Greg Shields, MVPPartner and Principal Technologistwww.ConcentratedTech.com

54. This slide deck was used in one of our many conference presentations. We hope you enjoy it, and invite you to use it within your own organization however you like.For more information on our company, including information on private classes and upcoming conference appearances, please visit our Web site, www.ConcentratedTech.com. For links to newly-posted decks, follow us on Twitter:@concentrateddon or @concentratdgregThis work is copyright ©Concentrated Technology, LLC