Boswell's Q&A

Nothing Up My Sleeves

No tricks here: Readers recognize tools and services that have helped them do their jobs better.

Readers: We received nearly 40 replies to my request last week for you to submit your favorite admin tool. All of the submittals were fantastic. They included product descriptions and reasons why the tool was handy and/or nifty. More than 100 tools were submitted.

Here are most of the responses, edited:

Joel H.: DiskSpace Explorer http://www.east-tec.com shows disk usage using a pie chart, so you can track down why your 72GB of disk space is down to 20MB. You can easily click a drive/folder to see what the largest file or subfolder is. With it I've found built up log files, old virus definition files that Symantec didn't delete, old MP3s, etc. It also tells you how much space is wasted due to the drive cluster size and how your drive would look and how much space would be wasted with another cluster size or file system. I use an older version that was free, so I may be missing out on some bells and whistles.

Password Recovery XP http://www.actmon.com/password%2Drecovery shows saved passwords from Outlook Express, MSN, dial-up connections, so when a client types it in and forgot, but gets a new machine, you can get it off the old one without hassling to call the ISP or whomever. The trial download only shows the first three characters, but sometimes that's enough to jog their memory; otherwise, you can delete those three and do it again and again until you get the whole thing.

Brian K.: I cannot tell you how many times I have used TreeSize Pro http://www.jam-software.com/treesize/index.shtml to find out quickly who the offending user was that's taking up all the network storage. Recently, the CEO of a small business copied all his digital music and pictures to his My Documents folder. Well, that synched to the server and filled up the network drive. Since it's a small company the Exchange server used the same partition and, yes, Exchange puked. He instant messaged me while I was at another client and was able to remote in, install the software, and free up space to get Exchange running again in under five minutes.

James W.: Lumigent Log Explorer http://www.lumigent.com/products/le_sql.html gives me the ability to view a transaction log for any SQL Server Database in an easy to use GUI. With Log Explorer you can see all events on the database, such as permission changes, T-SQL statements, etc. Best feature: Ability to roll back deleted transactions from within the GUI yet leaving the database operational. I've had to use this feature a few times. It's great because I may have a user who might say "I didn't delete it; Joe Schmo did," but I have the user's name right here in Log Explorer.

Dameware Tool Suite http://www.dameware.com allows you to remotely control any machine over a network, do user administration and export and report on Active Directory.

IP Monitor http://www.ipmonitor.com is a network monitoring tool that we have running on our PCs all day. It's accessed via a browser. As soon as the system detects an outage, it notifies you via an audible alert and e-mail if needed.

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:[email protected]; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

Douglas K.: 2xExplorer http://www.netez.com/2xExplorer provides a useful side-by-side view of two folders, making drag and drop operations between them a snap. Flexible searching can be done on files in the directory: name, type, size, text, date/time, etc. Files and folders can be sorted in a variety of ways. Turning on mirror browsing and changing a directory on one panel automatically changes to the corresponding directory in the other panel. It quickly compares the two directories to tell which ones are identical. Press a key and the selection inverts (which would now be all the items not matching the other panel). Print a directory listing of the selected items to a simple text pad, allowing the list of files to be copied and saved for posterity, pasted into support trouble logs, distributed to other team members, etc. It can compare just the file details level (date/time, size) or examine a file's contents to determine if compared files are the same. Also includes a handy Notepad replacement, with edit or view option. The directory comparison features make many version-related troubleshooting steps significantly easier.

Anthony S.: There are many times when I need to make a quick fix to a workstation on the network but am not able to leave my desk to do it. GenSortium GenControl http://www.gensortium.com/products/gencontrol.html is an easy way to temporarily control that workstation and view its screen in real time. It temporarily installs VNC as a service with an exceptionally small footprint, then removes itself without a trace when you disconnect. What could be easier.

Winternals Bginfo http://www.winternals.com/bginfo creates a standardized workstation desktop wallpaper for all machines on my network. I can now identify each and every workstation by name, IP address and MAC address simply by glancing over the users shoulder. Makes identifying problem hardware much easier when you need to know exactly which computer you are dealing with.

Pete C.: Sysinternals PSTools http://www.sysinternals.com/ntw2k/utilities.shtml is a free suite that contains useful utilities like:

  • pskill—to kill processes even on remote machines
  • psexec—open a command shell on remote machines
  • psloggedon—show who is connected to a computer, or where someone is logged on

and a swagload more. These are command-line utilities, so they can be scripted and they stay in command history. I use psexec with netsh recently to remotely change default gateways on a lot of Windows 2000 servers without them skipping a beat.

ActiveState's free distribution of Perl http://www.activestate.com/Perl.plex is great, even if you don't know how to program in Perl. There are a number of resource kit tools and other available scripts out there on the Internet that make system administration so much easier. I've written scripts to collate and process event logs from numerous servers, make system-wide changes to .inf files, fix ASCII files that have been mistakenly ftp'd as binary, and much more.

I like Perl because it behaves nicely when making changes to the Registry and because of its cross-platform support. There is little or no change required to make scripts that work on Unix work on Windows (and visa versa).

Crimson Editor http://www.crimsoneditor.com is a free, fast text editor that does color coding for multiple syntax types (different programming languages, HTML, etc), keystroke recording for macros, line numbering, spell checking, and a column edit mode. You can even connect to remote FTP sites from within the program, and that's not all of its features.

Samurize http://www.samurize.com is a free advanced system monitoring and desktop enhancement engine. Create your own monitoring layouts and can include things like system information, weather reports, news headlines and more. Some of the monitoring desktop examples that are given are very slick.

I've lost count of the number of times I have used Offline NT Password & Registry Editor from Peter Nordahl http://home.eunet.no/~pnordahl/ntpasswd/ to reset lost administrator passwords and make registry edits for otherwise unbootable systems. A floppy disk and a CD version are permanently in my bag.

Knoppix http://www.knoppix.org isn't exactly a Windows tool. It's a bootable version of Linux. But it lets me get to files on hard drives that Windows fails to load, particularly when they are suffering physical failures. I recovered my entire Windows XP notebook hard drive by booting from a Knoppix CD and copying them to another (new) hard drive. Attempting to connect to the drive from any system using Windows would just result in long timeouts and the horrible clunking noise of physical drive failure, or attempt to run CHKDSK which just hastened the physical degradation. I use others but this will do for starters.

Jeffrey R.: NTRegmon and NTFilemon http://www.sysinternals.com have allowed me to get most legacy and some not so legacy software to run under restricted user accounts. Before I became a full-time trainer I worked in Local Government IT and had many pieces of specialty software that the ISV's answer was to give the user admin rights, which was unacceptable to our security policy. I was able to find what file directory and Registry keys the app was trying to write to, then I could adjust the permissions accordingly.

Ron K.: Most of my work includes data conversions from one place to somewhere else. SetACL http://setacl.sourceforge.net has features the CACLS does not include that come in handy in conversions. Mostly I use it to add ACLs for a new domain to all of the directories that users need to access. With that complete, the users can be moved between domains at whatever pace is desired. Then, when all users are moved, I run SetACL again to remove all references to the old domain before the trust is broken. This eliminates a lot of SID cleanup.

Stuart: Putty http://www.chiark.greenend.org.uk/~sgtatham/putty/ connects to telnet and SSH servers. It's fast and simple to use. The greatest compliment you can give a utility is to have it in your Path statement. This one has a permanent place in my Path.

D. S.: I work in desktop/network support in a large company. In my bag of tricks I need bootable CDs to run repair tools. I use Bart's Bootable CD Builder http://www.nu2.nu to build bootable CDs then load lots of utilities.

We had three major power surges within 15 minutes, resulting in many crashed PCs booting to blue screens. Easy Desk Software's RegRepair http://www.easydesksoftware.com/regrepair.htm fixed about 70 percent of them.

HDD Hard Drive Regenerator http://www.dposoft.net is s $60 and worth every penny. It restores bad sectors, if not for the life of the hard drive, at least long enough to do a backup.

Corey F.: ntsyslog http://ntsyslog.sourceforge.net is the best tool for administrators! Microsoft has made centralized logging a priority. I can write scripts to collect event logs but I either have to run them manually or schedule them to mine the data. No matter which route I take, I don't get real time monitoring of the logs like I get with ntsyslog.

Richard F.: PowerQuest Drive Image (now Norton Ghost) http://sea.symantec.com/content/product.cfm?productid=9

Executive Software Undelete 4.0 Server Edition http://www.executive.com/defrag/defrag.asp

Veritas Backup Exec 9.0 for Windows Servers http://www.veritas.com/Products/www?c=product&refId=57

VNC http://www.realvnc.com/download-free.html

LC5 (formerly l0phtcrack) http://www.atstake.com/products/lc/

Syslinux and the Linux password reset floppy disk files http://syslinux.zytor.com/

Paulo S.: I find MakeMeAdmin http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx very nifty when working on user workstations, where I need to perform tasks that require elevated privileges. MakeMeAdmin.cmd executes a neat little script that invokes RunAs twice, prompts for the local admin password, then your current account password.

At the same site you will find another useful tool called PrivBar, which highlights privileged from unprivileged apps.

Maurice F.: Spotlight on Active Directory combined with Spotlight on Windows
http://wm.quest.com/products/SpotlightAD/ give you a good first impression on how things are going in AD. It will report in colors if replication fails or is behind schedule. It gives an overview of your AD environment in one screen. It is also great for showing what you have to management, guests and new employees.

If we think there is a performance problem with a server, we use Spotlight on Windows to watch the server for a while to see where the bottleneck is. It has the same easy-to-interpret information display as the AD tool. Spotlight on Windows saved us a lot of money: Somebody wanted to replace a poorly performing server, which after some watching with Spotlight, we figured out the server was running short of memory. Also, it was easy to convince management of the problem because one screen dump told the story.

HP Systems Insight Manager
http://h18013.www1.hp.com/products/servers/management/hpsim/index.html will check your Compaq/HP servers using ping and SNMP. It gives you quick info on problems with your hardware, like disk failure and overheating. Every hardware part can be checked to see what's wrong. It'll check some software and will generate a trap if something goes wrong. It is also possible to push drivers to the servers which need them. And it's free, no licensing needed.

Both tools make it easy to do preventive an active maintenance, and warn you in time when something is wrong. It is always nice to tell a user you already are fixing a problem with a server then the user has to tell you a server has a problem.

Al D.: The DNS Stuff http://www.dnsstuff.com Web site has a collection of tools that let me query a domain name for DNS issues, perform WHOIS queries, DNS record lookups, access to spam/mail relay databases and many more functions.

WEP Key Generator http://www.warewolflabs.com/portfolio/programming/wepskg/wepskg.html makes it simple to generate complex WEP keys.

Mike S.: We use Dameware Remote Control http://www.dameware.com because we like the simple remote control. You can copy and paste with Dameware, plus it's faster than pcAnywhere and XP remote control.

We use Sam Spade http://www.samspade.org to resolve e-mail and network routing issues. It's also a great tool for research of a static IP or a New server name.

I use Angry IP http://www.angryziber.com/ipscan/ to acquire desktop systems info.

For large AD changes, I like features of Javelina's ADvantage http://www.javelinasoftware.com/advantage.html.

Neil B.: We manage approximately 100 servers and have ntsyslog
http://sourceforge.net/projects/ntsyslog/ installed on all of them. The package forwards the NT logfiles to a syslog server—in our case a Linux box which is so old it cannot support Windows 2000 or 2003.

A simple PERL script parses the file daily, looking for events of interest: failed logons, account lockouts, attempts to login in as administrator, etc. It has served us well in detecting malicious behavior.

Andrew P.: I'm sure that we are not the only shop that uses Dameware Tool Suite http://www.dameware.com, but I rarely read about it in the trade magazines or anywhere else. This tool makes managing our mixed NT 4.0/W2K/Windows 2003 environment much easier.

We use the Mini Remote-Control feature for remote console sessions to any of our 150 servers. We use the remote Event Log for diagnosing and troubleshooting server functions. The Services applet is faster and easier to use than the Computer Management feature that comes with the Windows client.

Throw in the Registry applet, Task Scheduler, and the remote Command Prompt and you have a winner. To top it all off, it is very reasonably priced, as it is licensed by user rather than machine.

It would be possible to do some of the remote admin that we do with other tools by culling together some Resource Kit tools and other freeware, but Dameware pulls it all together in a great GUI and with a no-headache, one-click agent deployment. You would be wise to include Dameware in your review of admin tools.

Bill S.: Everyone needs a tool for changing local account passwords on multiple computers: desktops or servers. Password Changer http://www.danish-company.com/dcwcm/page/{4D40EC77-0788-48E7-9FB6-B81A51F70CD2}.html does an accurate and selective job.

Ann Marie K.: Hyena http://www.systemtools.com/hyena/hyena_main.htm is the most indispensable tool I've ever come across. Unlike the Microsoft tools, where you have to go to multiple places for different tasks, Hyena combines them all into one easy to use interface. I use it so much that when my employer did not approve relicensing last year, I spent the bucks out of my own pocket! Now that's dedication to a tool!

Mark L.: I really like Source Edit http://www.brixoft.net for editing VBScript. It makes code much more readable for an administrator who does not code much. Source Edit is free.

Roger O.: If there is one application that truly makes my job easier and more effective, it's AutoIT http://www.HiddenSoft.com. It's a software distribution tool that is is easy to use and absolutely free! I can honestly tell you this software has saved me countless hours. I work for a state agency who receives a custom-built software package from the state. The installation cannot be deployed via GPO and therefore I was required to visit each machine (more than 80) to install the application each time it got updated. Each update would take more than half a day to install around the agency and these updates came as often as every two weeks.

Within a couple hours after downloading AutoIT, I was able to create a script that completely automated the installation. Once automated, I was able to incorporate the update script into my user logins as updates were released, saving me and my company many, many hours. Additionally, you can package custom scripts into EXE files for easy distribution.

You can use any editor to create the scripts. I've settled on Crimson Editor (also free), which interfaces easily with AutoIT.

Greg E.: I use Robocopy http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en all the time. For those that haven't used it, this Resource Kit utility copies files and folders with from one server from another while retaining the security settings. Many times I've moved the whole file server overnight without a care in the world. The simplicity of the tool is also great—anyone can use it.

Carlo F.: Nessus http://www.nessus.org is a great tool for testing public facing servers. Nessus has all sorts of plug-in for IIS, SMTP, SQL, Etc. It a nice security tool to make sure your outside servers are patched. You can have it up and running by running it from CD using Knoppix.
http://www.knoppix-std.org

James R.: MTRG (Multiple Traffic Router Grapher) http://people.ee.ethz.ch/~oetiker/webtools/mrtg/ is open source software that runs on Windows. It tracks data flow across my network and makes nice graphs for me. I love it because it is free and does the job in a simple way with no hassles.

TCPview http://www.sysinternals.com gives a graphical representation of all things TCP/IP on a Windows box. Great way to see what is connecting to the network services.

Pagedfrg http://www.sysinternals.com defrags all system files on bootup (planned or unscheduled). It gets files that the Windows defragger can't touch because they are in use.

BLAT http://www.blat.net/ is an open source program for sending e-mail from a command line. I use it in batch files to page my cell phone when certain error messages come up.

FileZilla for FTP http://filezilla.sourceforge.net/ is open source software for Windows that beats any other FTP client hands down.

SecureCRT for SSH connections http://www.vandyke.com/products/securecrt/ is not open source and it does cost money but it is great because it allows you to fully script commands (using VBscript) in the telnet window. I use it to get logs and set commands across a ton of devices in my network very quickly.

John L.: I work for a reseller, so I see a wide variety of unique situations. When you can't get logged into a machine, and you need admin rights, and the user doesn't know the local admin, I've found NT Password and Registry Editor
http://home.eunet.no/~pnordahl/ntpasswd/ invaluable. It's also nice when you have to smoke a Registry entry that keeps a machine from booting.

Knoppix with Clam AV http://www.knoppix.org is a Linux CD that's great for scanning a system without booting the operating system. It's also great for getting to data on a machine where the operating system or boot records are messed up.

Helix http://www.e-fense.com/helix/ is a Knoppix derivative that has some tools for recovering deleted data.

I also like Feather Linux http://featherlinux.berlios.de/, which fits on a business card sized CD.

WinHex http://www.x-ways.net/winhex/index-m.html is a hex editor with some nifty and easy-to-use features for recovering stuff.

Jason B.: You asked for reasonably priced tools, and "reasonably priced" is a relative term. I like the Winternals Admin Pak http://www.winternals.com even though it costs $699 (depending on license volume).

The Admin Pak has several utilities allowing us to boot up a server or workstation from a CD to read or write to the machine's NTFS partition. Can also make registry changes, reset local account passwords, monitor reads and writes to registry and disk, monitor TCP/IP sessions, and recover dead machines remotely across a network.

Fluffy the SMTP Guard Dog http://smtpfilter.sourceforge.net/ is a free perimeter-level mail gateway spam filter. It filters spam based on a few key but simple rules. Very effective IMO.

Event ID http://www.eventid.net is helpful in tracking down possible culprits for unknown event log errors in Windows.

Windows How To http://www.jsiinc.com provides a quick reference for common and obscure questions. Basically a "Tips and Tricks" reference.

Webtrends http://www.webtrends.com/ scours Web server logs and produces nice looking and useful statistic reports of Web traffic.

CalNet Active Directory Scripts http://calnetad.berkeley.edu/documentation/scripts/ can be used in the current form or modified to suit your personal needs to accomplish tasks on the network.

Microsoft User Profile Hive Cleanup (UPHClean)
http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&displaylang=en is useful with Citrix and Terminal Services. It gets rid of problems with user profiles not unloading. You are having profile unload problems if you experience slow logoff (with Saving Settings for most of the time while logging off), roaming profiles that do not reconcile, or the registry size limit is reached.

NTSEC utilities http://www.pedestalsoftware.com/products/ntsec/ can be used as stand alone or in a script to manipulate Windows permissions. Similar to CACLS, etc. but more powerful.

Curt S.: ADRecover http://www.sysinternals.com/ntw2k/source/misc.shtml is designed to retrieve a deleted user object in Active Directory. It allowed me to retrieve an object that controlled the MSCRM Security service on an production system. Critical updates were applied and this tool retrieved the missing object in 10 min.

Todd C.: Adcheck http://www.netiq.com/adcheck/001017adcheck.asp is a free and handy tool that I recommend to all AD administrators. It does a quick check on your domain controllers and AD. I'm an admin with DCs around the globe, Adcheck has proven very useful in supporting all those servers.

Kevin D.: MRTG (Multi-Router Traffic Grapher) http://people.ee.ethz.ch/~oetiker/webtools/mrtg generates easy-to-view graphs of our Windows servers. We can see at a glance the disk space, CPU utilization, network traffic, memory usage, paging space, and anything else that will help us "see" what the server is doing and has been doing. It is especially useful to keep historical data for capacity planning for servers, disk space and networks. Pretty much anything that can be shown numerically in SNMP can be charted in MRTG.

For example, we can see the growth of disk space at a glance for any server to know when to expand the drive, or maybe just clean it up. We can see from CPU utilization whether a server may be "hung up" on a process. We can see if someone is sending large amounts of data to a server from the network utilization.

War story: We have pagers that go off for various issues on our LAN, and once on a Saturday a pager went off at 5:00 a.m. to tell me that the disk space was nearly full on a certain volume of our file server. I immediately logged onto our MRTG web server and went to that server's page to find that it had been increasing steadily for the past eight hours and, at the rate the graph showed me, it would run out of space within the next half hour. I immediately suspected a runaway process on a client machine and was able to quickly find the client and stop the process.

If I didn't have MRTG, I would not have known how long the disk space was increasing, at what rate of increase, and would probably have thought I needed to expand the volume when it was not necessary.

Cathy H.: Hyena http://www.systemtools.com/hyena is the best tool I have ever used in 23 years as a system admin. It is reasonably priced for one or many admins, understands systems as sophisticated as AD and Exchange 2003, yet is useful for the small-site admin as well. Their support is excellent, as is the forum they maintain. I use it for managing users, domains, servers, writing simple macros to run against multiple servers, exporting information on anything from software installed on a server or servers, to changing the password of the admin account on 200 servers with one command.

Erik W.: Ultravnc http://www.ultravnc.com is a simple but fantastic Windows remote control program that is free. I have used it all through my company. It keeps getting better and better. Other VNC products have refresh issues but this tackles the problem very well. It can use windows security to limit access, remote control via a one exe client program (no install needed) or web page. I even run the client from with Citrix with few problems. You can setup a repeater if you need to setup only one hole through your Internet router/firewall.

The makers of the Fastpush http://www.darkage.co.uk/vnc/faq.htm batch file have sewn several utilities from around the Web to allow pushing remote control and/or changes to client PCs.

Switch Mapper
http://www.solarwinds.net/Tools/Engineer/Categories/Network_Discovery.htm is a cool utility that shows IP information about the ports on a switch. You can run it against your switch and find out what IP address is associated with which port; works with VLANs.

Tugzip http://www.tugzip.com/ is a free file compression utility that also can look into ISOs, and lets you use scripting to make automated backups.

Okay, Tech Support Alert http://www.techsupportalert.com isn't a tool. However, for those of us who operate on a very slim budget this newsletter has great program suggestions and tips. Most of the time the suggestions are unique and useful.

Henry R.: Internet Server Monitor http://www.websitearchitectures.com/products/eServMon/ allows an admin to be notified when a server goes down.

SQL Viewer for Databases http://www.websitearchitectures.com/products/sql/ uses a manual install process so it is only recommended for experienced programmers.

Brian F.: When trying to figure where all the free space on a server's hard drive has gone, we use TreeSize Professional http://www.jam-software.com/treesize/index.shtml. You simply right click on a drive, choose Treesize, and the program gives you a great report to quickly and easily track down what's taking up that space.

Our war story is that we kept running out of hard drive space on a file server. We kept looking in the usual suspect directories and got some users to delete some MP3s, but since this server also had thousands of other directories for our different departments it was nearly impossible to find what was taking up large chucks of space. We Googled and found TreeSize Pro. Within two minutes we found that deep within the directory structure someone had GBs of ISO CD images. We talked with the person and freed up about 75GB in about 30 mins. TreeSize rocks!

Eldad L.: I am the network manager in a company that prints lots of sensitive material. I use Security Explorer http://www.scriptlogic.com/eng/products/securityexplorer/main.asp to control permissions. The tool is reasonably priced and it makes my tasks much easier and faster. With this tool, I can grant permissions, revoke them and back them up or restore them. I can create reports on specific files and folders. It also gives security configuration options that do not exist in Windows.

Secure Copy is another tool from the same company. It's useful when you need to move a lot of shares and files to a new file server. It preserves the complete tree, share names, security, last access date or last modified. It can be run at a scheduled time.

We got a great script and a customized Access database tool that we'll be incorporating into the list within the next couple of weeksThanks to everyone who contributed.

comments powered by Disqus
Most   Popular