Boswell's Q&A
Nothing Up My Sleeves
No tricks here: Readers recognize tools and services that have helped them do their jobs better.
- By Bill Boswell
- 01/25/2005
Readers: We received nearly 40 replies to
my
request last week for you to submit your favorite admin tool.
All of the submittals were fantastic. They included product descriptions
and reasons why the tool was handy and/or nifty. More than 100 tools were
submitted.
Here are most of the responses, edited:
Joel H.: DiskSpace Explorer http://www.east-tec.com
shows disk usage using a pie chart, so you can track down why your 72GB
of disk space is down to 20MB. You can easily click a drive/folder to
see what the largest file or subfolder is. With it I've found built up
log files, old virus definition files that Symantec didn't delete, old
MP3s, etc. It also tells you how much space is wasted due to the drive
cluster size and how your drive would look and how much space would be
wasted with another cluster size or file system. I use an older version
that was free, so I may be missing out on some bells and whistles.
Password Recovery XP http://www.actmon.com/password%2Drecovery
shows saved passwords from Outlook Express, MSN, dial-up connections,
so when a client types it in and forgot, but gets a new machine, you can
get it off the old one without hassling to call the ISP or whomever. The
trial download only shows the first three characters, but sometimes that's
enough to jog their memory; otherwise, you can delete those three and
do it again and again until you get the whole thing.
Brian K.: I cannot tell you how many times I have used TreeSize
Pro http://www.jam-software.com/treesize/index.shtml
to find out quickly who the offending user was that's taking up all the
network storage. Recently, the CEO of a small business copied all his
digital music and pictures to his My Documents folder. Well, that synched
to the server and filled up the network drive. Since it's a small company
the Exchange server used the same partition and, yes, Exchange puked.
He instant messaged me while I was at another client and was able to remote
in, install the software, and free up space to get Exchange running again
in under five minutes.
James W.: Lumigent Log Explorer http://www.lumigent.com/products/le_sql.html
gives me the ability to view a transaction log for any SQL Server Database
in an easy to use GUI. With Log Explorer you can see all events on the
database, such as permission changes, T-SQL statements, etc. Best feature:
Ability to roll back deleted transactions from within the GUI yet leaving
the database operational. I've had to use this feature a few times. It's
great because I may have a user who might say "I didn't delete it;
Joe Schmo did," but I have the user's name right here in Log Explorer.
Dameware Tool Suite http://www.dameware.com
allows you to remotely control any machine over a network, do user administration
and export and report on Active Directory.
IP Monitor http://www.ipmonitor.com
is a network monitoring tool that we have running on our PCs all day.
It's accessed via a browser. As soon as the system detects an outage,
it notifies you via an audible alert and e-mail if needed.
| Get
Help from Bill |
|
Got a Windows or Exchange question or need troubleshooting
help? Or maybe you want a better explanation than provided
in the manuals? Describe your dilemma in an e-mail
to Bill at mailto:[email protected];
the best questions get answered in this column.
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message but submit the requested
information for verification purposes.)
|
|
|
Douglas K.: 2xExplorer http://www.netez.com/2xExplorer
provides a useful side-by-side view of two folders, making drag and drop
operations between them a snap. Flexible searching can be done on files
in the directory: name, type, size, text, date/time, etc. Files and folders
can be sorted in a variety of ways. Turning on mirror browsing and changing
a directory on one panel automatically changes to the corresponding directory
in the other panel. It quickly compares the two directories to tell which
ones are identical. Press a key and the selection inverts (which would
now be all the items not matching the other panel). Print a directory
listing of the selected items to a simple text pad, allowing the list
of files to be copied and saved for posterity, pasted into support trouble
logs, distributed to other team members, etc. It can compare just the
file details level (date/time, size) or examine a file's contents to determine
if compared files are the same. Also includes a handy Notepad replacement,
with edit or view option. The directory comparison features make many
version-related troubleshooting steps significantly easier.
Anthony S.: There are many times when I need to make a quick fix
to a workstation on the network but am not able to leave my desk to do
it. GenSortium GenControl http://www.gensortium.com/products/gencontrol.html
is an easy way to temporarily control that workstation and view its screen
in real time. It temporarily installs VNC as a service with an exceptionally
small footprint, then removes itself without a trace when you disconnect.
What could be easier.
Winternals Bginfo http://www.winternals.com/bginfo
creates a standardized workstation desktop wallpaper for all machines
on my network. I can now identify each and every workstation by name,
IP address and MAC address simply by glancing over the users shoulder.
Makes identifying problem hardware much easier when you need to know exactly
which computer you are dealing with.
Pete C.: Sysinternals PSTools http://www.sysinternals.com/ntw2k/utilities.shtml
is a free suite that contains useful utilities like:
- pskill—to kill processes even on remote machines
- psexec—open a command shell on remote machines
- psloggedon—show who is connected to a computer, or where someone
is logged on
and a swagload more. These are command-line utilities, so they can be
scripted and they stay in command history. I use psexec with netsh recently
to remotely change default gateways on a lot of Windows 2000 servers without
them skipping a beat.
ActiveState's free distribution of Perl http://www.activestate.com/Perl.plex
is great, even if you don't know how to program in Perl. There are a number
of resource kit tools and other available scripts out there on the Internet
that make system administration so much easier. I've written scripts to
collate and process event logs from numerous servers, make system-wide
changes to .inf files, fix ASCII files that have been mistakenly ftp'd
as binary, and much more.
I like Perl because it behaves nicely when making changes to the Registry
and because of its cross-platform support. There is little or no change
required to make scripts that work on Unix work on Windows (and visa versa).
Crimson Editor http://www.crimsoneditor.com
is a free, fast text editor that does color coding for multiple syntax
types (different programming languages, HTML, etc), keystroke recording
for macros, line numbering, spell checking, and a column edit mode. You
can even connect to remote FTP sites from within the program, and that's
not all of its features.
Samurize http://www.samurize.com
is a free advanced system monitoring and desktop enhancement engine. Create
your own monitoring layouts and can include things like system information,
weather reports, news headlines and more. Some of the monitoring desktop
examples that are given are very slick.
I've lost count of the number of times I have used Offline NT Password
& Registry Editor from Peter Nordahl http://home.eunet.no/~pnordahl/ntpasswd/
to reset lost administrator passwords and make registry edits for otherwise
unbootable systems. A floppy disk and a CD version are permanently in
my bag.
Knoppix http://www.knoppix.org
isn't exactly a Windows tool. It's a bootable version of Linux. But it
lets me get to files on hard drives that Windows fails to load, particularly
when they are suffering physical failures. I recovered my entire Windows
XP notebook hard drive by booting from a Knoppix CD and copying them to
another (new) hard drive. Attempting to connect to the drive from any
system using Windows would just result in long timeouts and the horrible
clunking noise of physical drive failure, or attempt to run CHKDSK which
just hastened the physical degradation. I use others but this will do
for starters.
Jeffrey R.: NTRegmon and NTFilemon http://www.sysinternals.com
have allowed me to get most legacy and some not so legacy software to
run under restricted user accounts. Before I became a full-time trainer
I worked in Local Government IT and had many pieces of specialty software
that the ISV's answer was to give the user admin rights, which was unacceptable
to our security policy. I was able to find what file directory and Registry
keys the app was trying to write to, then I could adjust the permissions
accordingly.
Ron K.: Most of my work includes data conversions from one place
to somewhere else. SetACL http://setacl.sourceforge.net
has features the CACLS does not include that come in handy in conversions.
Mostly I use it to add ACLs for a new domain to all of the directories
that users need to access. With that complete, the users can be moved
between domains at whatever pace is desired. Then, when all users are
moved, I run SetACL again to remove all references to the old domain before
the trust is broken. This eliminates a lot of SID cleanup.
Stuart: Putty http://www.chiark.greenend.org.uk/~sgtatham/putty/
connects to telnet and SSH servers. It's fast and simple to use. The greatest
compliment you can give a utility is to have it in your Path statement.
This one has a permanent place in my Path.
D. S.: I work in desktop/network support in a large company. In
my bag of tricks I need bootable CDs to run repair tools. I use Bart's
Bootable CD Builder http://www.nu2.nu
to build bootable CDs then load lots of utilities.
We had three major power surges within 15 minutes, resulting in many
crashed PCs booting to blue screens. Easy Desk Software's RegRepair
http://www.easydesksoftware.com/regrepair.htm
fixed about 70 percent of them.
HDD Hard Drive Regenerator http://www.dposoft.net
is s $60 and worth every penny. It restores bad sectors, if not for the
life of the hard drive, at least long enough to do a backup.
Corey F.: ntsyslog http://ntsyslog.sourceforge.net
is the best tool for administrators! Microsoft has made centralized logging
a priority. I can write scripts to collect event logs but I either have
to run them manually or schedule them to mine the data. No matter which
route I take, I don't get real time monitoring of the logs like I get
with ntsyslog.
Richard F.: PowerQuest Drive Image (now Norton Ghost)
http://sea.symantec.com/content/product.cfm?productid=9
Executive Software Undelete 4.0 Server Edition http://www.executive.com/defrag/defrag.asp
Veritas Backup Exec 9.0 for Windows Servers http://www.veritas.com/Products/www?c=product&refId=57
VNC http://www.realvnc.com/download-free.html
LC5 (formerly l0phtcrack) http://www.atstake.com/products/lc/
Syslinux and the Linux password reset floppy disk files
http://syslinux.zytor.com/
Paulo S.: I find MakeMeAdmin http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx
very nifty when working on user workstations, where I need to perform
tasks that require elevated privileges. MakeMeAdmin.cmd executes a neat
little script that invokes RunAs twice, prompts for the local admin password,
then your current account password.
At the same site you will find another useful tool called PrivBar,
which highlights privileged from unprivileged apps.
Maurice F.: Spotlight on Active Directory combined with
Spotlight on Windows
http://wm.quest.com/products/SpotlightAD/
give you a good first impression on how things are going in AD. It will
report in colors if replication fails or is behind schedule. It gives
an overview of your AD environment in one screen. It is also great for
showing what you have to management, guests and new employees.
If we think there is a performance problem with a server, we use Spotlight
on Windows to watch the server for a while to see where the bottleneck
is. It has the same easy-to-interpret information display as the AD tool.
Spotlight on Windows saved us a lot of money: Somebody wanted to replace
a poorly performing server, which after some watching with Spotlight,
we figured out the server was running short of memory. Also, it was easy
to convince management of the problem because one screen dump told the
story.
HP Systems Insight Manager
http://h18013.www1.hp.com/products/servers/management/hpsim/index.html
will check your Compaq/HP servers using ping and SNMP. It gives you quick
info on problems with your hardware, like disk failure and overheating.
Every hardware part can be checked to see what's wrong. It'll check some
software and will generate a trap if something goes wrong. It is also
possible to push drivers to the servers which need them. And it's free,
no licensing needed.
Both tools make it easy to do preventive an active maintenance, and warn
you in time when something is wrong. It is always nice to tell a user
you already are fixing a problem with a server then the user has to tell
you a server has a problem.
Al D.: The DNS Stuff http://www.dnsstuff.com
Web site has a collection of tools that let me query a domain name for
DNS issues, perform WHOIS queries, DNS record lookups, access to spam/mail
relay databases and many more functions.
WEP Key Generator http://www.warewolflabs.com/portfolio/programming/wepskg/wepskg.html
makes it simple to generate complex WEP keys.
Mike S.: We use Dameware Remote Control http://www.dameware.com
because we like the simple remote control. You can copy and paste with
Dameware, plus it's faster than pcAnywhere and XP remote control.
We use Sam Spade http://www.samspade.org to resolve e-mail and
network routing issues. It's also a great tool for research of a static
IP or a New server name.
I use Angry IP http://www.angryziber.com/ipscan/
to acquire desktop systems info.
For large AD changes, I like features of Javelina's ADvantage
http://www.javelinasoftware.com/advantage.html.
Neil B.: We manage approximately 100 servers and have ntsyslog
http://sourceforge.net/projects/ntsyslog/
installed on all of them. The package forwards the NT logfiles to a syslog
server—in our case a Linux box which is so old it cannot support
Windows 2000 or 2003.
A simple PERL script parses the file daily, looking for events of interest:
failed logons, account lockouts, attempts to login in as administrator,
etc. It has served us well in detecting malicious behavior.
Andrew P.: I'm sure that we are not the only shop that uses Dameware
Tool Suite http://www.dameware.com,
but I rarely read about it in the trade magazines or anywhere else. This
tool makes managing our mixed NT 4.0/W2K/Windows 2003 environment much
easier.
We use the Mini Remote-Control feature for remote console sessions to
any of our 150 servers. We use the remote Event Log for diagnosing and
troubleshooting server functions. The Services applet is faster and easier
to use than the Computer Management feature that comes with the Windows
client.
Throw in the Registry applet, Task Scheduler, and the remote Command
Prompt and you have a winner. To top it all off, it is very reasonably
priced, as it is licensed by user rather than machine.
It would be possible to do some of the remote admin that we do with other
tools by culling together some Resource Kit tools and other freeware,
but Dameware pulls it all together in a great GUI and with a no-headache,
one-click agent deployment. You would be wise to include Dameware in your
review of admin tools.
Bill S.: Everyone needs a tool for changing local account passwords
on multiple computers: desktops or servers. Password Changer http://www.danish-company.com/dcwcm/page/{4D40EC77-0788-48E7-9FB6-B81A51F70CD2}.html
does an accurate and selective job.
Ann Marie K.: Hyena http://www.systemtools.com/hyena/hyena_main.htm
is the most indispensable tool I've ever come across. Unlike the
Microsoft tools, where you have to go to multiple places for different
tasks, Hyena combines them all into one easy to use interface. I use it
so much that when my employer did not approve relicensing last year, I
spent the bucks out of my own pocket! Now that's dedication to
a tool!
Mark L.: I really like Source Edit http://www.brixoft.net
for editing VBScript. It makes code much more readable for an administrator
who does not code much. Source Edit is free.
Roger O.: If there is one application that truly makes my job
easier and more effective, it's AutoIT http://www.HiddenSoft.com.
It's a software distribution tool that is is easy to use and absolutely
free! I can honestly tell you this software has saved me countless hours.
I work for a state agency who receives a custom-built software package
from the state. The installation cannot be deployed via GPO and therefore
I was required to visit each machine (more than 80) to install the application
each time it got updated. Each update would take more than half a day
to install around the agency and these updates came as often as every
two weeks.
Within a couple hours after downloading AutoIT, I was able to create
a script that completely automated the installation. Once automated, I
was able to incorporate the update script into my user logins as updates
were released, saving me and my company many, many hours. Additionally,
you can package custom scripts into EXE files for easy distribution.
You can use any editor to create the scripts. I've settled on Crimson
Editor (also free), which interfaces easily with AutoIT.
Greg E.: I use Robocopy http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en
all the time. For those that haven't used it, this Resource Kit utility
copies files and folders with from one server from another while retaining
the security settings. Many times I've moved the whole file server overnight
without a care in the world. The simplicity of the tool is also great—anyone
can use it.
Carlo F.: Nessus http://www.nessus.org
is a great tool for testing public facing servers. Nessus has all sorts
of plug-in for IIS, SMTP, SQL, Etc. It a nice security tool to make sure
your outside servers are patched. You can have it up and running by running
it from CD using Knoppix.
http://www.knoppix-std.org
James R.: MTRG (Multiple Traffic Router Grapher) http://people.ee.ethz.ch/~oetiker/webtools/mrtg/
is open source software that runs on Windows. It tracks data flow across
my network and makes nice graphs for me. I love it because it is free
and does the job in a simple way with no hassles.
TCPview http://www.sysinternals.com
gives a graphical representation of all things TCP/IP on a Windows box.
Great way to see what is connecting to the network services.
Pagedfrg http://www.sysinternals.com
defrags all system files on bootup (planned or unscheduled). It gets files
that the Windows defragger can't touch because they are in use.
BLAT http://www.blat.net/ is
an open source program for sending e-mail from a command line. I use it
in batch files to page my cell phone when certain error messages come
up.
FileZilla for FTP http://filezilla.sourceforge.net/
is open source software for Windows that beats any other FTP client hands
down.
SecureCRT for SSH connections http://www.vandyke.com/products/securecrt/
is not open source and it does cost money but it is great because it allows
you to fully script commands (using VBscript) in the telnet window. I
use it to get logs and set commands across a ton of devices in my network
very quickly.
John L.: I work for a reseller, so I see a wide variety of unique
situations. When you can't get logged into a machine, and you need admin
rights, and the user doesn't know the local admin, I've found NT Password
and Registry Editor
http://home.eunet.no/~pnordahl/ntpasswd/
invaluable. It's also nice when you have to smoke a Registry entry that
keeps a machine from booting.
Knoppix with Clam AV http://www.knoppix.org
is a Linux CD that's great for scanning a system without booting the operating
system. It's also great for getting to data on a machine where the operating
system or boot records are messed up.
Helix http://www.e-fense.com/helix/
is a Knoppix derivative that has some tools for recovering deleted data.
I also like Feather Linux http://featherlinux.berlios.de/,
which fits on a business card sized CD.
WinHex http://www.x-ways.net/winhex/index-m.html
is a hex editor with some nifty and easy-to-use features for recovering
stuff.
Jason B.: You asked for reasonably priced tools, and "reasonably
priced" is a relative term. I like the Winternals Admin Pak
http://www.winternals.com even
though it costs $699 (depending on license volume).
The Admin Pak has several utilities allowing us to boot up a server or
workstation from a CD to read or write to the machine's NTFS partition.
Can also make registry changes, reset local account passwords, monitor
reads and writes to registry and disk, monitor TCP/IP sessions, and recover
dead machines remotely across a network.
Fluffy the SMTP Guard Dog http://smtpfilter.sourceforge.net/
is a free perimeter-level mail gateway spam filter. It filters spam based
on a few key but simple rules. Very effective IMO.
Event ID http://www.eventid.net
is helpful in tracking down possible culprits for unknown event log errors
in Windows.
Windows How To http://www.jsiinc.com
provides a quick reference for common and obscure questions. Basically
a "Tips and Tricks" reference.
Webtrends http://www.webtrends.com/
scours Web server logs and produces nice looking and useful statistic
reports of Web traffic.
CalNet Active Directory Scripts http://calnetad.berkeley.edu/documentation/scripts/
can be used in the current form or modified to suit your personal needs
to accomplish tasks on the network.
Microsoft User Profile Hive Cleanup (UPHClean)
http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&displaylang=en
is useful with Citrix and Terminal Services. It gets rid of problems with
user profiles not unloading. You are having profile unload problems if
you experience slow logoff (with Saving Settings for most of the time
while logging off), roaming profiles that do not reconcile, or the registry
size limit is reached.
NTSEC utilities http://www.pedestalsoftware.com/products/ntsec/
can be used as stand alone or in a script to manipulate Windows permissions.
Similar to CACLS, etc. but more powerful.
Curt S.: ADRecover http://www.sysinternals.com/ntw2k/source/misc.shtml
is designed to retrieve a deleted user object in Active Directory. It
allowed me to retrieve an object that controlled the MSCRM Security service
on an production system. Critical updates were applied and this tool retrieved
the missing object in 10 min.
Todd C.: Adcheck http://www.netiq.com/adcheck/001017adcheck.asp
is a free and handy tool that I recommend to all AD administrators. It
does a quick check on your domain controllers and AD. I'm an admin with
DCs around the globe, Adcheck has proven very useful in supporting all
those servers.
Kevin D.: MRTG (Multi-Router Traffic Grapher) http://people.ee.ethz.ch/~oetiker/webtools/mrtg
generates easy-to-view graphs of our Windows servers. We can see at a
glance the disk space, CPU utilization, network traffic, memory usage,
paging space, and anything else that will help us "see" what
the server is doing and has been doing. It is especially useful to keep
historical data for capacity planning for servers, disk space and networks.
Pretty much anything that can be shown numerically in SNMP can be charted
in MRTG.
For example, we can see the growth of disk space at a glance for any server
to know when to expand the drive, or maybe just clean it up. We can see
from CPU utilization whether a server may be "hung up" on a
process. We can see if someone is sending large amounts of data to a server
from the network utilization.
War story: We have pagers that go off for various issues on our
LAN, and once on a Saturday a pager went off at 5:00 a.m. to tell me that
the disk space was nearly full on a certain volume of our file server.
I immediately logged onto our MRTG web server and went to that server's
page to find that it had been increasing steadily for the past eight hours
and, at the rate the graph showed me, it would run out of space within
the next half hour. I immediately suspected a runaway process on a client
machine and was able to quickly find the client and stop the process.
If I didn't have MRTG, I would not have known how long the disk space
was increasing, at what rate of increase, and would probably have thought
I needed to expand the volume when it was not necessary.
Cathy H.: Hyena http://www.systemtools.com/hyena
is the best tool I have ever used in 23 years as a system admin. It is
reasonably priced for one or many admins, understands systems as sophisticated
as AD and Exchange 2003, yet is useful for the small-site admin as well.
Their support is excellent, as is the forum they maintain. I use it for
managing users, domains, servers, writing simple macros to run against
multiple servers, exporting information on anything from software installed
on a server or servers, to changing the password of the admin account
on 200 servers with one command.
Erik W.: Ultravnc http://www.ultravnc.com
is a simple but fantastic Windows remote control program that is
free. I have used it all through my company. It keeps getting better and
better. Other VNC products have refresh issues but this tackles the problem
very well. It can use windows security to limit access, remote control
via a one exe client program (no install needed) or web page. I even run
the client from with Citrix with few problems. You can setup a repeater
if you need to setup only one hole through your Internet router/firewall.
The makers of the Fastpush http://www.darkage.co.uk/vnc/faq.htm
batch file have sewn several utilities from around the Web to allow pushing
remote control and/or changes to client PCs.
Switch Mapper
http://www.solarwinds.net/Tools/Engineer/Categories/Network_Discovery.htm
is a cool utility that shows IP information about the ports on a switch.
You can run it against your switch and find out what IP address is associated
with which port; works with VLANs.
Tugzip http://www.tugzip.com/
is a free file compression utility that also can look into ISOs, and lets
you use scripting to make automated backups.
Okay, Tech Support Alert http://www.techsupportalert.com
isn't a tool. However, for those of us who operate on a very slim budget
this newsletter has great program suggestions and tips. Most of the time
the suggestions are unique and useful.
Henry R.: Internet Server Monitor http://www.websitearchitectures.com/products/eServMon/
allows an admin to be notified when a server goes down.
SQL Viewer for Databases http://www.websitearchitectures.com/products/sql/
uses a manual install process so it is only recommended for experienced
programmers.
Brian F.: When trying to figure where all the free space on a
server's hard drive has gone, we use TreeSize Professional http://www.jam-software.com/treesize/index.shtml.
You simply right click on a drive, choose Treesize, and the program gives
you a great report to quickly and easily track down what's taking up that
space.
Our war story is that we kept running out of hard drive space on a file
server. We kept looking in the usual suspect directories and got some
users to delete some MP3s, but since this server also had thousands of
other directories for our different departments it was nearly impossible
to find what was taking up large chucks of space. We Googled and found
TreeSize Pro. Within two minutes we found that deep within the directory
structure someone had GBs of ISO CD images. We talked with the person
and freed up about 75GB in about 30 mins. TreeSize rocks!
Eldad L.: I am the network manager in a company that prints lots
of sensitive material. I use Security Explorer http://www.scriptlogic.com/eng/products/securityexplorer/main.asp
to control permissions. The tool is reasonably priced and it makes my
tasks much easier and faster. With this tool, I can grant permissions,
revoke them and back them up or restore them. I can create reports on
specific files and folders. It also gives security configuration options
that do not exist in Windows.
Secure Copy is another tool from the same company. It's useful
when you need to move a lot of shares and files to a new file server.
It preserves the complete tree, share names, security, last access date
or last modified. It can be run at a scheduled time.
We got a great script and a customized Access database tool that we'll
be incorporating into the list within the next couple of weeksThanks to
everyone who contributed.