Home » Windows»Handy Tools
2009-01-20
Really complex passwords are a brilliant idea, right? Wrong.
2008-08-27
Often, you will see mention of things like System Error 52 or Operating System error 2 has occurred. But what do they mean?
2008-07-30
Don't use Catch-All (or wildcard) email addresses. Just don't.
Your IP address is
38.107.191.84
This is a brief listing of some rather useful utilities for IT people.
Part of the PSUtils package from Sysinternals - PsExec can give you a remote command shell on a Windows computer. It has some scripting capabilities, which is handy if you need to run, say 'del c:\windows\temp\rc4.key' on 200 computers. Some antivirus programs (notably McAfee) will detect this as a PUP (potentially unwanted program) - if you've enabled that option in the scanner.
Netcat was originally written by the renowned security specialist at l0pht. It has a large array of uses, notably that it can listen on any given port and pipe the data to a process. I often find this useful for determining which ports are open on a firewall.
You can get NetCat for Windows from VulnWatch or for Linux from Sourceforge.
More utilities from Sysinternals. I've grouped these two together, as they do basically the same task for different things. Filemon monitors access to the filesystem, while Regmon monitors access to the registry. These utilities are invaluable for troubleshooting applications. If you have some program which isn't behaving itself, you can use the utilities to find out if there's a file that can't be openend, or perhaps a registry key the user doesn't have permissions to write to.
You can get both of these, and PSExec from the Sysinternals Page at Microsoft.com.
NMap is my weapon of choice when I need to do a pingsweep or a portscan. In an organisation with no maintained listing of static IP addresses, it's quite a godsend for discovering unused addresses. It's also very good at determining which OS is running on remote computers. Again, some antivirus programs (again, notably McAfee) will detect NMap is a 'PUP' - if you've enabled that part of the scanner.
You can get NMap from Insecure.Org.
The GNUWin32 Tools are a collection of UNIX utilities, ported to Windows. Whilst they're all more useful in a UNIX environment than they are in Windows, there's some gems to be had. For example, the utilities sed, grep and awk offer you some powerful ways to find and replace text in files. Got 20 INI files that you need to replace an IP address in? No problem. Got 500 HTML files you need to change one line in? Easy.
Also, there's utilities to compress files using formats like ZIP and GZIP. Okay, so you can create ZIP files in Windows XP, but you can't do it from the command line, so you can't script it. Now you can.
Another favourite of mine is wget, which will just go and grab the contents of a webpage (or pages) and save it to disk. Very handy if you want to take a quick copy of some web pages to read on the train, but can't be bothered to fire up your web browser.
You can get them from the GNUWin32 Sourceforge Site.
Blat.exe is available from blat.net. It's very useful for a simple drop-in command line emailler. If you have a batchfile script, and you want it to be able to email you (perhaps to tell you there's a problem), blat is a nice easy way to do this.
You'll have to provide it an SMTP server which it is allowed to relay through, and you'll probably want to alter the ACLs on it so that only specific user accounts can execute it.
Disk space issues can be a bit tricky sometimes, but fortunately WinDirStat is here to help. It pretty much does what it says on the tin - showing you which directories are eating up your disk space. It's GPL'd, so won't cost you anything - unlike TreeSizePro and ShowMan. If you're a Java fan, you might prefer JDiskReport, although installing a Java VM on all your servers may get you fired.
As much as I like ShowMan.exe, at £34.95 per single user commercial licence, it doesn't scale well to large support departments with 10,000 servers. I've taken to using the GPL'd WinDirStat, and just keeping a copy of the WinDirStat.exe file handy. It works fine if you just run it, you don't need to go through the whole installer package routine.
Sometimes there's just no substitute for taking a packet capture to see what's really going on. WireShark provides a full sniffing capability for when netstat just doesn't give you enough information.
LogParser is available from Microsoft Technet, and is extremely useful for analysis of multiple logs. It isn't limited to the Windows event logs, but is also capable of looking through plain text, CSV and XML formatted logs. It also has the ability to make pretty HTML reports and charts based on what it finds. There's also a handy Vista Logparser Gadget.
Fiddler2 describes itself as a web debugging proxy. It does pretty much what it says on the tin, showing you all the requests and responses made by your web browser (or indeed anything you set up to use it as a proxy server). It even handles HTTPS traffic, which is incredibly useful. I've used it many a time to diagnose website/proxy server problems. Alternatively - you may prefer WebScarab, which scores extra points for being open-source, but loses several thousand points for being written in Java.
