Sysadmin Tools

Posted on August 1, 2012 by Luke Maciak   tein.co/12362

Friends, Romans, Sysadmins – lend me your /dev/ears so that I can listen to myself talk. Actually, I’m more interested in you talking. So tell me, what kind of tools do you use in your line of work, or in your spare time while tinkering?

A little while ago I did this thing where I made a somewhat extensive list of nifty malware removal and diagnostic tools. I want to do something like this for general purpose sysadmin type tools. Perhaps you will learn about a new cool app from this, or maybe I will. Either way, we all should benefit.

Shameless Self Promotion

This is the bit where I pimp my own tool. As you may or may not know, I have made Luke’s Setup Assistant into my Swiss army knife of Windows maintenance, security and administration. On it’s own the application doesn’t really do much. It basically acts as a compact launcher for bigger and better things. This way you don’t have to open a web browser to download something like Process Explorer, Malwarebytes or Hijack This. If you haven’t checked it out, please do. It has useful stuff in there.

General Purpose Utilities:

Shameless self promotion out of the way, lets pimp other people’s tools. If you could only use two website on the internet to get your resources from, what would they be? For me it would be these two:

  • Windows Sysinternals – is probably the most widely known and most frequently used admin treasure chest. It’s a collection of essential tools that ought to be in Windows, but aren’t. In fact, Microsoft liked these tools so much that they hired their author and brought the website under their fold to ensure the entire collection will be maintained and updated to work on their new releases. If you never used these tools, you have probably been living under a rock or something. Here are a few self contained tiny apps that you have been missing out on:

    • Autoruns – lets you see and edit what services and applications launch with windows. It’s like MSConfig but it is much, much more thorough.

    • Process Explorer – is a drop in replacement for Task Manager, and about a 100 times more useful than the original app.

    • SDelete – a command line, DOD 5220.22-M compliant file shredder that’s only 81Kb.

  • Nirsoft Tools – are a little bit less popular, but not less useful. The page is low profile and low key, but similarly to Sysinternals it uses the treasure trove of small, single purpose, self executable apps approach. Some of my favorites include:

    • Blue Screen View – a tool that lets you analyze the memory dump files left over after BSOD events

    • RegDll View – lists all the registered DLL files on your system.

    • NK2Edit – allows you to edit and repair Outlook NK2 (auto-complete cache) files.

    • What Is Hang – helps you identify the process that is hanging up your application.

Both of these sites are extremely useful and provide a very wide range of nifty utilities. Listing them all here would be a waste of time, so I will let you explore these places on your own. Now if you were allowed to use more than two sites, here are some other tools I would recommend:

  • WinDiff – is my favorite diff tool for windows. It’s easy to use, relatively fast and a good way to quickly compare files.

  • WinDirStat is a tool that helps you answer the question “what the fuck is taking all this space on my hard drive?”. In other words it is disk usage visualization tool. Why would you need one? Well, sometimes Windows like to gobble up disk space in rather strange and hidden ways.

  • Memtestx86 – is your one stop shop RAM testing tool. This is usually what I run when a machine is behaving erratically or hangs up in weird ways.

Unix Tools:

Every windows admin secretly wishes he was a unix admin. Don’t deny it. You know this to be true. Hell, even Microsoft knows this. So what are the best ways to get your Unix on while on windows without using a virtual machine?

  • Cygwin is probably your best bet. It gives you a full bash shell, along with hundreds of downloadable utilities running within Windows. Best part is that this is not a VM or emulator. The shell can access Windows filesystem just fine – each windows drive is simply mounted under /cygdrive/ directory.

  • Unix Utils – I actually wrote about this nifty collection very recently. It is nowhere near as extensive and versatile as Cygwin, but you can easily bundle it’s individual executables with batch scripts as I demonstrated in my article. You can’t do that with Cygwin binaries which must be run from within the bash shell.

System Identification:

Sometimes you are handed a random computer you know nothing about and are given a task of upgrading it’s hardware and getting it infected with the latest version of Windows. The problem is that short of opening the machine up it is often hard to guess what kind of guts are in there. Sure, you can probably figure out how much RAM it has, but Windows usually will not tell you if said memory resides on a single DIMM or multiple ones. Or how many DIMM’s can be put into the machine. Linux users have the excellent information tool known as LSHW which will tell you just about everything you could possibly want to know about your hardware. Windows admins are not so lucky. The built in systeminfo command is much less powerful. Fear not though, because there are a few very useful tools at your disposal:

  • CPU-Z is probably the most comprehensive and thorough hardware inspection tool. It reveals a lot of information about your CPU, including Cache amount and type, temperature, latency, special features, etc. It also is very good at telling you about the specs of your memory, and other components.

  • Memory Viewer is a tool you would use if all you wanted to know is amount and type of installed memory. It has nowhere near as many reporting options as CPU-Z but it is an easy, quick and painless way to check if the machine’s memory can be upgraded and by how much.

  • Unknown Devices – have you ever been in this situation: you are given a machine with a fresh windows installation. Nothing works because half the hardware drivers are missing. Your Device Manager is littered with those ugly yellow question marks. To make matters worse, the machine is a custom built rig, so you can’t even look up the specs on a manufacturer’s website. What do you do? Well, this tool will turn most of the ugly question marks into actual vendor and model names. It is a life saver.

Setup & Recovery:

In our line of business we frequently need to set up, or tear down random systems. Here are some tools that make this process much easier.

  • Ninite is hands down my favorite freeware deployment tool. Their website lets you put together custom installer that includes just the programs you need (their catalog is pretty good). From that point on, you can use this tiny installer to either install or upgrade all chosen tools on any system. I use it as part of my “first time setup” script.

  • PC Decrapifier – I don’t use this tool that often at work these days because most of the time we just re-image machines so de-crapifying is not always necessary. Still useful when setting up a new PC for friends and relatives. This tool helps you to get rid of all the trialware and garbageware that PC vendors like to install on brand new machines.

  • Clonezilla is a very powerful and sophisticated imaging tool. In it’s simplest incarnation it can function as a bootable thumb drive that can be used to save or restore disk images. At most sophisticated end, it can function as a server which can be used to net-boot PC’s that are to be imaged. It is stable, wonderful, free and I use it all the time. It sure beats stuff like Norton Ghost.

  • Darnik’s Boot and Nuke – a DOD 5220.22-M compliant disk wiper. That is all. Really, you need to decommission a hard drive, DBAN it first. I always do this when I have to RMA drives or entire computers.

  • GParted is a live CD that serves one purpose: it helps you re-partition hard drives. If you ever need to dual boot a machine with Windows already installed on the hard drive, this is pretty much the only tool that has a decent chance of re-sizing NTFS partition without breaking it.

  • Recuva – I mentioned this tool in one of my recent posts. It is an excellent file recovery tool that saved my ass multiple times. If you ever delete something you were not supposed to, this is how you get it back.

  • Bart’s PE Builder – not really a tool, but a toolkit that lets you build a useful tool – namely a bootable live Windows CD. Why would you ever want to use live windows when there are so many awesome linux distros? Well, sometimes that’s the only thing that will work – for example if you are trying to recover data from Pointsec PC encrypted drives. I have written a rather extensive post on how to build WinPE CD from a Dell OEM disk.

    • Remote Assistance:

    Every once in a while lusers need help with their computing and usually the fastest way to help them is to wrestle the control away from them before they break more things. Fortunately nowadays this is almost as easy to do remotely as in person.

    • Team Viewer is my favorite remote assistance tool. It is by far the fastest and most straightforward tool to work with. It can also be installed in service mode. The commercial license is a tad expensive though.

    • CrossLoop used to be my favorite tool. Why? Because it was free and used free technology stack (TightVNC among other things). Unfortunately something has happened to it and now it is unbearably slow. Maybe it’s my network, maybe it’s something else. All I know Team Viewer is blazing fast, whereas CrossLoop connection to the same computer tends to be sluggish. Still, it might work for you.

    • Join Me in theory this is the easiest one to use. You instruct the user to go to a website, click on a button and then read you a number that pops up. In practice 80% of my users is incapable of seeing the popup window because it is small and unobtrusive. Still, it is pretty good if you can get the users to notice it without spazzing out.

    • PST (Problem Steps Recorder) – Not many people are aware of this little gem, but Win7 has a nifty built in tool that will “record” a session. If your user is experiencing a weird error, you can just have them run PST from the search box, then do the problem causing action. PST will save a series of screenshots and diagnostic data into a zipped up HTML slideshow that can be easily sent via email. This is pretty good when you can’t use any other remote assistance tools because of a firewall. For users that are running XP or Vista you can use Screen Recorder instead.

    Security:

    There are actually dozens of great security tools out there, so I will only highlight few of my favorite ones. I guess I should get the swiss army knife of everything network related out of the way first. Netcat is not really a security tool per se, but it is an extremely useful took to keep in your virtual utility belt. It you don’t believe me, just check out what you can do with it.

  • Nmap – if you need a port scanner, this is it. I mean, what else can I say about it. It is good, versatile and it does what you would expect it to do – port scanning, OS fingerprinting and etc. It can be as simple or as complex as you want.

  • Nikto is a nifty web venerability scanner. Just point it at a web server and it will tell you whether or not there are any potential security holes or problems with your setup. I wrote a brief post about it few years ago.

  • Wireshark is a packet sniffer and traffic analyzer. It lets you snoop at what is going on on your network. Free and multi-platform.

  • Aircrack a nifty tool for cracking WEP and WPA passwords. Does what it says on the tin.

  • Ophcrack a rainbow tables based Windows password cracker. Quite useful for the rare occasion when a user trusted with am admin password managed to un-join his machine from the domain and somehow completely lock himself out of his machine.

    • So there you have it. That’s my short list. Did I miss anything useful? What are your favorite tools? Please share them in the comments.

    This entry was posted in Uncategorized. Bookmark the permalink.



    8 Responses to Sysadmin Tools

    2. ST/op DENMARK Google Chrome Windows Terminalist says:
      August 2, 2012 at 3:24 am

      We run Linux servers (RHEL) with (mostly) Windows clients:
      Putty (SSH client for Windows)
      ConnectBot (SSH client for Android)

      Also Windows xKill can be handy sometimes!

      Another distro of GNU utilities for Windows, GOW, comes in a single installer.

      BTW: I’ve been trying the excellent ‘Luke Setup Assistant’ ;), but it failed to run on any danish-language computers (both XP and 7). English lang works OK.

      Reply  |  Quote
    3. Douglas AUSTRALIA Google Chrome Windows says:
      August 2, 2012 at 4:55 am

      In a similar vane to Ophcrack, one we sometimes have to use on client computers when they fail to tell us the password to logon and we can’t get in touch with them is Kon Boot. Burn it to a disc, boot from it, it does some magical jiggery-pokery, and Windows appears to load as normal. When prompted for a password on the logon screen, just hit Enter. And it logs you in.

      Unfortunately, you need to pay for it to get it work on Windows 7 or 64 bit versions of Vista, but it is an awesome little tool.

      (Also, your Memory Viewer link is broken :) )

      Reply  |  Quote
    4. Grzechooo POLAND Opera Windows says:
      August 2, 2012 at 6:10 am

      It’s a great list, I’ve already known about Sysinternals and NirSoft tools, but I hear for the first time that there’s a thingie called PST.
      Also, in a case of mess in devices, you can also use Device Remover. Not sure how it treats unknown devices though.

      Reply  |  Quote
    5. Luke Maciak UNITED STATES Google Chrome Linux Terminalist says:
      August 2, 2012 at 10:04 am

      @ Fry:

      Thank you sir! I did not know about this one. Definitely going into my toolkit!

      @ ST/op:

      Heh, I like how Windows xKill is hosted on DeviantArt of all places. lol

      Also, sorry about the Danish thing. I have no clue why that would happen. Does it give you a specific error message? Could you post screenshot / error dump /stack trace?

      My bug tracker is here.

      Of the top of my head, I’m thinking that maybe some paths are different… Or maybe it blows up because character encoding on paths in strings. :/

      @ Douglas:

      I fixed the link. :) Also, nice – I did not know about KonBoot.

      @ Grzechooo:

      You mean this one? Wow, do you think they could put more badges on that front page? ;)

      Reply  |  Quote
    6. SapientIdiot UNITED STATES Google Chrome Windows says:
      August 3, 2012 at 12:51 am

      I recently discovered allmyapps ( http://allmyapps.com/ ), a tool thats similar to ninite, but closer to an actual package manager like the one included with ubuntu. Its great for bulk installs and also checks for updates (unlike the free version of ninite), even works with software you’ve already installed.

      And iobit uninstaller is great (and portable) for doing bulk uninstalls.

      Reply  |  Quote
    7. serverjock CANADA Mozilla Firefox Windows says:
      August 3, 2012 at 5:00 pm

      There are some useful tools which I use (like Gimp and explorer++portable) from http://www.portableapps.com. All of which I can run from a thumb drive.

      Reply  |  Quote

    8. Pingback: About DBAN | Darik’s Boot And Nuke | AnthroVenture PHP

    Leave a Reply

    Your email address will not be published. Required fields are marked *