The 5 Most Useful Free Tools for Windows Systems Administrators (I)

The 5 Most Useful Free Tools for Windows System Administrators (I)

Share

One of the biggest problems for systems administrators is that they are constantly firefighting, solving problems that need an immediate response, and therefore, dedicating less time to more important tasks like improving their IT infrastructure. In fact, there are studies that show that technicians spend around 80% of their time solving recurring problems, whilst just 20% of their time is dedicated to operations, improvements, etc. Here at Jotelulu, we have been thinking about how we can help sysadmin to optimise their time, and we have decided that one way might be to provide some of the most useful tools for Windows system administrators

Today, we will take a look at some of the tools provided by Microsoft that are not included in Windows. These tools for system administrators can be downloaded from the Microsoft knowledge base, currently called “Microsoft Docs”, where there are lots of manuals, documents, tutorials and even tools.


The tools that we will look at today are found in “Microsoft SysInternals”, a suite of tools and aids for systems technicians created by Mark Russinovich in 1996.

Image 1: Contents of the SysInternals suite. tools for system administrators

Image 1: Contents of the SysInternals suite

Since we don’t have time to analyse all of them, we are going to look at 5 tools that tend to be quite useful on a daily basis. In fact, they are probably the best ones available in the entire SysInternals suite, at least we think so anyway.

The tools for system administrators that we have selected are: 

  1. Process Explorer
  2. Process Monitor
  3. PsTools
  4. AccessChk
  5. TCPview

Process Explorer

Process Explorer is a really great tool for troubleshooting. It allows you to carry out an exhaustive analysis of system performance, finding problems that could be affecting performance, as well as helping to detect malware or viruses. 

It shows all the processes running on the system, their process tree and dependencies and how much CPU and memory they are using. It also allows you to see which commands are used to start each process, the file path of the executable file and the system services linked to the process. 

Just like the Task Manager, Process Explorer allows you to see resource statistics but also provides the name of the provider that created the process and a description of what it does.

Image 2: Process Explorer on Windows 10. tools for system administrators

Image 2: Process Explorer on Windows 10

 

Process Monitor

Process Monitor is the perfect complement for Process Explorer and is designed to monitor and obtain additional information about each system process to provide a clearer idea of what it does. 

It allows you to see the registry keys for each program and, therefore, where its settings are stored and which are modified each time a change is made. You can also see which processes access different resources such as file systems, the local network, the internet, etc. 

What makes this such a powerful and effective tool is the ability to apply filters, helping you to search for more detailed information about any process and what it is doing on the system. 

Image: Process Monitor on Windows 10 and the details for a process. tools for system administrators

Image: Process Monitor on Windows 10 and the details for a process

 

PsTools

PsTools is not an application but a set of applications that have a similar purpose and background. The background of these applications is that you can run processes in a similar way to Unix System V, in other words, using process snapshots.

There is a PowerShell version of each application, so many administrators might say that these tools are obsolete or no longer necessary. However, it is much simpler to use these commands than running through PowerShell, and they will work exactly the same on any version of Windows.

The tools included in this pack are:

  • PsExec: Allows you to run processes remotely.
  • PsFile: Shows files opened remotely.
  • PsGetSid: Shows the device or system SID.
  • PsInfo: Show basic but important system information.
  • PsKill: Allows you to end running processes.
  • PsList: Shows lists of detailed information about running processes.
  • PsLoggedOn: Shows who is connected to the system and whether they are connected locally or through shared resources.
  • PsLogList: Allows you to perform an event log dump.
  • PsPassword: Allows you to change passwords.
  • PsPing: Is used to measure network performance.
  • PsService: Allows you to see and monitor system services.
  • PsShutdown: Allows you to force a system shutdown or reset, which can be very useful when the system becomes overloaded.
  • PsSuspend: Allows you to suspend a process.

Image: PsList running on Windows 10. tools for system administrators

Image: PsList running on Windows 10

 

AccessChk

AccessChk allows you to check access permissions for users and user groups. You can review access to resources like files, directories, printers, Windows services, global objects or even registry keys.

It is really very simple to use. Just enter the name of a user or user group and a path, and the command will audit the effective permissions for that specific account and path. The program will then display the effective permissions.

The AccessChk page itself provides numerous example that can be easily applied to your own system.

Image: Checking access permissions for a user to “C:\windows\system32” with AccessChk

Image: Checking access permissions for a user to “C:\windows\system32” with AccessChk

 

TCPview

TCPView is a program that allows you to see a list of all TCP and UDP connections, including local and remote connections, and the status of each one. These are the same details that you can see using “netstat” but, here, they are displayed in a slightly more user-friendly way and with a little more detail.

It includes “Tcpvcon”, the command prompt version that allows you to launch the application and extract specific information through different pipes or parameter passing. It can be really useful when used in combination with other commands and programs.

 “TCPView” performs an initial scan and lists the endpoints for both TCP and UDP protocols, showing those that are active. Furthermore, it performs an IP/DNS translation to obtain the name of the target and active services.

It also allows you to close established TCP/IP connections, which can be very useful if you suspect a security breach or some other incident. And finally, you can also save the results window to study it in detail later on.

Image: Running TCPview on Windows 10

Image: Running TCPview on Windows 10

That’s all the useful tools for system administrators that we will cover today, but we will be back soon with more!

We hope that this information has been useful for you and helps you manage your Microsoft systems, whether they are servers or client devices.

See you soon!

Category:Cloud and Systems, Sysadmin

Other posts that may interest you

9 de August de 2024
Choosing the right cloud service provider is a critical decision that can impact the quality of your software, customer
3 de July de 2024
Here at Jotelulu, we have designed our Disaster Recovery service specifically with SMEs in mind. But what arguments should
2 de July de 2024
In today’s article, we will explain some of the basic concepts that are important to understand about Jotelulu’s Disaster

Fill out the form and one of our Sales team will contact you soon.

growth@jotelulu.com  |  jotelulu.com 

You can unsubscribe from these communications at any time. For more information,  check our Privacy Policy.

 

We make the difficult easy

Existing Disaster Recovery tools often require advanced knowledge to manage, demanding expertise that is difficult to acquire.

Jotelulu’s Disaster Recovery aims to make the difficult easy and offers a very simple deployment based on a three-step configuration:

Origin (Primary Site)
Determine the origin location of the subscription on which the Disaster Recovery service will be established.

Destination (Recovery Site)
Set the destination location (availability zone) where you want the Recovery Site to be deployed.

Replication characteristics
Specify the data related to the number of copies to be kept and the frequency at which the replication will be performed.