Admin: More tools to Asist Admins

Yesterday I mentioned using the BeyondLogic shutdown tool. I had a comment about using the Sysinternals psshutdown utility. This was an excellent suggestion as this was the tool I had used previously, and I liked it a lot. It did have a lot of power, but it was the tool that stopped working when some domain policy was changed (I wish I could point out which one, however I haven’t setup a lab to test it out).

But this did bring up a good point. I typically go on about how great the Cygwin tools are for doing scripting and admin work. Unfortunately, I do neglect to mention that it is not the only set of tools I use. Sysinternals sets of tools are also excellent.

For example, one of the tools I use is the PSKILL utility. This will kill processes, and for me works better than the Task Manager End Process command. Looking at the below example, here is a process that is being stubborn. When I try to do an End Process on it, it will not terminate for whatever reason, as illustrated in Figure 1 below.


Figure 1: Stubborn Process

This is unacceptable, so I use pskill to terminate the process, as illustrated in Figure 2.


Figure 2: Using PSKILL to terminate process.

Take that stubborn process. Another useful tool is the PSLOGGEDON utility, which will determine who is logged in to a machine, both locally and remotely. Figure 3 demonstrates two methods of running PSLOGGEDON, one is running just the command to retrieve local users, the other us piping the results through GREP to remove the Sysinternals header. I prefer method 2 since it is easier to work with in scripts.


Figure 3: Using PSLOGGEDON

Another useful Sysinternals tools is Sdelete, which is a tool for deleting files in a manner that securely deletes files compliant to DOD standards. Richard Bejtlich discussed this topic previously for formatting disks. And another useful tool, if you’re managing a large group and support helpdesk functions is the BgInfo tool. This will generate wallpaper with useful information such as IP Address, Architecture information, memory, hostname, software version, etc. Useful tool, and with a little creative scripting, it can be used in conjunction with users individual wallpaper preferences to allow them their own wallpaper choices without cramming a standard image onto everyone machine.

Another tool I use, especially in an environment like mine where Ethereal is on the restricted software list, is IPTools. This is a decent packet capture tool in environment where installing WinPCAP is not an option and you need a driverless packet capture utility. It utilizes the Windows RAW packet capture mode, so this may not work on all versions of Windows.