Tuesday, June 20, 2006

Few must-know tools for basic system administration

Sysinternals offers some of the best free tools for basic as well as advanced system administration tasks. Among all, few must haves are:

  • TcpView - For monitoring network connections in real-time. GUI extention of netstat command.
  • Process Explorer - Shows detailed information of each of the processes running on the sytem. The best alternative to Task Manager.
  • AutoRuns - Shows detailed information of all the programs configured to run with system start. Much better than msconfig.

FPORT - This console based program from Foundstone shows all the open/active network connection details along with complete path of the executable. Another alternative to netstat command.

TIP: It is best to download and just drop all these tools in %SYSTEMROOT% folder so that you can execute them directly from Start-->Run or from console without specifying their path.

Few other useful built-in commands in Windows XP/2003:

  • GETMAC - Retrives MAC address of all the network interfaces from local or remote systems. NBTSTAT can also be used to retrive MAC address.
    GETMAC retrives MAC address from machine's WMI repository, whereas NBTSTAT relies on WINS database (which could be outdated). The advantage with NBTSTAT is that it can get you the MAC address of remote machine even if the target machine is not online, whereas, for GETMAC to work, the system should be online and accessible.
    User GETMAC /V option for verbose output to see the NIC name along with their MAC addresses. Without /v, it shows only the GUID identifier and not the actual NIC name.
  • HOSTNAME - To quicky find out local machine's NetBIOS name.
  • TASKLIST - To quickly list all the running processes on local or remote system. Run TASKLIST /V to see details similar to what Task Manager shows. While Task Manager is limited to provide only local machine's information, TASKLIST /V can get you the same information from remote systems even if that remote machine is running Windows 2000 where TASKLIST doesn't run locally.
    Run TASKLIST /SVC to enumerate all the child processes spawned by host processes like SVCHOST.EXE and SERVICES.EXE, Task Manager does not display these details.
    For example, if you find that SVCHOST.EXE is consuming maximum resources, the culprit process is usually one of the child processes running under svchost.exe, and not the svchost.exe itself. Thats when you can run TASKLIST /SVC to enumerate all the child processes running under svchost.exe.
  • TASKKILL - A very handy command for terminating processes running on local or remote systems, based on either process ID or image name. In my future post I'll explain how taskkill can be combined with tasklist to troubleshoot hanged service on local or remote systems.
  • SYSTEMINFO - Quickly retrives basic system information from local or remote systems. I usually use this command to get details like - system uptime (to determine last boot time), authentication server name, system hardware model, etc. You can also use MSINFO32.EXE to see similar output in graphical mode for local as well as remote systems.

1 comment:

Anonymous said...

Hi Raj,
This is very usefull and helpfull commands. Thanks for putting this up.