Useful things for a system administrator. System administrator's first aid kit. A minimum set of utilities for the most effective problem solving

version: 5.0.5 from April 15, 2019

A program for gaining access to a remote PC and exchanging files. The application does not require mandatory installation and is characterized by high image quality. This is a program for remote access to a PC. It allows you to use the functions of a remote computer as if you were sitting at it yourself. Any Desk is distinguished by the high quality and stability of the transmitted image; in terms of connection setup speed, this utility is on par with the best solutions like Ammyy Admin. The application has the ability to display videos and has an integrated file manager.

version: 10.0.17763.1 from April 09, 2019

A program for creating an ISO file for Windows 10 - allows you to download a free distribution of the operating system and burn it to an optical disc or flash drive.

Media Creation Tool allows you to instantly update the current OS version, download an image in a common ISO format or a distribution kit ready for transfer to a flash drive. The user can choose one of the many official languages of Windows 10 - download for free Russian or another version in the required bit depth (64/32 bit). If you plan to install the system on another computer, you can simultaneously download both versions - x86, x64.

version: 8.4.0.7 from March 05, 2019

Using this program, you can erase any object from your computer disk - be it a single file or folder, plug-in, program or application package. However, it does not require installation and can be launched from a flash drive or memory card.

After launch, the utility finds all installed software and components and sorts them into different categories (“Large”, “Recently installed”, “Rarely used” and so on).

version: 2.0.6 from February 01, 2019

Revo Uninstaller is a professional program uninstaller that allows you to completely remove programs installed on your computer, even if you have problems removing them using the standard Windows uninstaller.

Thanks to its advanced and fast algorithm, before uninstalling the application, Revo Uninstaller analyzes all the deleted files and only then deletes them. You can also remove unnecessary additional files, folders and registry keys, which, as a rule, accumulate on the computer before using professional uninstallers.

version: 3.8 from January 23, 2019

This small application is used to remotely control other computers or servers. You can control the operation of the mouse and keyboard, launch the necessary programs, or copy any data to your working system.

The Ammi Admin program is relevant for users who are well versed in computers and can help their friends or work colleagues sort out certain problems. For example, by connecting remotely to another PC, you can install any program, burn a disc, or troubleshoot problems. In addition, this application will be useful for system administrators who will be able to spend less time at work managing servers and computers from a distance.

version: 4.6.3055 from November 12, 2018

A program for controlling another PC via the Internet or an internal local network. The application allows you to access all functions of the remote machine.
With AeroAdmin, you can manage a remote desktop as if you were sitting at the remote machine. When exchanging information, a hybrid AES+RSA encryption algorithm is used.

version: 9.2 from January 10, 2018

AnVir Task Manager is a free system utility that allows you to control everything that is running on your computer and also provides convenient tools for configuring your computer.

Brief list of characteristics:

Managing startup, running processes, services and drivers and replacing the Task Manager;
Detection and removal of viruses and spyware;
Fine-tuning XP and Vista, including setting hidden settings;
Speed up Windows loading and computer performance.

version: 5.0.1 from April 06, 2017

A program for administering and monitoring a network, containing tools for constructing visual diagrams consisting of computers, servers and other elements.
A reliable assistant for a system administrator. As the name suggests, Friendly Pinger allows you to find out the status of each computer connected to a common network. In addition, using this program, you can inventory the installed software and hardware components of your PC, view the list of users who are currently accessing the administrator’s file system, search for network services and set up an alert system, thanks to which you can receive instant notification in case of a stop or start server. The ability to send external commands to other devices (for example, telnet, tracert and others), as well as the function of creating distribution kits, is supported.

Our programs for system administrators will help you keep abreast of everything that happens in the computer park and enterprise network, respond in a timely manner to equipment failures and software problems, and minimize costs and downtime. This page presents programs for monitoring the network, servers and hosts, for PC inventory, accounting for installed programs and licenses, creating reports on computer hardware, for accounting traffic on the network, for studying the network topology and creating graphical diagrams of local networks.

A network administrator may also find useful programs for searching files on local networks and auditing user access to file resources of servers over the network. All these programs will help the system administrator improve the performance of network devices and servers and ensure the proper level of security in the enterprise network.

10-Strike programs are included in the unified register of Russian computer programs of the Ministry of Communications and can participate in government procurement.

Programs for network administrator, network utilities

A program for inventory and accounting of installed software and hardware on computers in local networks. "Computer Inventory" allows system administrators to keep track of computers on the enterprise network, view the configurations of remote computers and lists of installed programs over the network, and track configuration and software changes. The program contains a powerful report generator. For example, you can create reports on the presence of certain programs on computers and their quantity. At planning upgrades can be created report containing computers with insufficient disk or RAM memory. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

- program for monitoring servers and computers on the network, allowing you to visually observe the current state of your network at any time. LANState monitors hosts on the network, monitors connections to network resources, monitors traffic, and signals various events. LANState contains many functions useful for network administrators: sending messages, shutting down remote computers, scanning hosts and ports, obtaining various information from remote computers (access to the registry, event log, etc.). Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

- program for monitoring servers and other network devices, monitors the performance of the network and notifies the administrator of problems. Find out in time about a failure that has occurred (connection loss, server disk space running out, service stop, etc.) and fix the problem with minimal loss of time. The program signals problems using sound, on-screen messages, by e-mail, and can launch external programs and services, as well as restart computers and services. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

- program for searching files on local network computers(via NetBios and FTP protocols). Enter a phrase or file masks and find the information you need. When viewing search results, found files can be immediately opened, saved to disk, or generated a report. The search uses multi-threaded technology, which significantly speeds up the work. You can set filters by file size and modification date. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

- program for monitoring network connections of users over the network to a shared folder and files, allows you to find out in time about connections of network users to your computer. The program beeps, displays alerts on the screen, and keeps a detailed log of connections, which records information about who and when connected to the computer’s network folders, what files were opened, etc. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

3.0 FREE!

- scanner for local networks, IP addresses and hosts. This free program allows you to scan your local network and detect active hosts, computers and servers. Supports scanning of IP address ranges and many protocols for detecting network devices (ICMP ping, searching for open TCP ports, NetBios, SNMP, UPnP, ...). If you have administrator rights, you can read a lot of useful information from Windows computers. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Sets of network programs for system administrators

Software suites for system administrators allow you to save money when purchasing several of our network programs or all at once. Get three programs for the price of two and so on. For example, when purchasing Full set of administrator programs in option " for the organization"(without restrictions on the number of workstations), consisting of our seven programs for network administrators, you can save up to 85,000 rubles or 30%!

Other utilities

- CD cataloger (CD, DVD). With its help, you will quickly find the files you need on the CDs and DVDs of your collection. SearchMyDiscs helps you organize your CD and DVD collections, allowing you to find the disc you need in a few seconds. If you are tired of searching for the right disk for a long time every time, this program is for you! Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

- Apache web server Raw log file analyzer. Creates various reports and histograms. The program has many settings and filters that will allow you to get accurate information about your site, downloaded files, and who is coming to you and from where. Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

Payment and delivery

When ordering programs by legal entities, payment by bank transfer is accepted. Invoices are issued electronically and an agreement is concluded. Electronic delivery: the distribution kit is downloaded from our website, registration keys are sent after payment by e-mail. After payment, the original contract and documents for accounting are sent to the buyer by mail.

Issue an invoice (indicate the required programs and types of licenses, your details and the name of the director for the agreement)

All our programs are also presented in the Softkey and AllSoft online stores (follow the “buy” links from our website).

Our clients: small and medium-sized businesses, government and budget institutions, hospitals, schools, colleges and institutes, banks, oil industry, telecoms.

Every system administrator sometimes has to service the computers of friends or make home visits. A proven set of utilities helps him in this matter. Our review will only talk about free ones that do not require installation and have become the de facto standard.

Autoruns

This program became the calling card of Mark Russinovich and the company Winternals Software (better known by its website name - Sysinternals.com), long ago absorbed by Microsoft. Now it is still developed by the author, but legally belongs to the technical department of Microsoft. The current version 13.3 was written in April 2015. With v.13.0, the program has not only become more convenient, it has received a number of new functions, in particular advanced filtering tools, integration with other system utilities and online services.

Autoruns displays the most complete and most detailed list of autorun components, regardless of their type. The utility shows how to load all drivers, programs (including system ones) and their modules by registry key. It even lists all Windows Explorer extensions, toolbars, startup services, and many other items that other similar programs usually miss.

Color-coding helps you quickly identify, from a list of hundreds of entries, standard components that are digitally signed by Microsoft, suspicious files, and erroneous strings that reference non-existent files. To disable the ability to autorun any component, simply uncheck the box next to it on the left.

Ghosts of autorun objects in Autoruns are highlighted in yellow

Some components are automatically loaded only when you log in with a specific account. In Autoruns, you can select the entries that correspond to each account and view them separately.

The command line mode also deserves attention. It is extremely convenient for exporting a list of startup items to a text file, creating advanced reports and selective anti-virus scanning of all suspicious objects. The full help can be read on the website, here I will give an example of a typical command:

Autorunsc -a blt -vrs -vt > C:\Autor.log
Here `autorunsc` is a program module launched in command line mode. The `-a` switch specifies that the objects to be checked are listed after it. In the example there are three of them: b - boot execute (that is, everything that is loaded after the system starts and before the user logs in); l - logon, user-specific startup components and t - scheduled jobs. If instead of enumerating blt you specify asterisk (*), then all startup objects will be checked.

The `-vrs` and `-vt` switches indicate the mode of operation with the VirusTotal online service. The first set specifies sending only those files that do not have a Microsoft digital signature and that have not previously been verified. If at least one antivirus out of fifty considers the file to be malicious, a detailed report will open in a separate browser tab. The second set of keys is needed so that each time you do not open a tab with the user agreement for using the VirusTotal service and do not have to confirm your agreement with it.

An Autorunsc report is typically tens or hundreds of kilobytes in size. It is inconvenient to read it on the screen, so in the example the output is redirected to a log file. This is a plain text format in UCS-2 Little Endian encoding. Here is an example of a recording from it with one false positive:

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Adobe Reader and Acrobat Manager Adobe Systems Incorporated 1.801.10.4720 c :\program files (x86)\common files\adobe\arm\1.0\adobearm.exe 11/20/2014 21:03 VT detection: 1/56 VT permalink: (link to VirusTotal report).

Two unsigned drivers turned out to be clean, and one signed driver had a VT reaction

Process Explorer

The GUI version of Autoruns can work together with another utility from the same author - Process Explorer (PE). If you first launch PE and then Autoruns, then in the latter’s menu additional items appear about viewing the properties of each active process from the autorun menu.

In the PE settings, you can specify the desired way to display all active processes: a simple list sorted by name or CPU load, or a tree list with dependencies. An option is also set there that allows you to check unknown files (detected by hash) in VirusTotal. If you turn it on, after a while the test result will appear on the right. All objects that are attacked by at least one antivirus will be highlighted in red.

When you press the window is divided horizontally, and the lower part displays complete information about the selected process and its actions in the system. Pressing will bring up an additional window with indicators of CPU, GPU, RAM load, I/O intensity, storage and network usage. For each component, the total load and the most resource-intensive process are displayed. For GPUs, it even shows the percentage of occupied video memory and the load on each chip, if there are several of them. This is especially true now, since many (malware) programs actively use video cards for non-graphical computing. This behavior is especially typical for Trojan cryptocurrency miners.

The test Trojan does not look suspicious yet, and four antiviruses are already complaining about µTorrent

By right-clicking on any process from the PE list, a context menu appears. It duplicates all the functions of the built-in task manager and adds several new ones. In particular, with one click you can send a file corresponding to a suspicious process for analysis to VirusTotal, search for its description on the Internet, make a dump or suspend execution. A paused process stops responding to any commands (including internal ones), and it becomes easier to analyze. After you have dealt with it, you can send the “resume” command through Process Explorer. Of course, unless absolutely necessary, you shouldn’t do this with system processes and utilities that perform low-level operations. It is better not to interrupt BIOS/UEFI flashing, changing disk layout, partition alignment and other similar operations.

Usually the title of each window indicates the name of the application that generated it, but it happens that they remain nameless. This is especially true for Trojans that imitate well-known programs or small dialog boxes with error codes. Process Explorer has a handy “find process by window” feature. Just click this button on the top panel and, holding down the left mouse button, move the cursor to the area of the strange window. The corresponding process will be automatically highlighted in the PE table.

Test Trojan suspended via Process Explorer

To take advantage of all the features of Process Explorer, you will need to run it with administrator rights and (in some cases) install Debugging Tools for Windows. They can be downloaded separately or downloaded as part of the Windows Driver Kit. The latest version of Process Explorer can be downloaded from the Microsoft website.

Unlocker

Without a doubt, Mark Russinovich is a real guru among the authors of system utilities for Windows, but his programs were created as universal tools. Sometimes it is worth using more highly specialized tools. Such as the creation of the French programmer Cedric Collomb. Its tiny Unlocker utility can do only one thing: unlock a file system object occupied by some process in order to regain control over it. Although the latest version was released in 2013, the program still performs its functions better than all analogues. For example, it allows you to unload dynamic libraries from memory, delete the index.dat file, work with file names that are prohibited in Windows, and perform most actions without rebooting.

Some process is blocking Safari from uninstalling

Unloker identifies handles to running processes that are currently blocking work with the desired file or directory. This locking is required to prevent mutual influence of applications in a multitasking environment. When the OS and programs are functioning normally, it prevents accidental deletion of used files, but sometimes errors occur. As a result of one of them, the application may freeze or remain in memory after closing the window. The file system object can then remain locked long after it is no longer needed.

Today, the list of active processes for the average user starts from fifty, so it can take a long time to search for zombies among them. Unlocker helps you immediately determine which process is blocking modification or deletion of a selected file or directory. Even if he cannot figure this out due to Win32 API limitations, he will offer to force the desired action: rename, move or delete the object.

Unlocker did not find the reason for the blocking, but can delete the recalcitrant file

Sometimes several programs can access the same directory at once, so several handles are identified among the processes blocking it. Unlocker has the ability to unblock everyone with one button.

Starting from version 1.9.0, 64-bit versions of Windows are supported. The utility can be integrated into the Explorer context menu or run in graphical mode as a portable application. You can also install Unlocker Assistant. It will hang in the tray and automatically call Unlocker whenever the user tries to manipulate a locked file. Running with the `-h` switch will display help about the command line mode. The utility is available in forty languages, although there is nothing special to translate in it - everything is already intuitive.

AVZ

Looking at the list of capabilities of the AVZ utility, I would like to call it analytical, not anti-virus. Oleg Zaitsev's tiny program has many irreplaceable functions that make the everyday tasks of an administrator and the life of an advanced user easier. It will help you perform a system scan, restore lost settings of built-in OS components to default settings, detect any changes since the last audit, find potential security problems, remove Trojan components from SPI Winsock and restore Internet connectivity, identify strange program behavior and detect level rootkits kernels.

AVZ contains many system analysis tools

Known malware is best removed using other antivirus scanners. AVZ is useful for fighting unknown evil, finding holes through which it can leak, and eliminating the consequences of infection. In most cases, AVZ allows you to do without reinstalling the OS, even after a severe virus attack.

You can use AVZ as a portable application, but the full set of functions of the utility will be revealed only if you install AVZPM - its own kernel mode driver. It controls all modules, drivers and active applications, allowing you to easily identify masquerading processes and any technologies for substituting their identifiers.

AVZGuard is another kernel mode driver that can be activated from the AVZ menu. It restricts access to active processes, suppressing anti-virus activity on the infected computer. This approach allows you to launch any application (including another antivirus) from the AVZ window in protected mode.

One of the clever countermeasures of malware remains the method of blocking its files and recreating elements deleted by the antivirus the next time the OS is loaded. Manually it can be partially avoided using Unlocker, but AVZ has its own technology - Boot Cleaner. This is another kernel mode driver that enhances Windows' built-in lazy uninstall on restart feature. It boots earlier, logs its results, and can delete registry entries as well as files.

The AVZ antivirus scanner itself also has a lot of know-how. It is able to scan alternative NTFS streams and speed up the scan by excluding files identified as safe by the Microsoft catalog or its own database. All threats can be searched by specific types - for example, immediately exclude the HackTool category. There are separate modules for searching for keyboard interceptors, ports opened by Trojan horses, and behavioral analysis. AVZ allows you to copy suspicious and deleted files to separate folders for their subsequent detailed study.

Creation of a detailed research protocol in AVZ

The requirement to send reports to AVZ and its “System Research” module has become standard practice in many virologist forums, where people turn to people for help in solving non-trivial problems.

Of course, an experienced administrator’s first aid kit may contain more than a dozen programs, but these four utilities will be enough to solve most problems. You can easily find the rest in the collections using the links provided in the article.

WARNING!
Using system utilities requires an understanding of the logic of their operation and the structure of the OS itself. Read the help before making changes to the registry or interfering with active processes.

Subscribe to "Hacker"

Autoruns

Ghosts of autorun objects in Autoruns are highlighted in yellow

Some components are automatically loaded only when you log in with a specific account. In Autoruns, you can select the entries that correspond to each account and view them separately.

Process Explorer

The test Trojan does not look suspicious yet, and four antiviruses are already complaining about µTorrent

Test Trojan suspended via Process Explorer

Unlocker

Some process is blocking Safari from uninstalling

Unlocker did not find the reason for the blocking, but can delete the recalcitrant file

Sometimes several programs can access the same directory at once, so several handles are identified among the processes blocking it. Unlocker has the ability to unblock everyone with one button.

AVZ

AVZ contains many system analysis tools

Creation of a detailed research protocol in AVZ

WARNING!
Using system utilities requires an understanding of the logic of their operation and the structure of the OS itself. Read the help before making changes to the registry or interfering with active processes.

Subscribe to "Hacker"

Built-in OS and software administration tools are often not always convenient or functional, so the system administrator's arsenal over time acquires useful utilities that simplify some tasks. However, many solutions are available completely free of charge and cover a variety of aspects of system administration: from configuring certain parameters, managing audit accounts, troubleshooting and backup. With their help, you can not only ensure the smooth operation of your IT infrastructure, but also make it more efficient and secure. Let's look at 15 of the most useful solutions affecting different areas of administration.

Advanced IP Scanner

The system administrator must know everything about the systems running on the network and quickly access them, but this cannot be done using Windows Network Neighborhood. This problem can be solved by the Advanced IP Scanner program (radmin.ru/products/ipscanner), designed for fast multi-threaded scanning of a local network. AIPS is provided completely free of charge, without any reservations. The program is very simple and easy to use. After starting, AIPS checks the IP network interfaces of the PC on which it is installed and automatically enters the IP range into the scanning settings; if you do not need to change the IP, then you just need to start the scanning operation. As a result, we get a list of all active network devices. For each, all possible information will be collected: MAC address, network card manufacturer, network name, user registered in the system, available shared resources and services (shared folders, HTTP, HTTPS and FTP). Almost all scanning parameters can be configured - change the speed, exclude scanning of a certain type of network resources (shared folders, HTTP, HTTPS and FTP) and the Radmin server. You can connect to any resource with one click; you just need to mark it in the list. AIPS is also integrated with the Radmin program and during the scanning process finds all machines with a running Radmin Server. The scanning result can be exported to a file (XML, HTML or CSV) or saved in “Favorites” (Drag&Drop supported) and then access the desired PC as needed without rescanning the network. If the remote device supports the Wake-On-Lan function, you can turn it on and off by selecting the appropriate menu item.
AIPS is supported on any computer running Windows; the program has the status Microsoft Platform Ready, Windows 7 Compatible.

NetWrix Inactive Users Tracker

NetWrix, a company specializing in developing solutions for auditing changes in IT infrastructure, offers system administrators 10 free and very useful utilities (goo.gl/sfQGX) that significantly simplify the administration of Windows OS. For example, NetWrix Inactive Users Tracker (goo.gl/jWEj9) allows you to solve one of the pressing security problems - the presence of inactive accounts that no one uses for some time (fired employees, business trips, reassignment, temporary, etc.) . The IT department is rarely notified of changes, but such an account could easily be used by an attacker or a fired employee could simply “return.” The utility periodically checks all accounts in domains and reports those that have not been accessed for a certain number of days. In the Free version, it is possible to specify only a warning by email as actions (it is enough to set the SMTP parameters), the admin performs all other operations manually, although a warning is enough in our case. Available in the paid version are automatic setting of a random password, deactivation of an account and moving to another OU and an OU filter to search for accounts. Separately, the PowerShell cmdlet get-NCInactiveUsers is offered, which allows you to get a list of inactive users (by checking the “lastLogon” attribute) and simplify the writing of corresponding scripts.

WinAudit Freeware

WinAudit is a free utility (including for commercial use) from Parmavex Services (pxserver.com/WinAudit.htm) that allows you to perform a full system audit. Does not require installation, can also be run on the command line. The program has a simple and localized interface and can run on all versions of Windows, including 64-bit. The data itself is collected for about a minute (may vary depending on the operating system and computer configuration), the resulting report consists of 30 categories (can be customized). As a result, the administrator can receive data: about the system, installed software and updates indicating the version and vendor, connected devices, a list of open network ports (number, service, program, etc.) and open folders, active sessions, security settings, access rights to peripherals , accounts and groups, list of tasks/services, startup programs, logs and system statistics (uptime, memory, disk usage) and much more. Essentially everything that is usually required in the process of work. You can also search for specific files by name. For example, to find music and videos on the user’s hard drives, simply set the appropriate extensions (avi, mp3, etc.). The result can be opened as a web page, exported to a file of many popular formats (xml, csv, pdf, text), database (using a wizard, all popular MS SQL, MS Access, MySQL, Oracle and others are supported), sent by email and print.

Computer accounting CheckCfg

The problem of accounting for office equipment and the software used is acute in any organization; it can be solved in different ways; one of the options is offered by the developer of CheckCfg (checkcfg.narod.ru) Andrey Tatukov. This solution periodically collects data about hardware, OS and programs, including CPU type, amount of RAM, disk space, S.M.A.R.T. status, information about modem connections, and more. At the same time, CheckCfg easily manages several hundred computers. The result is displayed in a convenient tree form, and local directories are easy to access. All PCs can be assigned an inventory number, and if necessary, it is easy to generate a report in RTF format. CheckCfg consists of several components. CheckCfg is responsible for directly collecting data about the computer, which starts when the OS starts and writes the result to a file. Management and archiving of information is carried out using the accounting program - Sklad, which processes the files created by CheckCfg and saves them into its database, after which reports can be generated. Using the Sklad_w program, you can view current computer configurations and basic data on office equipment (by IP addresses, CPU, Memory, software) in a convenient form. To analyze changes in the PC configuration and notify the administrator about this, another utility is used - Doberman. The setup may not seem entirely native, since you have to manually create the necessary configuration files, but the description on the site and the available templates allow you to figure everything out without any problems.
CheckCfg is distributed free of charge on an “as is” basis; without the consent of the author, only selling programs to third parties or changing program code is prohibited.

MailArchiva Open Source Edition

Business processes in any modern company, regardless of size, are unthinkable without email. This is a very convenient tool for exchanging information both within the enterprise and with external correspondents. Some mail servers like MS Exchange have mail archiving functions that allow you to find old messages if necessary, including when investigating incidents to identify leaks of confidential information. In other cases, you have to provide the necessary functions yourself. An option for a solution is the development of MailArchiva (mailarchiva.com), which provides the necessary functionality and is compatible with most modern mail servers, including Lotus Domino, MS Exchange, MDaemon, Postfix, Zimbra, Sendmail, Scalix, Google Apps and others. Archiving via SMTP, IMAP/POP3, WebDAV and through Milter protocols is possible (the program has a built-in SMTP and milter server, IMAP/POP client). To avoid collecting all mail, you can create any archiving rules. Three levels of access to saved data are implemented - user (only your own mail), administrator (settings and your own mail) and auditor (all mail, can be limited by rules). The OpenSource version of MailArchiva (openmailarchiva.sf.net) also includes intuitive search functions, including among attachments (Word, Powerpoint, Excel, OpenOffice, PDF, RTF, ZIP, tar, gz). MailArchiva runs on a variety of operating systems - Windows, Linux, OS X and FreeBSD.

Performance Analysis of Logs

In case of problems with system performance, it is very difficult to detect the bottleneck using the standard Windows Performance Monitor without experience. In order to understand what metrics need to be taken and how to correctly interpret the result, you will need to read the documentation. The PAL (Performance Analysis of Logs, pal.codeplex.com) utility greatly simplifies this task. Once launched, it looks at logs and analyzes them using built-in templates. Currently, there are settings for most popular MS products - IIS, MOSS, SQL Server, BizTalk, Exchange, Active Directory and others. After launch, the administrator in the PAL Wizard activates the necessary counters by simply selecting a template from the list of proposed ones, indicating the current server settings (number of CPUs, etc.), the analysis interval and the directory for saving the result. After launch, after some time it receives a detailed report in HTML and XML containing a description, counter name, and indicators (Min, Avg, MAx and Horly Trend). The report can then be easily copied into any document. The only thing is that you will still have to figure out the collected parameters yourself. Although if PAL shows that the characteristic is in the green sector, you definitely shouldn’t worry. The request itself is saved in the PowerShell script PAL.ps1, which can be saved for later use. Templates are XML files; using any one as an example, you can create your own. The built-in PAL Editor is available for editing parameters in the template.
Officially supported by Win7, but works on all OS from MS starting from WinXP (32/64). For installation you will need PowerShell v2.0+, MS .NET Framework 3.5SP1 and MS Chart Controls for Microsoft .NET Framework 3.5.

Create an access point with Virtual Router

The situation when a computer with a WiFi card needs to be turned into an access point is by no means uncommon today. For example, you need to quickly connect computers to your network or expand your WiFi coverage area. Initially, the network card was designed to operate in only one of two modes: point-to-point, when clients connect to each other, or as an access point. No other options were offered. But in Win7/2k8 (except Win7 Starter Edition), it became possible to virtualize network connections, when you can create several WiFi modules with their own settings using one physical WiFi adapter. That is, such a computer works on a wireless network and at the same time is also an access point. The corresponding technologies are called Virtual Wi-Fi (Intel has My WiFi), when one of the adapters can be configured in Software Access Point (SoftAP) mode. The connection to such a virtual hotspot is protected using WPA2. Most WiFi cards compatible with new operating systems usually support operation in this mode. You can turn a PC with Win7/2k8R2 into an access point using the Netsh console utility and through the Network and Sharing Center, although many do not like to bother with setting all the parameters. Therefore, we can recommend the Virtual Router application available in CodePlex (virtualrouter.codeplex.com) which has a clear GUI and very simple settings. After starting Virtual Router, you just need to specify the SSD and password for access, and then activate the access point. If necessary, you can also stop the hotspot by pressing one button. Additionally, the window displays the current connections to the point; for each you can set its own icon and change some parameters.

Managing RDC connections - RDCMan

To remotely manage servers and PCs running Windows, use the Remote Desktop Connection snap-in. If there are a lot of connections with different settings, then working with it is somewhat inconvenient. Instead of saving individual settings for each computer, you can use the free Remote Desktop Connection Manager (RDCMan) tool to somewhat automate this process. You can download RDCMan from goo.gl/QHNfQ. After launch, you should specify the RDG connection settings, which will be used by default and inherited by everyone. Here we set general credentials, gateway, screen settings, security settings and much more. Next, we create the required number of system groups (for example, by purpose, location, OS version, etc.) for each, specific connection settings are specified, different from the general ones and which will be inherited by those included in the PC. And the last step is to fill the groups with systems. To add a server, you should enter only its domain name, although if any parameter differs from the group settings, you can immediately override it. If necessary, systems can be easily moved between groups by dragging and dropping. If there are many systems, it is easier to prepare a text file by specifying one name per line, and then feed it to the utility. Now, to connect, just select the desired server and select Connect in the context menu. You can activate multiple connections at the same time by switching between them. If space is limited, the window can be easily detached. Any OS that supports RDC 6 and higher is suitable for operation.

Free Active Directory Tools

Managing many Active Directory parameters using standard tools is not always easy or convenient. In some situations, the Free Active Directory Tools (goo.gl/g11zU) utility kit, developed by ManageEngine and distributed free of charge, will help. The kit consists of 14 utilities launched from one shell. For convenience, they are divided into 6 groups: AD USer Report, SharePoint Report, User Management, Domain and DC Info, Diagnostic Tools and Session Management. For example, running Empty Password User Report will allow you to get a list of accounts with empty passwords, GetDuplicates will get accounts with the same attributes, CSVGenerator will save Active Directory account data in a CSV file. And also: a report on the last login time, obtaining data from AD based on a request, reports on SharePoint installations, managing local accounts, viewing and editing domain password policies, obtaining a list of domain controllers and their roles, managing their replication, monitoring their work (CPU load, RAM, hard drives, performance, etc.), DMS port status, terminal session management and much more. Installing and using FADT is very simple; some utilities require PowerShell to run. It should also be noted that ManageEngine offers several other packages useful for administrators, a list of which can be found on the company’s website.

Comodo Time Machine

The ability to restore the system using System Restore has been built into Win since XP, but its functionality is limited, to put it mildly, so third-party applications are often used for backup. The free utility Comodo Time Machine (comodo.com) allows you to roll back the OS to any previous state. Moreover, it will work even if the OS has completely stopped loading. During the process, CTM creates restore points (manually or scheduled) into which all changed system files, the registry, and user files are recorded. The latter has a big advantage over System Restore, which saves and restores only system files and the registry. The first copy takes up the largest space; the rest save only changed files. To save space, you should periodically create a new checkpoint by deleting old archives. To be able to restore the OS, information about the CTM is written to the boot sector; to call the corresponding menu, just press the Home key. You can also restore the OS state according to a schedule, for example, configure the behavior of the utility so that every time you reboot, it automatically rolls back to a “clean” version of the system. This will be useful, for example, in an Internet cafe, where users leave a lot of garbage in the system. In addition to a complete OS restore, you can get an earlier version of any file from the archive. Search is implemented, so you can find the necessary data without any problems.

Amanda

The problem of centralized backup of workstations and servers running Windows and *nix can be solved using AMANDA (Advanced Maryland Automatic Network Disk Archiver, amanda.org). Amanda was originally created to work with tape drives, but over time, modifications to “virtual tapes” (vtapes) appeared, allowing you to save collected data to hard drives and CD/DVD. AMANDA is a convenient add-on to the standard Unix dump/restore programs, GNU tar and some others. Therefore, its main characteristics should be considered based on the capabilities of these basic utilities. It works according to a client-server scheme. To access computers, all available authentication methods are used: Kerberos 4/5, OpenSSH, rsh, bsdtcp, bsdudp or Samba password. To collect data from Windows systems, a special agent or, as an option, Samba is also used. To collect data, it uses its own protocol running on top of UDP or TCP. Compression and encryption (GPG or amcrypt) of information can be done both directly on the client and on the server. All settings for reservation parameters are made exclusively on the server; the delivery includes ready-made templates, so it’s very easy to understand.

Core Configurator 2.0 for Server Core

The initial setup of a server running Win2k8R2 in Server Core mode is done in the console using commands, so beginners are not very fond of this mode. To simplify the task, OS developers added an interactive script SCONFIG.cmd that allows you to configure basic system parameters. But as they say, the best is the enemy of the good. Codeplex has a wonderful Core Configurator available (coreconfig.codeplex.com). For it to work you will need the components NetFx2-ServerCore, NetFx2-ServerCore and PowerShell. After running Start_CoreConfig.wsf, we get a menu in which we find several items that provide access to basic settings that would have to be managed from the command line: product activation, setting screen resolution, clock and time zones, network interface, setting permissions for remote RDP connections, managing local accounts, Windows Firewall settings, enabling/disabling WinRM, specifying the name of the computer, workgroup or domain, setting up roles and components, Hyper-V and running DCPROMO. Everything is in a very understandable form. If you check the Load at Windows startup checkbox, the program will load along with the system.

Exchange 2010 RBAC Manager

Exchange 2010 introduced a new role-based access model that allows very precise control of the level of privileges for users and administrators depending on the tasks performed and using three different methods for granting permissions. The only negative is that the built-in management tools using PowerShell cmdlets may not seem convenient and understandable to everyone. More advanced capabilities are available in the free Exchange 2010 RBAC Manager tool (RBAC Editor GUI, rbac.codeplex.com), which offers a clear graphical interface for configuring the properties of all roles. Even a beginner can probably figure out its features. The program was written in C# and uses Powershell. To work, you will also need Exchange 2010 Management Tools installed.

PowerGUI

It’s no secret that when PowerShell appeared, it immediately won the sympathy of Win-administrators, who had long demanded a similar tool that would automate many tasks. But as usual, in the first version we were not offered a clear editor, so several projects solved this gap. The best of them today is PowerGUI (powergui.org), provided completely free of charge, providing a convenient graphical interface for efficiently creating and debugging PowerShell scripts. A number of functions allow you to automate many tasks. At the same time, developers offer ready-made sets of scripts for solving many problems that can be used in their developments.

Multi-Tabbed PuTTY

The free PuTTY client is well known to administrators who need to connect to remote machines via SSH, Telnet or rlogin. This is a very convenient program that allows you to save session settings for quick connection to the selected system. PuTTY was originally developed for Windows, but was later ported to Unix. The only thing is that with a large number of connections, the desktop turns out to be loaded with many open windows. This problem is solved by the Multi-Tabbed PuTTY add-on (ttyplus.com/multi-tabbed-putty), which implements a tab system.