Working as a systems administrator
oftentimes requires you to interact with many different computers in a single
day. One minute you're dealing with cranky users complaining about slow
performance on their PCs and the next minute your soothing badly behaving
domain controllers.
Wouldn't you love it if you could
automatically discover and restart an FTP service before even 30 seconds of it
being down?
OpManager through over 500 built-in monitors, event log rules, SNMP traps and remote troubleshooting tools, gives admins a tight grip over Windows server performance, including even MS Exchange, SQL and Active Directory.
OpManager through over 500 built-in monitors, event log rules, SNMP traps and remote troubleshooting tools, gives admins a tight grip over Windows server performance, including even MS Exchange, SQL and Active Directory.
Having to interact with so many
different PCs makes it all the more advantageous to keep a core set of tools
with you at all times. Many useful tools can be run from a portable storage
device and some have even been specifically designed to run on portable storage
devices. The former are what I call "portable compatible" and the
latter can be considered "stealthy". That is, some apps can
work on a portable device but are likely to add edits to the local registry
while "stealthy" apps make no changes to the registry and ostensibly
leave no traces behind. With that said, here are 10 things that I believe every
Windows Administrator should have on their USB thumbdrives:
As of June 2009 there are 66 tools
in the suite. A thorough understanding of each of them is improbable (unless
your name is Cogswell or Russinovich), however some of them have more readily
understandable uses than others. For instance, Process Explorer allows you to
see deeply into each running process, its CPU history, which executable was
used to launch the program, where it is and what switches were used when
launching. PsExec allows you to run any process on a remote system. Ever wanted
to run another computer's command prompt from your machine? PsExec is the tool
to do it with! Conversely, PsKill can kill remote processes without having to
install a utility on the remote computer.
As a bonus, each of the Sysinternals
tools are available "live" at "live.sysinternals.com\tools"
which is essentially just a file share open to the internet. You can access any
of their tools from a command prompt or the run box by using a standard UNC
path like this: \\live.sysinternals.com\tools\[toolname]. Furthermore, since
it's a file share, you can map a drive to that UNC path and give it a drive
letter (thanks go to Ed Bott for cluing me in to that one). Even if you lose your thumbdrive you can still have easy
access to the latest and greatest sysinternals tools on any computer with a
network connection!
2.
Windows Support and Resource Kit Tools
There's a bit of confusion about
this topic. Before Vista and Server 2008, the resource kit tools were bundled
with their respective resource kit book series (E.g. the Windows XP Resource kit) but they could also be downloaded from Microsoft's web
site. The support kit tools were included with the OS installation media and
could also be downloaded from Microsoft's web site. Nowadays, while both Vista
and Server 2008 have resource kit tools, it seems that at the time of this
writing they can only be acquired through purchasing the Vista or Server 2008
Resource Kit book set.
Furthering the departure from
normalcy, it appears that the term "Support Tools" has been abandoned
in favor of the term "Remote Server Administration Tools" (RSAT).
Instead of downloading the toolset separately they are now "built in"
to Server 2008, but you have to add them first through the Add Features Wizard.
If you want to copy them to your USB drive, the only way that I know to
retrieve them is to install the category of RSAT tool that you want and then
search through WINDOWS\System32 for the desired tools. It seems that there is
no single collection of updated "Support Tools" (or RSATs as they're
now known) that you can download. If it sounds cumbersome to move the tools to
a thumbdrive it's because it is. If anyone else has a better way, please
comment! If you choose to use the Server 2003 / XP support tools you'll need to
unpack the support.cab file from the support\tools folder on the installation
media. My preference is to simply open it with Windows Explorer and drag 'n'
drop the entire cabinet file's contents into a folder on my USB stick. There
are several .dll, .vbs, .chm and other files included. The tools weren't
designed with portability in mind but they should work (I say
"should" since I haven't ever had to use each and every tool from a
portable device nor do I know anyone who has).
3.
All Purpose Network Scanner
Nary does a day go by that your
average admin doesn't have to scan a network, IP range or port scan a node.
Having a good network scanner handy can greatly expedite the network
troubleshooting process. I prefer to use SoftPerfect's Network Scanner which does not need an installer and can run without
administrator credentials.
Other key features include the
ability to list file shares (including hidden shares), send WoL packets, remote
shutdown PCs, detect your external IP address, scan for logged on users and
more. However, If you want something much more powerful that can do more
security oriented audits, you could use the portable version of nmap
3.8.
4.
Portable Web Browser
Having your own browser with its own
preferences and bookmarks is nice but having it available to you on any PC is
even nicer. There are portable versions of several of the popular
"non-portable" web browsers such as FireFox Portable and Opera-USB. Those two browsers specifically state that they do not
leave any personal data behind on the local system's hard drive. There are also
some more obscure offerings such as portable versions of Avant, Maxthon and Sleipnir. For even more security, you could try the xB Browser
from XeroBank.
The xB browser is designed to work with either the Tor network or the arguably
more secure XeroBank anonymity network.
"What about IE!" some may be howling. While there's no official portable version of Internet Explorer, there is a possible alternative. Using FireFox portable, you can install IE Tab and switch to the explorer rendering engine as needed. Using this method I was able to update an XP Pro machine using the Windows Update website (which rejects all browsers except Internet Explorer) using Firefox portable. However, I was unable to empirically test if IE tabs edits the registry (I suspect that it does). Whether traveling between a home and work computer, staying secure on a public machine or helping out Grandma with her new gaming rig you'll be happy to have a trusted web browser that's always there for you.
What Windows admin hasn't had to
deal with some kind of suspected malware infection regardless of whether or not
an anti virus product was in place? Servers or clients, it makes no difference.
Having some kind of anti malware detection program with you at all times is a
must. Originally coded by Merijn Bellekom
and later sold to Trend Micro, HijackThis has become one of the foremost tools
used in the fight against malware. While not a "stealthy" portable
app (it leaves registry edits behind) the .exe is completely self contained and
can run perfectly fine on a portable drive. Best of all it's completely free
and there is no EULA prohibiting it from being used in a business environment
like there is for other free anti-malware products (Adaware Personal and
MalwareBytes Anti-Malware, for example). The program's primary usage is
to scan key locations in the Windows registry and various places on your hard
drive and then make a log file of the entries and files that it finds. The
things that HijackThis finds may not be bad in and of themselves (in fact, most
are innocuous). The real power of HijackThis comes from the community of
volunteer logfile analyzers and the automated www.HijackThis.de web site.
HijackThis also includes some lesser
known features such as a startup list generator, process manager (similar to
task manager), the ability to delete a file on reboot, the ability to delete an
NT service, scanning for hidden data streams and an Add/Remove programs editor
(handy to delete entries for the occasional application that uninstalled but
didn't remove its entry in the Add/Remove Programs list). Because of the power
of HijackThis and the potential for disaster if you delete the wrong files,
please read some tutorials before you jump into it. This is an excellent guide to start with.
Wherever you go and whichever
computer you're using at the moment, the ability to create and edit a diverse
array of document types is crucial. You never know when you'll need to hand
craft a quick XML file, quickly modify your boardroom presentation or create a
spreadsheet that aids in the creation of scripts (similar to Coach Culbertson's
mass user creation script facilitated by an Excel spreadsheet in the Train Signal Windows
Server 2008 Active Directory training videos).
OpenOffice is the premier Open Source Office Suite for Windows, Linux and OS X
and, thanks to the folks at PortableApps.com, it now comes in a portable
format. It includes Writer (text document creator), Calc (spreadsheets),
Impress (slide presentation creator; think PowerPoint), Draw (self
explanatory), Math (mathematical formula creator) and Base (database creation
tool; think Microsoft Access). Open Office can open many document formats
including Office 2007 .docx and .xlsx files. It can also save files in Office
2000 format (no further up the Office version chain, though) as well as a host
of open formats.
7.
Terminal Emulator
Many devices (especially networking
equipment) have an RS-232 (Serial), SSH or Telnet interface (horrors!) that you
need to connect to in order to do some deep hacking. One of the more popular
terminal emulators is PuTTY and now it comes in a portable version: portaPuTTY.
PortaPuTTY has been conveniently modified to store configuration and session
data in flat files rather than the registry. There's also the similarly
named PuTTY Portable which is a PortableApps.com application.
The main PuTTY application has been
forked to produce KiTTY,
which itself is not portable. However, (you guessed it) it has been further
forked to produce its own portable version: Portable KiTTY.
KiTTY includes some more features than PuTTY so check the feature list to see
if they would actually be useful to you. Another free option is TunnelierPortable or TunnelierU3
(designed to work with U3 devices) which are based on Tunnelier from bitvise (which officially approves of these "fan projects"). However, make sure to
read the Tunnelier license
agreement to understand under what
circumstance you are obliged to purchase a license.
8.
Password Manager
Keeping track of passwords is hard
and as a result people tend to write passwords down on slips of paper and
"hide" them in a secure place (for the record, placing sticky notes
under your desk phone is not a secure place). As a result, many people reuse
the same password or small pool of passwords for many different accounts so
they won't forget them. Password managers can aid in the implementation of
better security by allowing you to have complex passwords for each account
without having a memory like Kim Peek. KeePass is an open source tool released under the GPLv2 license and
is one of the more popular password safes. Fortunately, it also comes in a portable edition. KeePass database files are encrypted with twofish or AES
256 encryption algorithms so if you lose the USB drive, it would be
exceptionally difficult for someone to crack the file. Version 2.0 of KeePass
supports keeping the password file on an HTTP/FTP server which could
conceivably increase the portable uses for the application. Another portable
password manager is the closed source RoboForm 2 Go.
It is offered in a U3 and a non U3
format. They even offer their own custom RoboForm USB key. RoboForm can fill in long
registration forms with one click, it can synchronize your passwords between computers
and it claims to be able to defeat keyloggers. There are two editions of
RoboForm 2 Go; a free version and a Pro version. The free version cannot be
used in a business environment for more than 30 days. Since RoboForm caters to
fillin gout long web forms it is designed to closely integrate with your web
browser in the form of a toolbar. It runs in the background from the portable
storage device with a SysTray icon being the only visible indicator of it's
existence outside of the browser. For even more portability, you can use the RoboForm
Online service that stores your passwords
in their cloud. There are many more password managers out there for you to
evaluate, but those are two of the more popular titles. Now you can have unique
massive passwords on your switches, domain controllers and other important
devices and not worry about being locked out because you can't remember
passwords that are more complex than the name of Star Trek characters.
9.
Remote Desktop / VNC client
The ability to remotely control a
distant PC is undeniably valuable. But what if you find yourself on an
unfamiliar computer? Wouldn't it be nice to have pre made RDP connections with
you wherever you go? Or have a familiar VNC client with you at alltimes? It
would be nice, however, there is a surprising dearth of portable RDP and VNC
clients available. TRAVEL@Clip
(yes, it's supposed to be typed that way) is one of those few.
TRAVEL@Clip is a $25USD program that
allows you to establish RDP connections (no VNC support) without the need for
administrator rights. It keeps all settings in an encrypted file on the USB
drive and does not make any changes to the host PC. It can save up to 9
separate connections. I was surprised that I was unable to find any stable
freeware/opensource portable RDP tools, so it looks like you'll have to spend a
little cash for RDP mobility. There is one possibility worth noting: ChrisControl. Intended
for use on a Windows PE disc, it is said to not write settings to the registry.
It purportedly allows you to connect to remote PCs via RDP or VNC. It was even
supposed to be able to install an UltraVNC server on the remote computer if it
wasn't already installed and uninstall it when you disconnect. That feature
sounded exciting and even reminded me of Dameware Mini Remote Control's remote
installation and uninstallation features… except for one important point:
Dameware works. I tried two versions of ChrisControl and was never able to get
it to work. Others on the web have stated that it worked fine for them. I only
mention it here because you might have better success with it or future
versions (if there are any) might make it work smoother. As for VNC tools that
are specifically designed for portability, well, if there are any they're well
hidden. It seems that most of the major VNC viewer applications are
"portable compatibe" meaning that they will work from a portable
storage device but none of them are advertised to not touch the local machine's
registry. That may or may not be acceptable in your environment. The various
major VNC viewer applications are Tight VNC Viewer (look for the package with the description "Viewer
executable, does not require installation"), Real VNC viewer
and UltraVNC Viewer.
10.
Network Protocol Analyzer
Wireshark, seemingly everyone's
favorite protocol analyzer (Although Microsoft's Network Monitor is pretty cool
too), now comes in portable format. Well… pseudo-portable. For Wireshark to work it needs the
Winpcap package to be installed. Every time you launch Wireshark portable it
checks to see if the Winpcap driver is installed and if it isn't it asks to
install Winpcap (of course, you'll need proper permissions on the computer to
do that). When you exit Wireshark portable, it courteously uninstalls Winpcap
in an attempt at leaving the computer as untouched as it possibly can. If you
can live with those caveats, then you can wade knee deep in raw streams of
network traffic on any computer you touch. If you can't live with that, you'll
have to use a tool that utilizes a method called "Raw Sockets" which
has some limitations but should be fine for most situations. IP Sniffer is a decent utility that utilizes raw sockets. Another raw
sockets option is NirSoft's SmartSniff.
I'm sure that if you include those
10 things on your thumbdrive you'll be solving problems quicker, saving the day
more often and hopefully getting home earlier. Since thumbdrives can be easily
lost, consider creating a script using Task Scheduler and RoboCopy (built-in to
Vista and Server 2008, included in the Server 2003 Resource Kit tools) to
periodically create a backup. For even more portable applications you might
want to look into the PortableApps project which has a huge collection of applications that are said
to leave no traces of themselves whatsoever on the host computer. Who wouldn't
want to be able to play Sudoku from their thumbdrive? Enjoy!
