Home » Windows»Handy Tools

This is a brief listing of some rather useful utilities for IT people.


Part of the PSUtils package from Sysinternals - PsExec can give you a remote command shell on a Windows computer. It has some scripting capabilities, which is handy if you need to run, say 'del c:\windows\temp\rc4.key' on 200 computers. Some antivirus programs (notably McAfee) will detect this as a PUP (potentially unwanted program) - if you've enabled that option in the scanner.


Netcat was originally written by the renowned security specialist at l0pht. It has a large array of uses, notably that it can listen on any given port and pipe the data to a process. I often find this useful for determining which ports are open on a firewall.
You can get NetCat for Windows from VulnWatch or for Linux from Sourceforge.


More utilities from Sysinternals. I've grouped these two together, as they do basically the same task for different things. Filemon monitors access to the filesystem, while Regmon monitors access to the registry. Procmon (Process Monitor) does both, as well as thread profiling and a limited amount of network monitoring (as TDIMon did). These utilities are invaluable for troubleshooting applications. If you have some program which isn't behaving itself, you can use the utilities to find out if there's a file that can't be openend, or perhaps a registry key the user doesn't have permissions to write to.
You can get both of these, and PSExec from the Sysinternals Page at Microsoft.com.


NMap is my weapon of choice when I need to do a pingsweep or a portscan. In an organisation with no maintained listing of static IP addresses, it's quite a godsend for discovering unused addresses. It's also very good at determining which OS is running on remote computers. Again, some antivirus programs (again, notably McAfee) will detect NMap is a 'PUP' - if you've enabled that part of the scanner.
You can get NMap from Insecure.Org.

GNU Win32 Tools

The GNUWin32 Tools are a collection of UNIX utilities, ported to Windows. Whilst they're all more useful in a UNIX environment than they are in Windows, there's some gems to be had. For example, the utilities sed, grep and awk offer you some powerful ways to find and replace text in files. Got 20 INI files that you need to replace an IP address in? No problem. Got 500 HTML files you need to change one line in? Easy.
Also, there's utilities to compress files using formats like ZIP and GZIP. Okay, so you can create ZIP files in Windows XP, but you can't do it from the command line, so you can't script it. Now you can.
Another favourite of mine is wget, which will just go and grab the contents of a webpage (or pages) and save it to disk. Very handy if you want to take a quick copy of some web pages to read on the train, but can't be bothered to fire up your web browser.
You can get them from the GNUWin32 Sourceforge Site.


Blat.exe is available from blat.net. It's very useful for a simple drop-in command line emailler. If you have a batchfile script, and you want it to be able to email you (perhaps to tell you there's a problem), blat is a nice easy way to do this.
You'll have to provide it an SMTP server which it is allowed to relay through, and you'll probably want to alter the ACLs on it so that only specific user accounts can execute it.

WinDirStat (and friends)

Disk space issues can be a bit tricky sometimes, but fortunately WinDirStat is here to help. It pretty much does what it says on the tin - showing you which directories are eating up your disk space. It's GPL'd, so won't cost you anything - unlike TreeSizePro and ShowMan. If you're a Java fan, you might prefer JDiskReport, although installing a Java VM on all your servers may get you fired.

As much as I like ShowMan.exe, at £34.95 per single user commercial licence, it doesn't scale well to large support departments with 10,000 servers. I've taken to using the GPL'd WinDirStat, and just keeping a copy of the WinDirStat.exe file handy. It works fine if you just run it, you don't need to go through the whole installer package routine.


Sometimes there's just no substitute for taking a packet capture to see what's really going on. WireShark provides a full sniffing capability for when netstat just doesn't give you enough information.


LogParser is available from Microsoft Technet, and is extremely useful for analysis of multiple logs. It isn't limited to the Windows event logs, but is also capable of looking through plain text, CSV and XML formatted logs. It also has the ability to make pretty HTML reports and charts based on what it finds. There's also a handy Vista Logparser Gadget.


Fiddler2 describes itself as a web debugging proxy. It does pretty much what it says on the tin, showing you all the requests and responses made by your web browser (or indeed anything you set up to use it as a proxy server). It even handles HTTPS traffic, which is incredibly useful. I've used it many a time to diagnose website/proxy server problems. Alternatively - you may prefer WebScarab, which scores extra points for being open-source, but loses several thousand points for being written in Java.


WinDBG is part of the Debugging Tools for Windows, which can be installed as part of the Windows SDK. If you are experiencing blue screens, hangs - or have a misbehaving application, WinDBG is an invaluable weapon in your arsenal. To paraphrase Raymond Chen - don't theorise over why your process is crying - plug in the debugger and find out why it's crying.

Pale Moon

OK, so it's not really a tool, but a web browser - but I like it for its 64-bit support, as well as being tweaked with performance in mind. There's also a portable version available. You can get Pale Moon from palemoon.org.

Browser Add-Ons

I also use the some add-ons (Pale Moon runs most Firefox add-ons/extentions) with Pale Moon:


Firebug is very useful for exploring how web sites are put together, and lets you alter the source, styles and scripts on the fly.


There is little worse than a webpage which automatically starts playing audio the moment it is loaded. It's not big, clever or funny. Or welcome.
So I use an add-on called Muter, which ensures that the screams of tiresome background music are silenced until I decide otherwise.

Web of Trust (aka MyWoT Safe Browsing Tool)

This add-on works with the Web of Trust site to alert you when visiting sites which have a poor reputation. You can sign up for an account and rate sites yourself, but don't try to abuse the capability, as it won't budge the score in the slightest. You have to take the ratings with a bit of a pinch of salt, as the community doesn't limit itself to flagging up malicious sites, but also to red-flagging any sites they think you shouldn't be looking at. So some controversial political opinions will be flagged red as "misleading claims or unethical". That said, if you're about to follow a link, and you see a red circle next to it, you'll know to think twice. You can get the add-on from mywot.com.


I find Flash content can be almost as annoying as audio that automatically starts playing when a page loads. To deal with Flash, I use Flashblock. When installed, it shows a placeholder "play" button in place of the flash content, which you can optionally use to start the flash content, should you decide you that want it. Unlike PrefBar, this add-on lets you enable/disable individual flash applets, as and when you want.


PrefBar lets you turn off things like JavaScript and Flash, and even the loading of images. It also lets you change the User Agent string which is sent by the browser, and stop the HTTP referer header from being sent.


Doing for scripts what Flashblock does for Flash. Whereas Prefbar lets you disable JavaScript entirely, NoScript lets you selectively enable scripts on the fly. It can take a bit of getting used to, as at first, it seems that nearly everything you visit will pop up warnings about blocked scripts, and pages will fail to render correctly. But after a while, adding some scripts to the whitelist as you go, you don't notice it so much; especially if you configure it to hide the notification bar after a few seconds (or just disable it).