starclick

Friday, 12 February 2016

21 Windows Administrative Tools Explained

administrative-tools-folder-on-windows-8.1[4]
Windows is packed full of system tools, and many of them are in the Administrative Tools folder. The tools here are more powerful and complex, so they’re hidden where most Windows users won’t stumble across them.
Some of these tools are only available on Professional or Enterprise versions of Windows, not the “core” or Home versions of Windows 8.1, 8, and 7. The list of tools here is from a Windows 8.1 Professional system.

Component Services

                     More Article
The Component Services tool allows you configure and administrator COM components and COM+applications. If you don’t know what this means, you don’t need this tool. Most Windows users should never need to touch this, which is why it’s buried here in the Administrative Tools folder.
component-services-administrative-tool[4]

Computer Management

                                 More Article
The Computer Management application provides a variety of tools in one window. For example, the Shared Folders and Local Users and Groups tools provide you with a more powerful interface for viewing and managing shared folders and groups on your PC. The Disk Management drive partitioning tool is also available here.
Some of the tools here — such as the Task Schedule, Event Viewer, and Performance tools — also have their own shortcuts in the Administrative Tools folder.
computer-management-administrative-tool[4]

Defragment and Optimize Drives

This is the standard Disk Defragmenter tool most Windows users are familiar with. On Windows 8 and 8.1, it’s named Optimize Drives and can also optimize solid-state drives as well as defragment mechanical drives. Windows defragments your drives automatically, so you shouldn’t need to run the tool on your own.
windows-8.1-defragment-and-optimize-dries

Disk Cleanup


                               More Article
Every Windows user can benefit rom the Disk Cleanup tool, so it’s a bit out-of-place here. This tool scans your system for unnecessary files — temporary files, Windows update uninstallation files, and other junk — and can quickly remove them to free up space.
disk-cleanup-on-windows-8.1

Event Viewer

The Event Viewer displays the Windows event log. Applications, services, and Windows itself write messages to the event log. Viewing the log can sometimes help you identify a problem and look up a specific error message, but most of the messages here aren’t important.
The Windows tech support phone call scam relies on the Event Viewer to scare users. Don’t fall for the tricks — it’s normal to see error messages in here.
windows-8.1-event-viewer[4]

iSCSI Initiator

This tool allows you to connect to an iSCSI-based storage array through an Ethernet cable. Unless you need to connect to iSCSI storage arrays in a data center, you won’t need this tool.
what-is-iscsi-initiator[4]

Local Security Policy

Security policies are combinations of security settings that help lock down a PC. The Local Security Policy tool allows you to set security policies on your current computer. For example, you can use password polices to set a minimum password length or force users to change their password regularly.
local-security-policy-tool

ODBC Data Sources (32-bit) & ODBC Data Sources (64-bit)

Open Database Connectivity (ODBC) is a standard that allows ODBC-compliant applications to communicate with each other. For example, you could move data back and forth between Microsoft Access and another ODBC-enabled application. This requires the appropriate ODBC drivers installed on the system. The ODBC Data Sources tool allows you to set up ODBC drivers and data sources. You’ll know if you need this — most people won’t.
On 64-bit versions of Windows, you’ll have both 32-bit and 64-bit versions of this tool. This allows you to manage the data sources used by both 32-bit and 64-bit applications.
odbc-data-sources-tool-windows-8.1

Performance Monitor

The Performance Monitor tool allows you to generate performance and system diagnostic reports. While this tool can be interesting, it’s clearly more intended for system administrators than for average Windows users.
windows-8.1-performance-monitor-tool

Print Management

The Print Management window provides a more powerful, detailed interface for viewing and managing printers on your system. Unlike the Control Panel, you can also see which printer drivers are installed on your system and browse printers by whether they have print jobs or not. You can also view and manage print servers from here.
print-management-administrative-tool

Resource Monitor


                                   More Article
The Resource Monitor tool displays information about your hardware resource usage — CPU, disk, network, and memory. The tool also breaks down usage by application, so you can see which applications are writing to your disk drive or which running processes are using the most network bandwidth.
windows-8.1-resource-monitor

Services

            More Article                          

The Services tool displays the services installed on your Windows system and allows you to manage them. Services are low-level programs that run in the background. Many of these services are included with Windows and perform essential system tasks.
We don’t recommend disabling services — you won’t see a noticeable speed-up with modern systems. You could also cause problems if you disable necessary services.
windows-8.1-services-tool

System Configuration

The System Configuration window is the same as the MSConfig tool you can use to tweak your startup and boot settings. On Windows 7, it can also be used to manage startup programs — but you should use the startup manager integrated into the Task Manager on Windows 8 and 8.1.
system-configuration-or-msconfig-administrative-tool[4]

System Information

The System Information window displays information about the hardware components installed in your computer and your Windows configuration. You can view the exact model numbers of your hardware components from here. It’s not the most user-friendly hardware listing tool, but it is integrated into Windows.
This tool also shows you some information about your Windows system — for example, you can see a list of environment variables and their values.
system-information-tool-on-windows

Task Scheduler


           More Article
Windows uses the Task Scheduler to automatically run processes at scheduled times. The Task Scheduler application allows you to set your own programs to run on a schedule, view your system’s scheduled tasks, and manage them.
task-scheduler-windows-8.1

Windows Firewall with Advanced Security

The Windows Firewall may seem like a simple tool, but it’s actually very powerful. The advanced firewall configuration application allows you to create and manage advanced firewall rules. For example, you could use this tool to block specific applications from connecting to the Internet or only allow connections to a server program from a specific IP address.
windows-firewall-with-advanced-security

Windows Memory Diagnostic

The memory diagnostic tool checks your random access memory (RAM) for defects. Run it and your computer will restart.
This tool works like memtest86+ — it writes data to different sectors of your RAM and reads it back. If it gets different data back, it knows your RAM is malfunctioning. This is usually a hardware problem and can generally be solved by replacing at least one stick of RAM.
windows-memory-diagnostic-tool

Windows PowerShell (x86)

PowerShell is an advanced scripting environment. For people who actually need a command-line interface on Windows, PowerShell is a powerful successor to the Windows Command Prompt. If you don’t need a powerful command-line interface, this isn’t for you.
windows-powershell-on-windows-8.1[4]

Windows PowerShell ISE (x86) & Windows PowerShell ISE


          More Article
The PowerShell Integrated Scripting Environment (ISE) provides a graphical interface on top of PowerShell. This tool was added later and provides a more powerful, full-featured interface than the standard PowerShell console.
Both 32-bit (the “x86” version) and 64-bit versions are available if you’re using a 64-bit version of Windows.
what-is-windows-powershell-ise

Many of the tools here shouldn’t be tampered with unless you know what you’re doing. For example, you could disable important system services or scheduled tasks, causing problems with Windows.

Advanced System Administrator Commands

ASSOC

assoccmd2
Most files in Windows are associated with a specific program that is assigned to open the file by default. At times, remembering these associations can become confusing. You can remind yourself by entering the command “assoc” to display a full list of file extensions and the programs they’re connected with.
You can also extend the command to change file associations. For example, “assoc .txt=” will change the file association for text files to whatever program you enter after the equal sign. The ASSOC command itself will reveal both the extension names and program names, which will help you properly use this command. You can probably do this more easily in the GUI, but the command line interface is a perfectly functional alternative.

Cipher

ciphercmd
Deleting files on a mechanical hard drive doesn’t really delete them at all. Instead, it marks the files as no longer accessible and the space they took up as free. The files remain recoverable until they’re overwritten with new data, which can take some time.
The cipher command, however, can be used to wipe a directory by writing random data to it. To wipe your C drive, for example, you’d use the command “cipher /w:c”, which will wipe free space on the drive. The command does not overwrite undeleted data, so you will not wipe out files you need by running this command.
There’s also a host of other cipher commands, however, they are generally redundant with Bitlocker enabled versions of Windows.

Driverquery

driverquerycmd
Drivers remain among the most important software installed on a PC.Improperly configured or missing drivers can cause all sorts of trouble, so its good to have access to a list of what’s on your PC. That’s exactly what the “driverquery” command does. You can extend it to “driverquery -v” to obtain more information including the directory in which the driver is installed.

File Compare

This command can be used to identify differences in text between two files, and is particularly useful for writers and programmers trying to find small changes between two versions of a file. Simply type “fc” and then the directory path and file name of the two files you want to compare.
fccmd
You can also extend the command in several ways. Typing “/b” compares only binary output, “/c” disregards the case of text in the comparison, and “/l” only compares ASCII text.
So, for example, you could use the following:
fc /l "C:\Program Files (x86)\example1.doc" "C:\Program Files (x86)\example2.doc"
to compare ASCII text in two word documents.

Ipconfig

This command relays the IP address that your computer is currently using. However, if you’re behind a router (like most computers today), you’ll instead receive the local network address of the router.
Still, ipconfig is useful because of its extensions. “ipconfig /release” followed by “ipconfig /renew” can force your Windows PC into asking for a new IP address, which is useful if your computer claims one isn’t available. You can also use “ipconfig /flushdns” to refresh your DNS address. These commands are great if the Windows network troubleshooter chokes, which does happen on occasion.

Netstat

Entering the command “netstat -an” will provide you with a list of currently open ports and related IP addresses. You’ll also be told what state the port is in – listening, established or closed. This is a great command if you’re trying to troubleshoot the devices your PC is connected to or you’re afraid you’re infected with a Trojan and are trying to locate a malicious connection.

Ping

pingcmd
Sometimes, you need to know whether or not packets are making it to a specific networked device. That’s where ping comes in handy. Typing “ping” followed by an IP address or web domain will send a series of test packets to the specified address. If they arrive and are returned, you know the device is capable of communicating with your PC; if it fails, you know that there’s something blocking communication between the device and your computer. This can help you decide if an issue is caused by improper configuration or a failure of network hardware.

Pathping

This is a more advanced version of ping that’s useful if there are multiple routers between your PC and the device you’re testing. Like ping, you use this command by typing “pathping” followed by the IP address, but unlike ping, pathping also relays some information about the route the test packets take.

Tracert

tracertcmd
The “tracert” command is similar to pathping. Once again, type “tracert” followed by the IP address or domain you’d like to trace. You’ll receive information about each step in the route between your PC and the target. Unlike pathping, however, tracert also tracks how much time (in milliseconds) each hop between servers or devices takes.

Powercfg

Powercfg is a very powerful command for managing and tracking how your computer uses energy. You can use the command “powercfg /hibernate on” and “powercfg /hibernate off” to manage hibernation, and you can also use the command “powercfg /a” to view the power-saving states currently available on your PC.
Another useful command is “powercfg /devicequery s1_supported” which displays a list of devices on your computer that support connected standby. When enabled, these devices can be used to bring your computer out of standby – even remotely. You can enable this by selecting the device in Device Manager, opening its properties, going to the Power Management tab and then checking the “Allow this device to wake the computer” box.
“Powercfg /lastwake” will show you what device last woke your PC from a sleep state. You can use this command to troubleshoot your PC if it seems to wake from sleep at random.
powercfgcmd
The “powercfg /energy” command can be used to build a detailed power consumption report for your PC, which is output to a directory indicated after the command finishes. This report will let you know of any system faults that might increase power consumption, like devices that are blocking certain sleep modes, or which aren’t properly configured to respond to your power management settings.
Windows 8 added “powercfg /batteryreport”, which provides a detailed analysis of battery use, if applicable. Normally output to your Windows user directory, the report provides details about the time and length of charge and discharge cycles, lifetime average battery life, and estimated battery capacity.

Shutdown

As of Windows 8/8.1 there is now a shutdown command that – you guessed it! – shuts down your computer. This is of course redundant with the already easily accessed shutdown button, but what’s not redundant is the “shutdown /r /o” command, which restarts your PC and launches the Advanced Start Options menu, which is where you can access Safe Mode and Windows recovery utilities. This is useful if you want to restart your computer for troubleshooting purposes.

System File Checker

System File Checker is an automatic scan and repair tool that focuses on Windows system files. You will need to run the command prompt with administrator privileges and enter the command “sfc /scannow”. If any corrupt or missing files are found, they’ll be automatically replaced using cached copies kept by Windows for just that purpose. The command can require a half-hour to run on older notebooks.

Recovery Image

recimgcmd
Virtually all Windows 8/8.1 computers ship from the factory with a recovery image, but the image may include bloatware you’d rather not have re-installed. Once you’ve un-installed the software you can create a new image using the “recimg” command. Entering this command presents a very detailed explanation of how to use it. You must have administrator privileges to use the recimg command, and you can only access the custom recovery image you create via the Windows 8 “refresh” feature.

Tasklist

The “tasklist” command can be used to provide a current list of all tasks running on your PC. Though somewhat redundant with Task Manager, the command may sometimes find tasks hidden from view in that utility.
tasklist
There’s also a wide range of modifiers. “Tasklist -svc” shows services related to each task, “tasklist -v” can be used to obtain more detail on each task, and “tasklist -m” can be used to locate .dll files associated with active tasks. These commands are useful for advanced troubleshooting.

Taskkill

Tasks that appear in the “tasklist” command will have an executable and process ID (a four-digit number) associated with them. You can force stop a program using “taskkill -im” followed by the executable’s name, or “taskkill -pid” followed by the process ID. Again, this is a bit redundant with Task Manager, but may be used to kill otherwise unresponsive or hidden programs.

10 Windows 7 commands every administrator should know

1: System File Checker

Malicious software will often attempt to replace core system files with modified versions in an effort to take control of the system. The System File Checker can be used to verify the integrity of the Windows system files. If any of the files are found to be missing or corrupt, they will be replaced. You can run the System File Checker by using this command:
sfc /scannow

2: File Signature Verification

One way to verify the integrity of a system is to make sure that all the system files are digitally signed. You can accomplish this with the File Signature Verification tool. This tool is launched from the command line but uses a GUI interface. It will tell you which system files are signed and which aren't. As a rule, all the system files should be digitally signed, although some hardware vendors don't sign driver files. The command used to launch the File Signature Verification tool is:
sigverif

3: Driverquery

Incorrect device drivers can lead to any number of system problems. If you want to see which drivers are installed on a Windows 7 system, you can do so by running the driverquery tool. This simple command-line tool provides information about each driver that is being used. The command is:
driverquery
If you need a bit more information, you can append the -v switch. Another option is to append the -si switch, which causes the tool to display signature information for the drivers. Here's how they look:
driverquery -v
driverquery -si

4: Nslookup

The nslookup tool can help you to verify that DNS name resolution is working correctly. When you run nslookup against a host name, the tool will show you how the name was resolved, as well as which DNS server was used during the lookup. This tool can be extremely helpful when troubleshooting problems related to legacy DNS records that still exist but that are no longer correct.
To use this tool, just enter the nslookup command, followed by the name of the host you want to resolve. For example:
nslookup dc1.contoso.com

5: Ping

Ping is probably the simplest of all diagnostic commands. It's used to verify basic TCP/IP connectivity to a network host. To use it, simply enter the command, followed by the name or IP address of the host you want to test. For example:
ping 192.168.1.1
Keep in mind that this command will work only if Internet Control Message Protocol (ICMP) traffic is allowed to pass between the two machines. If at any point a firewall is blocking ICMP traffic, the ping will fail.

6: Pathping

Ping does a good job of telling you whether two machines can communicate with one another over TCP/IP, but if a ping does fail, you won't receive any information regarding the nature of the failure. This is where the pathping utility comes in.
Pathping is designed for environments in which one or more routers exist between hosts. It sends a series of packets to each router that's in the path to the destination host in an effort to determine whether the router is performing slowly or dropping packets. At its simplest, the syntax for pathping is identical to that of the ping command (although there are some optional switches you can use). The command looks like this:
pathping 192.168.1.1

7: Ipconfig

The ipconfig command is used to view or modify a computer's IP addresses. For example, if you wanted to view a Windows 7 system's full IP configuration, you could use the following command:
ipconfig /all
Assuming that the system has acquired its IP address from a DHCP server, you can use the ipconfig command to release and then renew the IP address. Doing so involves using the following commands:
ipconfig /release
ipconfig /renew
Another handy thing you can do with ipconfig is flush the DNS resolver cache. This can be helpful when a system is resolving DNS addresses incorrectly. You can flush the DNS cache by using this command:
ipconfig /flushdns

8: Repair-bde

If a drive that is encrypted with BitLocker has problems, you can sometimes recover the data using a utility called repair-bde. To use this command, you will need a destination drive to which the recovered data can be written, as well as your BitLocker recovery key or recovery password. The basic syntax for this command is:
repair-bde <source> <destination> -rk | rp <source>
You must specify the source drive, the destination drive, and either the rk (recovery key) or the rp (recovery password) switch, along with the path to the recovery key or the recovery password. Here are two examples of how to use this utility:
repair-bde c: d: -rk e:\recovery.bek
repair-bde c: d: -rp 111111-111111-111111-111111-111111-111111

9: Tasklist

The tasklist command is designed to provide information about the tasks that are running on a Windows 7 system. At its most basic, you can enter the following command:
tasklist
The tasklist command has numerous optional switches, but there are a couple I want to mention. One is the -m switch, which causes tasklist to display all the DLL modules associated with a task. The other is the -svc switch, which lists the services that support each task. Here's how they look:
tasklist -m
tasklist -svc

10: Taskkill

The taskkill command terminates a task, either by name (which is referred to as the image name) or by process ID. The syntax for this command is simple. You must follow the taskkill command with -pid (process ID) or -im (image name) and the name or process ID of the task that you want to terminate. Here are two examples of how this command works:
taskkill -pid 4104
taskkill -im iexplore.exe

Every Admin Should Know These Commands Active Directory 1.   To quickly list all the groups in your domain, with members, run this c...