To help system administrators get their jobs done better and more easily, we’ve put together a list of the top 10 free sysadmin tools for Windows server management, monitoring, backup and troubleshooting. Here are the free system administrator tools for Windows that made our top 10 list:
- Wireshark and Microsoft Message Analyzer
- PowerShell ISE and its Script Browser and Script Analyzer Add-ons
- RSAT Tools for Windows 10
Tools from the Sysinternals Suite
- System Monitor (Sysmon)
- Process Explorer
- Process Monitor
- Notepad ++
- Netwrix Account Lockout Examiner
- Process Hacker
1. Wireshark and Microsoft Message Analyzer
Wireshark is a well-known network traffic monitoring tool. It works with the overwhelming majority of known protocols, and it has both a clear and logical graphical interface based on GTK + and a powerful filter system. Moreover, it is cross-platform, working under Linux, Solaris, FreeBSD, NetBSD, OpenBSD, Mac OS X, and, of course, Windows. Wireshark reveals the smallest details of network traffic and network protocols. If you have the necessary knowledge, you can effectively troubleshoot and diagnose a variety of problems that arise in the network using Wireshark.
It’s worth mentioning a less popular alternative to Wireshark — Microsoft’s Message Analyzer (MMA). Message Analyzer can also capture, display and analyze network traffic, but its killer feature is that in addition to network traces, it also reports on system call traces, so you can correlate what installed applications are doing with what is happening on the network. Message Analyzer also enables you to save and reload captures, aggregate saved captures, and analyze data from trace files.
You can use Microsoft Message Analyzer in a variety of scenarios:
- Capture network traffic for security review. You can capture and save all the network traffic on a network segment so you can analyze it to identify potentially malicious packets.
- Troubleshooting application issues. Some applications, such as Skype, use a variety of ports and protocols to provide different communication services. If server application cannot communicate with clients, Message Analyzer can capture the communication attempts and potentially identify the issue that is blocking them.
- Troubleshooting network and firewall configuration You can use Message Analyzer to capture the communication between network hosts. If a network host does not receive an anticipated response, you can determine where the communication is failing and potentially pinpoint the network or firewall configuration that is preventing the response.
Clonezilla is free, open-source tool designed to clone disks and individual hard disk partitions, as well as facilitate system backup and disaster recovery. There are two types of Clonezilla available: Clonezilla live (for single machine backup and restore) and Clonezilla SE (the server edition for larger deployments).
Clonezilla is a very fast backup and cloning application. After LiveCD boot up, you simply hit ENTER a few times and it starts backing up partitions or an entire HDD to another HDD, which can be an external USB drive. Clonezilla supports the following file systems: FAT, NTFS, ext2, ext3, ext4, reiserfs, reiser4, XFS, JFS, JFS, VMFS and HFS +. Clonezilla is awesome for one-time reservation operations. However, it does not distinguish software RAID; it breaks it into separate devices.
Clonezilla SE helps out, for example, when dozens of PCs of the same type have no OS. You can install the OS and other required software on the first PC, take a snapshot, and then deploy the snapshot to the other PCs across on the network. In addition, Clonezilla SE can back up PCs over the network at night or any time you want.
3. PowerShell ISE and its Script Browser and Script Analyzer Add-Ons
The PowerShell console is an interactive environment built on the .NET Framework that enables you to run various commands in real time. It is designed specifically for system administrators and power-users who need to automate the administration of operating systems (Linux, macOS, Unix and Windows) and the processes related to the apps that run on those operating systems. In addition you can run cmd.exe commands in PowerShell environment.
The PowerShell ISE looks and functions the same as the cmd.exe. All your frequently used utilities, such as ping, ipconfig and nslookup, will work exactly as you expect.
The PowerShell ISE offers some very useful add-ons. One is Script Browser. Suppose you want to do something in PowerShell and you know what result you need, but you don’t know how to achieve it. Moreover, you think it’s likely that someone else has already encountered a similar problem and written a great script. In such situations, of course, you’d go to TechNet Script Center. However, finding the right script can be a long and tedious process. Wouldn’t it be great to have a tool that can understand what you need and automatically look for the appropriate script? Well, the Script Browser add-on will enable you to easily find scripts you need on TechNet.
Another great add-on is Script Analyzer; it will automatically analyze your scripts and suggest changes that will improve their effectiveness.
You can easily install these add-ons by running the following commands:
Install-Module -Name Scriptbrowser
Install-Module -Name ISEScriptAnalyzerAddOn
4. RSAT Tools for Windows 10
Remote Server Administration Tools (RSAT) enables IT administrators to remotely manage roles and features on Windows Servers and remotely manage Active Directory from their Windows 10 Professional or Enterprise workstations. The RSAT package includes:
- Server Manager
- The Microsoft Management Console (MMC) snap-in
- Windows PowerShell cmdlets
- Command-line tools
Basically, with RSAT you have all Windows Server administration tools on your workstation, so you don’t need to RDP into your servers at all. That makes your Windows Server management more secure.
5. Tools from the Sysinternals Suite
The Sysinternals Suite is used for troubleshooting problems and investigating security breaches on computers running Microsoft operating systems. There are more than 40 tools in six categories:
- File and disk tools
- Networking tools
- Process tools
- Security tools
- System information tools
- Miscellaneous tools
You can download the tools individually from Microsoft’s website, or you can download all of them in a single Sysinternals Suite. Here are the most popular free tools from this suite:
System Monitor (Sysmon)
System Monitor (Sysmon) is a system service that you can install on any computer running a Windows system. Sysmon enhances Windows OS logging functionality by writing detailed information about process creations and terminations, network connections and file creations to the Windows event log. Sysmon writes events to the log using the following IDs:
- Event ID 1. Creation of a new process
- Event ID 2. Creation of a new file
- Event ID 3. New network connection detected
- Event ID 5. Process ended
- Event ID 6. Driver loaded
- Event ID 7. Image loaded
- Event ID 8. Remote thread creation detected
Installing Sysmon on a server or other computer in a Windows environment will increase the number of events written to the event log, which can have its downsides. However, having a more detailed event log makes it much easier to tell what happened on a specific computer, which can be especially useful for investigating a suspected security breach.
You can use the AccessChk tool to determine what permissions are assigned to users and groups, including group-managed service accounts, for the following resources:
- Registry keys
- Global objects
- Windows services
AccessChk is also useful for checking whether the security settings on files and directories are set properly. Many famous breaches have occurred when trusted insiders gained access to files on file shares where permissions were not set correctly.
You can use Autoruns to determine which applications are configured to start automatically when a computer boots up or a user logs on. The tool lists all applications that are configured to start from the Startup folder, as well as from the Run, RunOnce, and other keys in the computer’s registry. Autoruns also provides information about File Explorer shell extensions, toolbars that have been installed, browser helper objects, auto-start services and Winlogon notifications.
The Process Explorer tool enables you to view the files and directories that a specific process has opened. It also provides information about CPU performance, memory utilization and process digital signatures. You can also use Process Explorer to determine which security account launched a process, when the process was launched, and whether the process is communicating with external hosts over the network.
Process Explorer works as a Task Manager replacement. It enables you not only to view resource consumption information about a specific process, including memory usage, handles, objects and threads, but also to suspend or kill a process. You can also use VirusTotal integration to check whether a specific process is infected by malware.
Process Monitor provides systems administrators with real-time information about file systems, the registry, processes and thread activity. You also can configure Process Monitor to capture and log data about activity rather than just providing a real-time display.
Process Monitor enables you to perform the following tasks:
- Capture the details of processes, including image path, command line, user and session ID, and network utilization
- Capture the details of services, including file and network utilization
- Determine which registry keys applications are using to store data
- Log gigabytes of data around captured events
- Log all operations at boot time
- Use filters to search certain data
7-Zip is a file archiver with high data compression and speed. An open-source tool written in C and C ++, it has a small size and supports several compression algorithms. It also supports a variety of common data formats (zip, rar, Gzip, bzip2, xz, tar and WIM), as well as the proprietary 7z format with a highly efficient LZMA compression algorithm. The program can be managed from a command-line interface using the command “p7zip”, or through a graphical user interface, that features shell integration. It can encrypt zip archives with AES 256-bit, but it does not offer filename encryption in zip archives as it is in 7z ones. It can also open .exe and .iso files as archives.
7. Notepad ++
Notepad ++ is one of the best text editors ever. It is great for working with code. It has a medium dependent interface, custom highlighting of code syntax, collapsible blocks, and support for regular expressions in searches. But the best thing is that it has a really fast response time when opening large files. Therefore, it is very handy when sysadmins need to investigate huge log files.
The interface is fully customizable, so you can remove all unnecessary things from the screen. You can also customize the keyboard shortcuts and menus. Notepad++ supports tabbed editing, which enables you to work with multiple open files in a single window. Other features that improve the editing experience include:
- Find and replace of strings of text with regular expressions
- Split-screen editing and synchronized scrolling
- Line operations, including sorting, conversion between uppercase and lowercase, and removal of redundant whitespace
Netwrix Account Lockout Examiner is a free tool that enables IT administrators and help desk staff identify lockout root causes in a single keystroke. You can see what makes the same account lock out repeatedly without having to dig into cryptic event logs — just enter the username and click the button.
The freeware helps to:
- Easily pinpoint the root cause of lockouts
Get to the root of the problem in a single click, whether it’s an improperly mapped network drive, a service or scheduled task running under stale credentials, or an outdated password saved on a mobile device.
- Minimize troubleshooting time
Slash troubleshooting time by 90% with easy root cause investigation. Uncover even the most complex reason for lockouts in minutes, so you know exactly what needs to be fixed.
- Reduce the pressure on your help desk
Ensure service desk pros have all the lockout details they need at their fingertips. Empower them to quickly troubleshoot user account issues and minimize business downtime whenever a service account for a critical app or a domain controller gets locked out.
Earlier, we explained why Process Explorer from the Sysinternals Suite is a good system administrator software solution for working with processes. However, it is not ideal. Here are some features of Process Hacker (PH) that might make it a better alternative:
- One awesome thing in PH is notifications about start, stop and installation of services and drivers. When a piece of software is installed, you are notified about which services it starts, what drivers it installs and what process runs; there is no need to go into Services or Device Manager and click “Refresh”.
- The System Information window is very similar to Process Explorer, but while PE breaks information into tabs, PH enables you to open tabs by clicking on the diagrams in the main window. PH also shows a little more information (processor name, total physical memory, etc.).
- PH’s main window uses coloring to show what type of process is currently running.
- PH supports keywords to search for certain types of processes.
- The main window of PH includes the two most useful tabs, “Network” and “Disk”, which show the overall network and disk activity of the processes.
- PH is an extremely convenient tool for working with services and drivers. On the Services tab of the main window, you can view the list of processes and drivers and their status, and you can also stop, start or delete them, as well as view and change their properties.
These features make Process Hacker one of the best free tools for any sysadmin or programmer.
PuTTY is a great terminal emulator that’s extremely lightweight and fast. It supports the SSH, SCP and rlogin protocols; multiple operating systems, including both Windows and Linux; and many variations on the secure remote terminal. PuTTY provides user control over the SSH encryption key and protocol version, as well as alternate ciphers such as 3DES, Arcfour, Blowfish, DES, and public-key authentication. The network communication layer supports IPv6.
PuTTY comes bundled with the command-line SCP and SFTP clients pscp and psftp, as well as plink, a command-line connection tool used for non-interactive sessions. All in all, PuTTy is the best tool for configuring routers switches and servers remotely.