oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

The Ultimate Free Windows Toolkit

by Mitch Tulloch

I live in Winnipeg, Canada, which we locals call "Bargain City." If we can get something a dollar cheaper, we'll drive clear across town to get it. And if we can get it free, well, there's no stopping us. This kind of mentality has its pros and cons. On the minus side, when it comes to freebies, you usually get what you pay for. On the other hand, a buck is a buck and if you're running a business or have a family to support, saving money is part of the game.

Network administrators generally like free stuff too, but when it comes to software, the problem is that there's so much free stuff available it's hard to know what's worth keeping and what you should ditch. That's why I've compiled the following list of my favorite free tools that every Windows administrator should have. Some of these tools have been recommended to me by other IT professionals, and I'll quote from their emails (with their permission) so you can learn what the tools are used for and how to use them.

Of course, my list below is merely a sampler and is in no way intended to be complete. For one thing, the tools you need to do your job depend a lot on your environment: whether you have thousands of desktops to support or only a handful, whether you deploy Microsoft Exchange internally or outsource your mail services, and so on. So if you have other free tools to recommend for Windows admins, feel free to use the comment feature at the end of this article and add to my list.

Filemon and Regmon

These two freebies from Sysinternals are absolutely essential if you ever need to deal with application compatibility issues involving apps that require elevated privileges to run. Mary Vanatta, who handles support for the Industrial and Manufacturing Engineering Department at Wichita State University, told me that she worked in an environment that "had 325 computers, 400 end users, and approximately 250 applications in a refinery setting. We ran into the issue of applications not working due to non-administrative access. Here is what we did to solve the problem. We never had one application that we could not get to work under this scenario. First, we would test the application with a dummy user account. If we found any restrictions or problems with the application we would then run Filemon. Filemon would monitor the files the application was trying to access; then after the application quit, we would stop the "capture" on Filemon, review the log file, and it would generally let us know what files the program was trying to access. At this point, we could create a group policy for that piece of software and have it grant read/write/execute access to that file directory for users that logged onto that machine. Generally the file was C:\Program Files\NameofAPP. Whenever a user of the machine that the software policy was applied to logged on, then they were granted access to that folder on the C: drive only. We used Regmon in testing as well because sometimes a registry setting required admin rights. We would enter that setting in Group policy for the software as well. Keep in mind we would repackage software into msi's and put them in a distribution point. When installing the application to the end user, we would apply that group policy to the machine."


Another great freebie from Sysinternals is PsExec, which can be used to execute processes on remote systems. Sami Laiho, a consultant in Helsinki, Finland, says, "PsExec from Sysinternals is great for shooting admin rights to desktops. I use the following to start printer wizard on remote machines: psexec -d -i \\computer rundll32 printui.dll,PrintUIEntry /il."


MVP Rodney Buike pointed me toward Windows Inventory from SourceForge. Rodney mentions that this tool is a "free, open source PC-auditing and inventory-tracking tool. It is ideal to track software licenses, hardware inventory, and operating system settings and information. I used this at my previous workplace before the hardware was recommissioned."

HP Network Printer Install Wizard

Another cool tool Rodney brought to my attention is the HP Network Printer Install Wizard. How many of us have HP network printers in our environment? Pretty much every enterprise admin, I'd say. Rodney says, "If you have multiple HP network printers, this tool is great for discovery and network configuration."

WinInstall LT

If you've still got a copy of your Windows 2000 Server or Advanced Server CD kicking around, you're probably still using WinInstall LT. Scott Ramsdell tells the following story: "As background, I was the engineer tasked with rolling a 300 user, 100 server, two location shop from Win95/NT to Windows 2000. The process went very well by utilizing Microsoft's technologies. Software assigned or published to a group of users via GPO will automatically elevate the user's privileges during install, then restore the user's rights after the install has completed. (A race condition does not exist here, as only the install process runs with elevated rights.) Software written to the Windows Installer 2.0 specification (circa 2000) will already be able to take advantage of this. For non-compliant or legacy software, Microsoft included a very easy to use .MSI creation tool with the Windows 2000 Server CD. The software is Wininstall LT and is in the ValueAdd directory on the disk. .MSI packages created with this tool also work fine in a Windows 2003 Active Directory environment with XP clients. To create an .MSI file, Wininstaller takes a snapshot of the disk, prompts you to install the software, then takes another snapshot. The difference is bundled as an .MSI package. Vendor-supplied .MSI files can be used as the source to create a custom .MSI that installs outside of Program Files, if desired. On my RIS images, I created a directory off the root of C:\ and granted Authenticated Users full control. Software that requires the user be a local admin to operate properly generally needs to write to an .ini or such file, and will of course fail if the application was installed in Program Files and the user is not an admin. For these applications, I created the .MSI file after installing to a subdirectory of my writable directory. For our environment, this solved the problem for all of our troublesome software. I have since left the company, but my recollection is that our bothersome software included Lotus Notes, Adobe Reader, Macromedia Flash Player, and accounting packages I can't recall the name of."

Bart PE

I've mentioned this cool tool in a previous article here on WindowsDevCenter, so I won't discuss it further here, other than saying that it's saved my butt several times.

More Tools

I could go on with my list, but I'd prefer to hear from you now about what free tools you find essential in your own Windows networking environment, so comment away!

Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell, Windows Server 2003 in a Nutshell, and Windows Server Hacks.

Return to the Windows DevCenter.