When Windows XP was released there was also a Windows XP resource kit released as well. After Windows Server 2003 was released Microsoft released a Windows 2003 resource kit that includes a bunch of tools that can be used to support Windows XP The book that Microsoft released can be purchased but the tools themselves are a free download.
I have broken out the Windows XP support tools here and left the server tools undocumented. After you download the resource kit tools you can install locally on your Windows XP box and try these following 61 tools out. My favorites? Robocopy, qgrep and Cmdhere, but depending on what kind of situation you are in it is really nice to know about all of these tools.
Autoexnt.exe: AutoExNT Service
AutoExNT Service (AutoExNT) is a service that allows you to start a custom batch file named Autoexnt.bat at startup without having to log on to the computer on which it will run. The AutoExNT Service permits an administrator to configure a computer running Windows to run a custom batch file when the computer is first started. A user or administrator is not required to be logged on at the time this custom batch file runs.
Cdburn.exe: ISO CD-ROM Burner Tool
ISO CD-ROM Burner Tool (CDBurn) is a command-line tool that allows the user to write (burn) data images from image files located on the hard drive to compact disc (CD) recordable (CD-R) and CD rewritable (CD-RW) media. The data image can be any kind of data, even raw data. This tool can also be used to erase CD-RW media.
Chklnks.exe: Link Check Wizard
Link Check Wizard (ChkLnks) is a GUI tool that scans all the link (shortcut) files on a computer to determine whether or not the shortcuts point to existing applications or documents. When Link Check Wizard does not find an associated application or document, the wizard lists that file as a dead link, giving you the option to remove it.
Clearmem.exe: Clear Memory
Clear Memory (ClearMem) is a command-line tool that determines the size of the computer’s physical memory, allocates enough data to fill it, and references the data as quickly as possible. ClearMem also accesses files to clear the cache. This reduces, to a minimum, the memory available to other processes. Then, the Clear Memory tool releases the allocated memory to restore normal system functions.
Running ClearMem twice forces most applications out of memory. ClearMem has to run multiple times to present a real-life memory load because the system does not immediately trim all possible pages in a process working set. Instead, it does so gradually over time. When ClearMem runs, the system pauses because of the flood of high priority activity.
Cmdhere.inf: Command Here
Command Here (CmdHere) is a shell extension that adds a CMD Prompt Here item to the context menu that is available when you right-click in the Folders (left) pane of Windows Explorer. Selecting the Command Here option from the context menu opens a new command-line session with the same path as that of the object that you right-click.
Dh.exe: Display Heap
Display Heap (DH) is a command-line tool that displays information about heap allocation for user-mode processes or pool usage in kernel-mode memory. It also enables you to lock heaps, tags, stacks, and objects. DH allows you to identify the process for which you need to display information, and it allows you to identify the information that you need to display. The tool then writes formatted output to a text file.
One of most useful functions of DH is to display a list of potential memory hogs and the memory allocation calls that have reserved the most memory. To identify call sites symbolically, the system needs the ability to capture a stack back trace at run time. This capability is supported only on Intel Itanium-based platforms.
You can use DH to dump all memory allocations for a program that you are testing. Start the program and write DH output to a file (dh1.dmp, for example). Next, run the application for some time and then pause in a state that should be identical to the first pause. While the program is paused, take another DH reading and write it to a second file (dh2.dmp).
Diskuse.exe: User Disk Usage Tool
User Disk Usage Tool (DiskUse) is a command-line tool that scans a single directory, a directory tree, or an entire drive and reports the amount of space used by each user or all users. The output for this tool is displayed in the command window, or is sent to a file in table or text format. DiskUse can also list all the files owned by a user or users, filtered in a variety of ways.
Dvdburn.exe: ISO DVD Burner Tool
ISO DVD Burner Tool (DVDBurn) is a command-line tool that allows the user to write (burn) Digital Video Disk (DVD) images from image files located on the hard drive to Digital Video Disk (DVD) media. The data image can be created by any program capable of producing DVD image files. You can also use this tool to erase DVD media.
Inetesc.adm: Internet Explorer Enhanced Security Configuration
Internet Explorer Enhanced Security Configuration (InetESC) is a Group Policy template that will enhance the security configuration of Microsoft Internet Explorer.
Iniman.exe: Initialization Files Manipulation Tool
Initialization Files Manipulation Tool (IniMan) is a command-line tool that enables you to add, delete, modify, or query sections or keys in an .ini file. Examples of .ini files are setup answer files, program initialization files, and .inf files. IniMan also allows you to create new answer files that contain only your chosen values.
Intfiltr.exe: Interrupt Affinity Filter
Interrupt Affinity Filter (IntFiltr) is a GUI tool that allows you to change the CPU affinity of a device interrupt. Use IntFiltr to specify that a device’s interrupt signal processing occurs on a specific set of CPUs. For multiprocessor systems, this can improve system performance.
Kernrate.exe: Kernel Profiling Tool
Kernel Profiling Tool (KernRate) is a command-line tool that is a CPU sample profiler. A sample profiler monitors performance and reports back to the user. KernRate reports on kernel and user-mode processes to provide information about CPU activity. Use KernRate to identify which processes are causing a CPU bottleneck.
KernRate divides memory address space into manageable chunks. Each chunk (also called a bucket) is monitored separately. The administrator can “zoom” (preselect) a module.
Note: This tool hosts its own Help file. For details and more information about this tool, see the KernRate Usage Guide (Kernrate.doc) for more information.
Link Speed (LinkSpeed) is a command-line tool that displays the speed of the connection between computers on a network.
List.exe: List Text File Tool
List Text File Tool (List) is a command-line tool that displays and searches one or more text files. Unlike other text display tools, List does not read the whole file into memory when you open it. It allows a user to edit a text file in a hexadecimal format. List is useful for displaying text or log files remotely, and for use on servers where administrators are concerned with degradation of system performance.
LogTime is a command-line tool that logs the start or finish of command-line programs from a batch file. This is useful for timing and tracking batch jobs such as mail-address imports.
LogTime creates a log file called Logtime.log, with a date-and-time stamp next to the specified parameter (text_string in LogTime syntax). When called from within a batch file, the date-and-time stamp records when LogTime (with the given parameter) was run by the batch file. For example, if LogTime is run before and after a command-line program in a batch file, Logtime.log records the start and stop time of that program. With each use of LogTime, new information is appended to Logtime.log; the file is not overwritten.
Memmonitor.exe: Memory Monitor
Memory Monitor (MemMonitor) is a command-line tool that monitors the memory a process uses, and runs the process through a debugger when a given threshold is reached.
Memtriage.exe: Resource Leak Triage Tool
Resource Leak Triage Tool (MemTriage) is a command-line tool that detects a possible resource leak on a running system. MemTriage records process information or current kernel pool information and saves it to a log file. Then you use MemTriage to analyze the log file and diagnose issues with any system resource, including memory, handles, Graphics Device Interface (GDI), user resources, and the kernel. After issues are identified, MemTriage generates a report and instructions about what to do next.
Moveuser.exe: Move User
Move User (MoveUser) is a command-line tool that changes the security of a user profile so that it can be associated with a different user account. Use MoveUser after moving a user to a different domain so that the user can keep the user profile associated with the original user account.
Nlsinfo.exe: Locale Information
Locale Information Tool (NLSInfo) is a command-line tool that displays information about the locale settings for a computer.
Now.exe: STDOUT Current Date and Time
STDOUT Current Date and Time (Now) is a command-line tool that reads standard input (STDIN) and then displays, on standard output (STDOUT), the current date and time followed by the STDIN.
NTRights is a command-line tool that allows you to grant or revoke a right for a user or group of users on a local or remote computer. You can also place an entry in the event log of the computer, noting the change. NTRights is useful in unattended or automated installations during which you may want to change the default rights. You can also use it in situations where you need to change a right in an existing installation, but you cannot access and log on to all computers.
Oh.exe: Open Handles
Open Handles (OH) is a command-line tool that shows the handles of all open windows. OH can also be used to show only information about a specific process, object type, or object name. This feature is useful for finding the process that has a file open when a sharing violation occurs.
Oleview.exe: OLE/COM Object Viewer
OLE/COM Object Viewer (OLEView) is a GUI tool that allows you to manage all Microsoft Component Object Model (COM) classes installed on your computer.
Pathman.exe: Path Manager
Path Manager (PathMan) is a command-line tool that adds or removes components from system or user paths. PathMan can modify any number of paths in a single call, and it includes error checking that can handle path abnormalities such as repeated entries, missing entries, and adjacent semicolons.
Permcopy.exe: Share Permissions Copy
Share Permissions Copy (PermCopy) is a command-line tool that copies share-level permissions (Full Control, Read, Change) from one share to another.
Important: Copying permissions to an administrative share located on an x86-based computer causes Services.exe to stop.
Perms.exe: User File Permissions
User File Permissions (Perms) is a command-line tool that displays user access permissions for a file or directory on an NTFS file system volume. Perms queries the permissions associated with a specific access control entry (ACE), displaying only those permissions granted by that particular access control entry ACE.
Pfmon.exe: Page Fault Monitor
Page Fault Monitor (PFMon) is a command-line tool that allows a developer or system administrator to monitor page faults that occur while an application is running. PFMon is especially useful for tracing hard and soft page faults because it shows the source of the fault.
Notes:You must run PFMon from the command window.
If you run PFMon on an existing process and close the command window, the process stops without giving the user an opportunity to save changes.
Pmon.exe: Process Resource Monitor
Process Resource Monitor (PMon) is a command-line tool that displays several measures of the CPU and memory use of processes running on the system. The PMon display appears in the command window. It is updated automatically every few seconds and requires no configuration. You can use PMon to measure paged and nonpaged pool usage, and to identify kernel mode memory leaks.
Printdriverinfo.exe: Drivers Source
Drivers Source (PrintDriverInfo) is a command-line tool that is used to collect information about printer drivers and is primarily used for support purposes. The information the tool collects includes the format and the mode of the driver. The tool also has the ability to map a driver file back to the printer that uses it.
Prnadmin.dll: Printer Administration Objects
Printer Administration Objects (PrnAdmin) is a COM-based tool that provides large-scale, noninteractive control of printers, drivers, and ports on local and remote computers.
Using PrnAdmin, you can:
Add and delete a local or remote printer.
Add and delete printer connections.
Add and delete a local or remote form.
Add and delete a local or remote standard TCP/IP port (of type Line Printer Remote (LPR) or RAW).
Add and delete a local or remote driver.
View a list of printers, ports, drivers, and forms on a local or remote computer.
Control and configure a local or remote printer.
PrnAdmin consists of several scriptable COM objects residing in Prnadmin.dll, which functions as a wrapper around Printui.dll. Several Microsoft Visual Basic Script (VBScript) sample files are included with the tool.
Note:For more detailed information on how to use PrnAdmin.DLL, see Prnadmin.doc. This white paper provides additional information on printer, drivers, ports and forms to help administrators and programmers manage a large number of local and remote printers.
Qgrep is a command-line tool that is used to search a file or list of files for a specific string or pattern and return the line containing the match. QGrep also allows you to search multiple files and subdirectories. Qgrep is similar to the UNIX tool grep.exe.
Regini.exe: Registry Change by Script
Registry Change by Script (RegIni) is a command-line tool that allows you to add and modify keys and values in the registry by specifying a registry script.
Caution:Do not use a registry editor to edit the registry directly unless you have no alternative. The registry editors bypass the standard safeguards provided by administrative tools. These safeguards prevent you from entering conflicting settings or settings that are likely to degrade performance or damage your system. Editing the registry directly can have serious, unexpected consequences that can prevent the system from starting and require that you reinstall the Windows operating system. To configure or customize the Windows operating system, use the programs in Control Panel or Microsoft Management Console (MMC) whenever possible.
Remapkey.exe: Remap Windows Keyboard Layout
Remap Windows Keyboard Layout (RemapKey) is a GUI tool that changes the layout of a keyboard by remapping the scan codes of the keys.
Robocopy.exe: Robust File Copy Utility
This command-line tool simplifies the task of maintaining an identical copy of a folder tree in multiple locations, either on the same computer or in separate network locations. Robust File Copy Utility (RoboCopy) can provide time-efficient maintenance of mirror images of large folder trees on network servers separated by slow or unreliable wide area network (WAN) links. By default, RoboCopy ignores source file attributes when selecting files to copy. It copies any file matching specified conditions, regardless of the attribute settings of the file. RoboCopy writes a log of files and folders to its command-prompt window, listing the:
Files copied and why
Incompatibilities between the source and destination folder-tree structures
This output can also be redirected to a disk file. Just before RoboCopy closes, it writes a summary of its activities during its session to its command-prompt window, or to a disk file, if redirected.
Note: RoboCopy does not run on Microsoft Windows 95, or Microsoft Windows NT, version 3.5x. RoboCopy is a Unicode application, and Windows 95 does not provide full Unicode support. Also, RoboCopy uses the CopyFileEx() Win32 API, which is supported on Microsoft Windows 2000 and Microsoft Windows NT version 4.0, but not on Windows NT 3.5x.
Rpcdump.exe: RPC Endpoint Diagnostic Utility
RPC Endpoint Diagnostic Utility (RCPDump) is a command-line tool that queries Remote Procedure Call (RPC) endpoints and reports on the status of RPC services on the system.
RPCDump queries the endpoint mapper database to obtain a list of every registered endpoint. If the /i switch is specified, the tool pings each endpoint to determine whether or not the service that registered the endpoint is listening. After gathering statistics, RPCDump sorts them and displays the data. This tool can help to isolate network troubles involving services using RPCs.
Rpcping.exe: RPC Ping
RPC Ping (RPCPing) is a command-line tool that enables users to troubleshoot connection problems between computers involving remote procedure calls (RPCs). RPCPing works much like the Packet Internet Groper (PING) utility for TCP/IP connections, except that it tests RPC connectivity instead of IP connectivity.
Setprinter.exe: Spooler Configuration Tool
Spooler Configuration Tool (SetPrinter)is a command-line tool that is used to set configurations or states of local and remote printers, for an individual printer or for all printers on a print server
Showacls.exe: Show ACLs
Show ACLs (ShowACLs) is a command-line tool that enumerates access rights for files, folders, and trees. It allows masking so that you can enumerate only specific access control lists (ACLs). ShowACLs works on NTFS file system partitions only. ShowACLs also allows you to view permissions for a particular user. ShowACLs does this by enumerating the local and global groups to which the particular user belongs, and matching the user’s security identifier (SID)â€”and the SIDs of the groups to which the user belongsâ€”to the SIDs in each access control entry (ACE).
Showperf.exe: Performance Data Block Dump Utility
Performance Data Block Dump Utility (ShowPerf) is a GUI tool that loads and runs the dynamic-link libraries (DLLs) of installed performance counters on local and remote computers. ShowPerf then takes this data, unformatted, from the internal data buffers of performance counters, and displays it. Administrators and performance counter developers can use ShowPerf to identify counters that the system cannot load and counters that the system disables because the DLL fails system run-time reliability tests. They can also use ShowPerf to detect errors in the performance counter data.
ShowPerf displays the following data:
Performance objects and object instances that are enabled on the system (Disabled objects do not appear.)
Index of the object in the performance registry (HKEY_PERFORMANCE_DATA)
Individual performance counters for each object
Index of the counter in the performance registry (HKEY_PERFORMANCE_DATA)
Type of data that each performance counter gathers
Unformatted content of the data block gathered by the performance counter
Showpriv.exe: Show Privilege
Show Privilege (ShowPriv) is a command-line tool that displays the rights assigned to users and groups. ShowPriv must be run locally on the target computer or on a domain controller to display users and groups that have domain privileges.
Sleep.exe: Batch File Wait
Batch File Wait (Sleep) is a command-line tool that causes the computer to wait for a specified amount of time.
Splinfo.exe: Print Spooler Information
Print Spooler Information (SplInfo) is a command-line tool that collects information from the print spooler and displays it.
Srvany.exe: Applications as Services Utility
Applications as Services Utility (SrvAny) is a tool that enables 32-bit or 16-bit applications to run as services. Although SrvAny only runs on the Windows Server 2003 operating system, it can work with 32-bit applications written for Windows Server 2003, Windows 2000, or Windows NT. You can also use this tool to run 16-bit Windows applications as services, but some 16-bit applications will stop running when a user logs off of the computer.
The advantages of running applications as services are listed below:
When a user logs off, 32-bit applications running as services do not stop. This is beneficial because users do not need to restart the application each time they log on.
Applications running as services can handle requests without user intervention. Unless an application is interactive, requests are processed even when no user is logged on to the server. Applications running as services can run with their own logon accounts. This means an application can continue running and processing requests even when the user currently logged on to the server does not have permissions to administer the application
Srvcheck.exe: Server Share Check
Server Share Check (SrvCheck) is a command-line tool that lists nonhidden shares on a computer and enumerates the access control lists (ACLs) for each share.
Srvinfo.exe: Remote Server Information
Remote Server Information (SrvInfo) is a command-line tool that displays information about a server or workstation, including available disk space, partition types, and the status of services.
Ssdformat.exe: System State Data Formatter
System State Data Formatter (SSDFormat) is a command-line tool that creates a formatted copy of a system state data (SSD) log file. SSDFormat.exe opens an SSD log file, adds an XSL file header to format the data, and saves the changes to a new XML file. When you open the XML file created by SSDFormat in any XML-capable viewer, such as Internet Explorer, the XSL style sheet correctly displays any special characters and formats the data into tabular form.
SubInACL is a command-line tool that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain. For example, if a user has moved from one domain (DomainA) to another (DomainB), the administrator can replace DomainA\User with DomainB\User in the security information for the user’s files. This gives the user access to the same files from the new domain.
SubInACL enables administrators to do the following:
Display security information associated with files, registry keys, or services. This information includes owner, group, permission access control list (ACL), discretionary ACL (DACL), and system ACL (SACL).
Change the owner of an object.
Replace the security information for one identifier (account, group, well-known security identifier (SID)) with that of another identifier.
Migrate security information about objects. This is useful if you have reorganized a network’s domains and need to migrate the security information for files from one domain to another.
Tail is a command-line tool that displays a user-specified number of the last lines of a text file, such as a log file, in a console window.
Tcmon.exe: Traffic Control Monitor
Traffic Control Monitor (TCMon) is a GUI tool that allows you to view and set traffic control flows on different network adaptors.
TCMon includes the following features:
Application Monitoring. You can monitor the traffic control flows set up by applications that use the following APIs and services:
Traffic Control APIs
IIS 6 (Bandwidth Throttling)
Administrative Traffic Flow and Filter Management. You can mark, prioritize or limit traffic by creating flows and filters.
Timezone.exe: Daylight Saving Time Update Utility
Daylight Saving Time Update Utility (TimeZone) is a command-line tool that updates the daylight saving information for the current time zone in the registry. In some countries and regions, the start and end of daylight saving time are changed every year, and there is no fixed start or end date. TimeZone allows you to adjust the start and end of daylight saving time so that the computer’s time setting is automatically updated on the correct dates.
Tsctst.exe: Terminal Server Client License Dump Tool
Terminal Server Client License Dump (TscTst) is a command-line tool that dumps the Terminal Services client license information present on the Terminal Services client. This license is the one that the client acquired while connecting to a Terminal Server.
Usrmgr.exe: User Manager for Domains
User Manager for Domains (UsrMgr) is a GUI tool that allows you to manage security for Windows NT version 3.51 or 4.0 domains, member servers, and client computers from a Windows Server 2003 computer.
Using this tool on Active Directory domains or Windows 2000, Windows XP or Windows Server 2003 computers may cause corruption, or the tool may refuse to target such domains or computers. Always use the Active Directory administrative tools for Active Directory domains.
Vadump.exe: Virtual Address Dump
Virtual Address Dump (VaDump) is a command-line tool that creates a list containing information about the memory usage of a specified process. You can use VaDump to make sure virtual address space is not over-allocated. VaDump examines the virtual address of a running process. Depending on the options specified, the output of VaDump can include:
Each address, along with its size, state, protection, and type.
Total committed memory for the image, the .exe file, and each .dll file, including system .dll files.
Total mapped committed, private committed, and reserved memory.
Note: Because VaDump can generate a very large amount of output, it is advisable to redirect the output to a file. There are a number of tools that you can use to find a Process Identification (PID), including the operating system tool TaskList or the Support Tool Pviewer.
Vfi.exe: Visual File Information
This GUI tool uses a Cyclic Redundancy Checking (CRC) key to retrieve and generate file information. You can use this information for testing purposes to detect the files that have changed in different versions of applications or what the differences are between two seemingly identical computers. This information is also valuable for tracking different versions of resources that normally do not store version information.
Volperf.exe: Shadow Copy Performance Counters
Shadow Copy Performance Counters (VolPerf) is a command-line tool that enables administrators to use System Monitor to monitor their shadow copies.
Volrest.exe: Shadow Copies for Shared Folders Restore Tool
The Shadow Copies for Shared Folders Restore Tool (VolRest) is a command-line tool that searches for and restores previous file versions from file shares protected by the Shadow Copies for Shared Folders feature. VolRest allows administrators to browse or restore previous versions of one or multiple files stored on a server on which Shadow Copies for Shared Folders has been enabled. For example, from a single command line you can list or restore all the previous versions of your documents on a server.
Vrfydsk.exe: Verify Disk
Verify Disk (VrfyDsk) is a command-line tool that checks the consistency and integrity of the file system (FAT or NTFS) on a specified volume. It creates and displays a status report for the volume based on the file system and also lists the errors on that volume, if any. However, if any errors are discovered, VrfyDsk cannot correct them; to correct these errors, run Chkdsk in fix mode.
Winexit.scr: Windows Exit Screen Saver
Windows Exit Screen Saver (WinExit) is a screen saver that logs off the current user after a specified period of inactivity. In other respects, it is similar to other screen savers and can be configured and tested on the Screen Saver tab of the Display Properties dialog box in Control Panel.
Winhttpcertcfg.exe: WinHTTP Certificate Configuration Tool
WinHTTP Certificate Configuration Tool (WinHTTPCertCfg) is a command-line tool that enables administrators to import certificates and their private keys for use on client computers.
Winhttptracecfg.exe: WinHTTP Tracing Facility Configuration Tool
WinHTTP Trace Facility Configuration Tool (WinHTTPTraceCfg) is a command-line tool that enables an administrator to configure tracing features in Windows Hypertext Transfer Protocol (HTTP) Services (WinHTTP). WinHTTPTraceCfg allows an administrator to set and display these settings from the command prompt instead of having to make changes in the registry.
Winpolicies.exe: Policy Spy
Policy Spy (WinPolicies) is a GUI tool that allows a user to view and refresh Group Policy settings applied to the current user account and local computer.
Note: This tool hosts its own Help file. For more information about this tool, click Help on the main menu.