Tip

The very best Sysinternals tools for Windows server security

I'm often surprised by the lack of Windows server administration tools that are used in some enterprises. Many administrators I work with just use the built-in tools that ship with Windows Server -- something I liken to going through life without experiencing the exhilaration of a powerful and great-handling sports car.

This is likely a side-effect of the "always putting out fires" mode of operation common among IT professionals, but that doesn't mean there isn't anything that can (or should) be done about it.

There are many options out there designed to help simplify and enhance your Windows server administration tasks. In particular, one of my all-time favorite toolsets is

Requires Free Membership to View

Windows Sysinternals. It's free and ever so handy when it comes to keeping your Windows servers secure. You can download any or all Sysinternals utilities directly from the following links:

 

Microsoft's Sysinternals toolset is broken down into six distinct categories, as shown in Figure 1.

Figure 1. A breakdown of the Sysinternals toolset

The tools you'll likely use most often for Windows server administration fall into two categories: 1) File and Disk and 2) Process. Specifically, the tools I've found to be most beneficial from a security perspective are:

 

  • AccessChk and AccessEnum for enumerating user rights and privileges

  • AdExplorer for viewing and editing Active Directory objects

  • LogonSessions for viewing active logon sessions and associated processes

  • Process Explorer for analyzing and killing live/hung Windows processes

  • Process Monitor for monitoring real-time file, registry, etc. thread activity

  • PsLoggedOn for viewing users logged onto local and remote sessions

  • TCPView for determining which programs are using specific TCP and UDP connections

  • VMMap for analyzing virtual and physical memory utilization of suspect processes

If you're like me and need a way to centralize all Sysinternals applications into one interface, check out the third-party freeware tool Windows System Control Center. It not only pulls the Sysinternals GUI and command-line tools into one cohesive environment, but also allows you to check for the latest Sysinternals updates (a huge plus) as shown in the figure below.

Figure 2. The Windows System Control Center interface (click to enlarge)

As much as I love the Sysinternals security utilities, they're not going to be everything to everyone. That being said, they sure do provide a heck of an improvement over the traditional -- and common -- toolsets I see in use today.

If you like digging deeper into the innards of Windows beyond the tools that ship with the OS, the Microsoft Sysinternals toolset is a must-have. You'll not only be able to do more with your Windows servers, but just as importantly, they will help you learn more about how to keep them secure.

ABOUT THE AUTHOR
Kevin Beaver (CISSP), is an information security consultant, expert witness, as well as a seminar leader and keynote speaker with Atlanta-based Principle Logic, LLC. Kevin can be reached at www.principlelogic.com.


 

This was first published in May 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.