Working as a systems administrator oftentimes requires you to interact with many different computers in a single day. One minute you’re dealing with cranky users complaining about slow performance on their PCs and the next minute your soothing badly behaving domain controllers.
Having to interact with so many different PCs makes it all the more advantageous to keep a core set of tools with you at all times. Many useful tools can be run from a portable storage device and some have even been specifically designed to run on portable storage devices. The former are what I call “portable compatible” and the latter can be considered “stealthy”. That is, some apps can work on a portable device but are likely to add edits to the local registry while “stealthy” apps make no changes to the registry and ostensibly leave no traces behind. With that said, here are 10 things that I believe every Windows Administrator should have on their USB thumbdrives:
As of June 2009 there are 66 tools in the suite. A thorough understanding of each of them is improbable (unless your name is Cogswell or Russinovich), however some of them have more readily understandable uses than others. For instance, Process Explorer allows you to see deeply into each running process, its CPU history, which executable was used to launch the program, where it is and what switches were used when launching. PsExec allows you to run any process on a remote system. Ever wanted to run another computer’s command prompt from your machine? PsExec is the tool to do it with! Conversely, PsKill can kill remote processes without having to install a utility on the remote computer. You can check out our How to Run Commands and Programs Remotely Using PsExec article for more details.
As a bonus, each of the Sysinternals tools are available “live” at “live.sysinternals.com\tools” which is essentially just a file share open to the internet. You can access any of their tools from a command prompt or the run box by using a standard UNC path like this: \\live.sysinternals.com\tools\[toolname]. Furthermore, since it’s a file share, you can map a drive to that UNC path and give it a drive letter (thanks go to Ed Bott for cluing me in to that one). Even if you lose your thumbdrive you can still have easy access to the latest and greatest sysinternals tools on any computer with a network connection!
There’s a bit of confusion about this topic. Before Vista and Server 2008, the resource kit tools were bundled with their respective resource kit book series (E.g. the Windows XP Resource kit) but they could also be downloaded from Microsoft’s web site. The support kit tools were included with the OS installation media and could also be downloaded from Microsoft’s web site. Nowadays, while both Vista and Server 2008 have resource kit tools, it seems that at the time of this writing they can only be acquired through purchasing the Vista or Server 2008 Resource Kit book set.
Furthering the departure from normalcy, it appears that the term “Support Tools” has been abandoned in favor of the term “Remote Server Administration Tools” (RSAT). Instead of downloading the toolset separately they are now “built in” to Server 2008, but you have to add them first through the Add Features Wizard. If you want to copy them to your USB drive, the only way that I know to retrieve them is to install the category of RSAT tool that you want and then search through WINDOWS\System32 for the desired tools. It seems that there is no single collection of updated “Support Tools” (or RSATs as they’re now known) that you can download. If it sounds cumbersome to move the tools to a thumbdrive it’s because it is. If anyone else has a better way, please comment! If you choose to use the Server 2003 / XP support tools you’ll need to unpack the support.cab file from the support\tools folder on the installation media. My preference is to simply open it with Windows Explorer and drag ‘n’ drop the entire cabinet file’s contents into a folder on my USB stick. There are several .dll, .vbs, .chm and other files included. The tools weren’t designed with portability in mind but they should work (I say “should” since I haven’t ever had to use each and every tool from a portable device nor do I know anyone who has).
Nary does a day go by that your average admin doesn’t have to scan a network, IP range or port scan a node. Having a good network scanner handy can greatly expedite the network troubleshooting process. I prefer to use SoftPerfect’s Network Scanner which does not need an installer and can run without administrator credentials.
Other key features include the ability to list file shares (including hidden shares), send WoL packets, remote shutdown PCs, detect your external IP address, scan for logged on users and more. However, If you want something much more powerful that can do more security oriented audits, you could use the portable version of nmap 3.8.
Having your own browser with its own preferences and bookmarks is nice but having it available to you on any PC is even nicer. There are portable versions of several of the popular “non-portable” web browsers such as FireFox Portable and Opera-USB. Those two browsers specifically state that they do not leave any personal data behind on the local system’s hard drive. There are also some more obscure offerings such as portable versions of Avant, Maxthon and Sleipnir. For even more security, you could try the xB Browser from XeroBank. The xB browser is designed to work with either the Tor network or the arguably more secure XeroBank anonymity network.
“What about IE!” some may be howling. While there’s no official portable version of Internet Explorer, there is a possible alternative. Using FireFox portable, you can install IE Tab and switch to the explorer rendering engine as needed. Using this method I was able to update an XP Pro machine using the Windows Update website (which rejects all browsers except Internet Explorer) using Firefox portable. However, I was unable to empirically test if IE tabs edits the registry (I suspect that it does). Whether traveling between a home and work computer, staying secure on a public machine or helping out Grandma with her new gaming rig you’ll be happy to have a trusted web browser that’s always there for you.
What Windows admin hasn’t had to deal with some kind of suspected malware infection regardless of whether or not an anti virus product was in place? Servers or clients, it makes no difference. Having some kind of anti malware detection program with you at all times is a must. Originally coded by Merijn Bellekom and later sold to Trend Micro, HijackThis has become one of the foremost tools used in the fight against malware. While not a “stealthy” portable app (it leaves registry edits behind) the .exe is completely self contained and can run perfectly fine on a portable drive. Best of all it’s completely free and there is no EULA prohibiting it from being used in a business environment like there is for other free anti-malware products (Adaware Personal and MalwareBytes Anti-Malware, for example). The program’s primary usage is to scan key locations in the Windows registry and various places on your hard drive and then make a log file of the entries and files that it finds. The things that HijackThis finds may not be bad in and of themselves (in fact, most are innocuous). The real power of HijackThis comes from the community of volunteer logfile analyzers and the automated www.HijackThis.de web site.
HijackThis also includes some lesser known features such as a startup list generator, process manager (similar to task manager), the ability to delete a file on reboot, the ability to delete an NT service, scanning for hidden data streams and an Add/Remove programs editor (handy to delete entries for the occasional application that uninstalled but didn’t remove its entry in the Add/Remove Programs list). Because of the power of HijackThis and the potential for disaster if you delete the wrong files, please read some tutorials before you jump into it. This is an excellent guide to start with.
Wherever you go and whichever computer you’re using at the moment, the ability to create and edit a diverse array of document types is crucial. You never know when you’ll need to hand craft a quick XML file, quickly modify your boardroom presentation or create a spreadsheet that aids in the creation of scripts (similar to Coach Culbertson’s mass user creation script facilitated by an Excel spreadsheet in the Train Signal Windows Server 2008 Active Directory training videos). OpenOffice is the premier Open Source Office Suite for Windows, Linux and OS X and, thanks to the folks at PortableApps.com, it now comes in a portable format. It includes Writer (text document creator), Calc (spreadsheets), Impress (slide presentation creator; think PowerPoint), Draw (self explanatory), Math (mathematical formula creator) and Base (database creation tool; think Microsoft Access). Open Office can open many document formats including Office 2007 .docx and .xlsx files. It can also save files in Office 2000 format (no further up the Office version chain, though) as well as a host of open formats.
Many devices (especially networking equipment) have an RS-232 (Serial), SSH or Telnet interface (horrors!) that you need to connect to in order to do some deep hacking. One of the more popular terminal emulators is PuTTY and now it comes in a portable version: portaPuTTY. PortaPuTTY has been conveniently modified to store configuration and session data in flat files rather than the registry. There’s also the similarly named PuTTY Portable which is a PortableApps.com application.
The main PuTTY application has been forked to produce KiTTY, which itself is not portable. However, (you guessed it) it has been further forked to produce its own portable version: Portable KiTTY. KiTTY includes some more features than PuTTY so check the feature list to see if they would actually be useful to you. Another free option is TunnelierPortable or TunnelierU3 (designed to work with U3 devices) which are based on Tunnelier from bitvise (which officially approves of these “fan projects”). However, make sure to read the Tunnelier license agreement to understand under what circumstance you are obliged to purchase a license.
Keeping track of passwords is hard and as a result people tend to write passwords down on slips of paper and “hide” them in a secure place (for the record, placing sticky notes under your desk phone is not a secure place). As a result, many people reuse the same password or small pool of passwords for many different accounts so they won’t forget them. Password managers can aid in the implementation of better security by allowing you to have complex passwords for each account without having a memory like Kim Peek. KeePass is an open source tool released under the GPLv2 license and is one of the more popular password safes. Fortunately, it also comes in a portable edition. KeePass database files are encrypted with twofish or AES 256 encryption algorithms so if you lose the USB drive, it would be exceptionally difficult for someone to crack the file. Version 2.0 of KeePass supports keeping the password file on an HTTP/FTP server which could conceivably increase the portable uses for the application. Another portable password manager is the closed source RoboForm 2 Go.
It is offered in a U3 and a non U3 format. They even offer their own custom RoboForm USB key. RoboForm can fill in long registration forms with one click, it can synchronize your passwords between computers and it claims to be able to defeat keyloggers. There are two editions of RoboForm 2 Go; a free version and a Pro version. The free version cannot be used in a business environment for more than 30 days. Since RoboForm caters to fillin gout long web forms it is designed to closely integrate with your web browser in the form of a toolbar. It runs in the background from the portable storage device with a SysTray icon being the only visible indicator of it’s existence outside of the browser. For even more portability, you can use the RoboForm Online service that stores your passwords in their cloud. There are many more password managers out there for you to evaluate, but those are two of the more popular titles. Now you can have unique massive passwords on your switches, domain controllers and other important devices and not worry about being locked out because you can’t remember passwords that are more complex than the name of Star Trek characters.
The ability to remotely control a distant PC is undeniably valuable. But what if you find yourself on an unfamiliar computer? Wouldn’t it be nice to have pre made RDP connections with you wherever you go? Or have a familiar VNC client with you at alltimes? It would be nice, however, there is a surprising dearth of portable RDP and VNC clients available. TRAVEL@Clip (yes, it’s supposed to be typed that way) is one of those few.
TRAVEL@Clip is a $25USD program that allows you to establish RDP connections (no VNC support) without the need for administrator rights. It keeps all settings in an encrypted file on the USB drive and does not make any changes to the host PC. It can save up to 9 separate connections. I was surprised that I was unable to find any stable freeware/opensource portable RDP tools, so it looks like you’ll have to spend a little cash for RDP mobility. There is one possibility worth noting: ChrisControl. Intended for use on a Windows PE disc, it is said to not write settings to the registry. It purportedly allows you to connect to remote PCs via RDP or VNC. It was even supposed to be able to install an UltraVNC server on the remote computer if it wasn’t already installed and uninstall it when you disconnect. That feature sounded exciting and even reminded me of Dameware Mini Remote Control’s remote installation and uninstallation features… except for one important point: Dameware works. I tried two versions of ChrisControl and was never able to get it to work. Others on the web have stated that it worked fine for them. I only mention it here because you might have better success with it or future versions (if there are any) might make it work smoother. As for VNC tools that are specifically designed for portability, well, if there are any they’re well hidden. It seems that most of the major VNC viewer applications are “portable compatibe” meaning that they will work from a portable storage device but none of them are advertised to not touch the local machine’s registry. That may or may not be acceptable in your environment. The various major VNC viewer applications are Tight VNC Viewer (look for the package with the description “Viewer executable, does not require installation”), Real VNC viewer and UltraVNC Viewer.
Wireshark, seemingly everyone’s favorite protocol analyzer (Although Microsoft’s Network Monitor is pretty cool too), now comes in portable format. Well… pseudo-portable. For Wireshark to work it needs the Winpcap package to be installed. Every time you launch Wireshark portable it checks to see if the Winpcap driver is installed and if it isn’t it asks to install Winpcap (of course, you’ll need proper permissions on the computer to do that). When you exit Wireshark portable, it courteously uninstalls Winpcap in an attempt at leaving the computer as untouched as it possibly can. If you can live with those caveats, then you can wade knee deep in raw streams of network traffic on any computer you touch. If you can’t live with that, you’ll have to use a tool that utilizes a method called “Raw Sockets” which has some limitations but should be fine for most situations. IP Sniffer is a decent utility that utilizes raw sockets. Another raw sockets option is NirSoft’s SmartSniff.
I’m sure that if you include those 10 things on your thumbdrive you’ll be solving problems quicker, saving the day more often and hopefully getting home earlier. Since thumbdrives can be easily lost, consider creating a script using Task Scheduler and RoboCopy (built-in to Vista and Server 2008, included in the Server 2003 Resource Kit tools) to periodically create a backup. For even more portable applications you might want to look into the PortableApps project which has a huge collection of applications that are said to leave no traces of themselves whatsoever on the host computer. Who wouldn’t want to be able to play Sudoku from their thumbdrive? Enjoy!