57 Tips Every Admin Should Know

The longer a person serves as a network admin, the more tips and tricks they are likely to pick up along the way. Some could be shortcuts, others might seem like magic, but all are intended to save you time and help you solve problems. Assume that all of these Windows commands should be run from an administrative command prompt if you are using Vista, Windows 7, or Windows 2008.

Active Directory

1. To quickly list all the groups in your domain, with members, run this command:

dsquery group -limit 0 | dsget group -members –expand

2. To find all users whose accounts are set to have a non-expiring password, run this command:

dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0

3. To list all the FSMO role holders in your forest, run this command:

netdom query fsmo

4. To refresh group policy settings, run this command:

gpupdate

5. To check Active Directory replication on a domain controller, run this command:

repadmin /replsummary

6. To force replication from a domain controller without having to go through to Active

Directory Sites and Services, run this command:

repadmin /syncall

7. To see what server authenticated you (or if you logged on with cached credentials) you can run either of these commands:

set l

echo %logonserver%

8. To see what account you are logged on as, run this command:

whoami

9. To see what security groups you belong to, run this command:

whoami /groups

10. To see the domain account policy (password requirements, lockout thresholds, etc) run this command:

net accounts

Windows Networking

11. To quickly reset your NIC back to DHCP with no manual settings, run this command:

netsh int ip reset all

12. To quickly generate a text summary of your system, run this command:

systeminfo | more

13. To see all network connections your client has open, run this command:

net use

14. To see your routing table, run either of these commands:

route print

netstat -r

15. Need to run a trace, but don’t have Netmon or Wireshark, and aren’t allowed to install either one? Run this command:

netsh trace start capture=yes tracefile=c:\capture.etl

netsh trace stop

16. To quickly open a port on the firewall, run this command, changing the name, protocol, and port to suit. This example opens syslog:

netsh firewall set portopening udp 161 syslog enable all

17. To add an entry to your routing table that will be permanent, run the route add command with the –p option. Omitting that, the entry will be lost at next reboot:

route add 0.0.0.0 mask 0.0.0.0 172.16.250.5 –p

18. Here’s a simple way to see all open network connections, refreshing every second:

netstat –ano 1

19. You can add a | findstr value to watch for only a specific connection, like a client ip.addr or port:

netstat –ano | findstr 216.134.217.20

20. You can use the shutdown to shutdown or reboot a machine, including your own, in a simple scheduled task like this:

shutdown –r –t 0 –m \\localhost

21. To make planned DNS changes go faster, reduce the TTL on the DNS records you plan on changing to 30 seconds the day before changes are to be made. You can set the TTL back to normal after you confirm the changes have been successful.

22. Set a short lease on DHCP scopes that service laptops, and set Microsoft Option 002 to release a DHCP leas on shutdown. This helps to ensure your scope is not exhausted and that machines can easily get on another network when the move to a new site.

Windows 7

23. Want to enable the local administrator account on Windows 7? Run this command from an administrative command prompt. It will prompt you to set a password:

net user administrator * /active:yes

24. You can do the same thing during install by pressing SHIFT-F10 at the screen where you set your initial user password.

Windows 7 supports several useful new keyboard shortcuts:

25. Windows Key+G

Display gadgets in front of other windows.

26. Windows Key++ (plus key)

Zoom in, where appropriate.

27. Windows Key+- (minus key)

Zoom out, where appropriate.

28. Windows Key+Up Arrow

Maximize the current window.

29. Windows Key+Down Arrow

Minimize the current window.

30. Windows Key+Left Arrow

Snap to the left hand side of the screen

31. Windows Key+Right Arrow

Snap to the right hand side of the screen.

32. To quickly launch an application as an administrator (without the right-click, run as administrator), type the name in the Search programs and files field, and then press Ctrl-Shift-Enter.

Here are some tips that can save you from buying commercial software:

33. Need to make a quick screencast to show someone how to do something? The Problem Steps Recorder can create an MHTML file that shows what you have done by creating a screen capture each time you take an action. Click the Start button and type ‘psr’ to open the Problem Steps Recorder.

34. Need to burn a disc? The isoburn.exe can burn ISO and IMG files. You can right click a file and select burn, or launch it from the command line.

35. Windows 7 includes a screen scraping tool called the Snipping Tool. I have tons of users request a license for SnagIt, only to find this free tool (it’s under Accessories) does what they need.

36. You can download this bootable security scanner from Microsoft that will run off a USB key, which is very useful if you suspect a machine has a virus.

37. A great way to save all your command line tools and make them available across all your computers is to install Dropbox, create a folder to save all your scripts and tools, and add that folder to your path. That way, they can be called from the command line or any other scripts, and if you update a script, it will carry across to any other machine you have.

Windows 2008

38. You can free up disk space on your servers by disabling hibernate. Windows 2008 will create a hiberfil.sys equal to the amount of RAM. This is very useful with VMs that have lots of RAM but smaller C: drives. To disable hibernation, and reclaim that space, run this command:

powercfg -h off

39. You can get to the complete collection of Sysinternals tools online. You can even invoke them from the run command. Use the url: http://live.sysinternals.com or the UNC path: \\live.sysinternals.com\tools.

40. Speaking of the Sysinternals tools, almost any command line in this article can be run remotely on another machine (as long as you have administrative rights) using the psexec command included in the Sysinternals tools.

41. You can kill RDP sessions at the command line when you find that all the RDP sessions to a server are tied up.

regsvr32 query.dll [enter] You only have to do this the first time.

query session /server:servername [enter]

reset session # /server:servername [enter]

42. You can create a list of files and display the last time they were accessed, which is very useful when a network drive is low on space and users swear they have to have that copy of Office 2003 on the network. My advice? If they haven’t touched it in two years, burn it to DVD or write it to tape and then delete it from disk:

dir /t:a /s /od >> list.txt [enter]

43. The Microsoft Exchange Err command is one of the best all around troubleshooting tools you will find, as it can decode any hex error code you find as long as the products are installed on the machine. Download it from here.

44. You can see all the open files on a system by running this command:

openfiles /query

45. You can pull all the readable data out of a corrupt file using this command:

recover filename.ext

46. Need to pause a batch file for a period of time but don’t have the sleep command from the old resource kit handy? Here’s how to build a ten second delay into a script:

ping -n 10 127.0.0.1 > NUL 2>&1

47. If your Windows website has stopped responding, or is throwing a 500 error, and you are not sure what to do, you can reset IIS without having to reboot the whole server. Run this command:

iisreset

48. You can use && to string multiple commands together; they will run sequentially.

49. If you find yourself restarting services frequently, you can use that && trick to create a batch file called restart.cmd and use it to restart services:

net stop %1 && net start %1

50. You can download a Windows port of the wget tool from here, and use it to mirror websites using this command:

wget -mk http://www.example.com/

Linux

51. You can list files sorted by size using this command:

ls –lSr

52. You can view the amount of free disk space in usable format using this command:

df –h

53. To see how much space /some/dir is consuming:

du -sh /some/dir

54. List all running processes containing the string stuff:

ps aux | grep stuff

55. If you have ever run a command but forgot to sudo, you can use this to rerun the command:

sudo !!

56. If you put a space before a command or response, it will be omitted from the shell history.

57. If you really liked a long command that you just ran, and want to save it as a script, use this trick:

echo “!!” > script.sh

With 57 tips in this bag of tricks, you’re bound to find something useful. Have your own tips to share? Leave us a comment!

And there’s more! If you’re a sys admin that’s been faced with malware infection, cracked passwords, defaced website, compromised DNS, licensing violations, stolen hardware and other issues which can cause cardiac arrest? We have what you need! Download this free e-book: First Aid Kit for Admins today!

Top 5 Windows Server 2008 R2 Tips Every IT Pro Should Know 1. Intro

Windows Server 2008 R2 is chock full of hidden capabilities, utilities and tools that could make any IT Pro’s life a little easier. IT Pros supporting Windows Server 2008R2 will find these utilities a must have, while planning for the transition to Windows Server 2012, or even use those new-found tips and tricks to breathe some additional life into a Server destined for replacement.

While Microsoft may be touting the enhancements and advantages offered by Windows Server 2012, there is still a significant number of IT Pros that still have to support Windows Server 2008 environments. The reasons are many, ranging from limited budgets to Windows Server 2008 meeting current needs. Simply put, a majority of IT Pros are in no rush to move over to Windows Server 2012.

Further delaying that move is the fact that Windows Server 2008 R2 is loaded with little known features and capabilities that are sure to extend the life of Microsoft’s last generation server operating system. Unearthing those tips and tricks takes a little bit of detective work and research to expose the value of those "un-documented" capabilities -- truth be told, most are documented, just impossible to find. Nevertheless, here is a list of important capabilities that every IT Pro should be aware of when working with Windows Server 2008 R2.

2. Windows PowerShell

Although most every IT Pro knows about Windows PowerShell, many do not know or fully appreciate how much power it actually brings to the management of a Windows Server

2008 system. PowerShell features a vast array of commands and syntax that can make everyday chores a lot easier. What’s more, PowerShell proves to be an excellent aid for solving technical problems, quickly and easily. With that in mind, it becomes obvious why an IT Pro would want to master PowerShell, especially the commands that can help to solve problems quickly.

Here are a few examples of commands that can be executed via PowerShell:

Determine the make and model of a computer: Get-WmiObject -Class Win32_ComputerSystem
Discover information about the BIOS: Get-WmiObject -Class Win32_BIOS –ComputerName
Determine the username of who is logged on: Get-WmiObject -Class Win32_ComputerSystem -Property UserName –ComputerName
Get IP addresses assigned to the current computer: Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName . | Format-Table -Property IPAddress
Install an MSI package on a remote computer: (Get-WMIObject -ComputerName TARGETMACHINE -List | Where-Object -FilterScript {$_.Name -eq "Win32_Product"}).Install(\MACHINEWHEREMSIRESIDESpathpackage.msi)
Remove an MSI package from the current computer: (Get-WmiObject -Class Win32_Product -Filter "Name='product_to_remove'" -ComputerName . ).Uninstall()
Remotely shut down another machine after one minute: Start-Sleep 60; Restart-Computer –Force –ComputerName TARGETMACHINE
Enter into a remote PowerShell session (you must have remote management enabled): enter-pssession TARGETMACHINE
Upgrade an installed application with an MSI-based application upgrade package: (Get-WmiObject -Class Win32_Product -ComputerName . –Filter "Name='name_of_app_to_be_upgraded'").Upgrade(\MACHINEWHEREMSIRESIDESpathupgrade_package.msi)
Get a more detailed IP configuration report for the current machine: Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName . | Select-Object -Property [a-z]* -ExcludeProperty IPX*,WINS*

Of course, the above is only a sampling of what can be done with PowerShell. However, it is those commands that illustrate how powerful PowerShell can be for managing both Local and Remote servers. What’s more, many of the commands can be run on remote client PCs as well, further easing administration and troubleshooting.

There are plenty of resources available out there to help you learn PowerShell for free, one of which is powershellmagazine.com.

3. DirectAccess and Agile VPN

Secure and reliable remote access has become a must have for most organizations. Normally an IT Pro has had to implement a third party product to make that a reality, adding complexity and cost to what should be a simple accomplishment. With Windows Server

2008 R2, secure remote access, which is also reliable, is now integrated directly into the operating system, making a once tedious chore relatively simple.

DirectAccess allows remote client computers

running Windows 7 to connect directly to intranet-based resources without the complexity of VPN client software. What’s more, DirectAccess enables mobile users to experience the same type of connectivity both in and outside of the office, which is unlike a typical VPN connection.

DirectAccess connections can be established even before the user logs on (although mobile users must be logged on to access intranet resources). IT Pros can also manage remote computersthat are connected through DirectAccess regardless of whether the user is logged on.

Agile VPN solves one of the most common problems with traditional VPNs, which are not resilient against connection failures or device outages. Normally, when outages occur, the VPN tunnel terminates and the connection must be reestablished -- resulting in lost connectivity that can range from a few minutes to hours or more.

Agile VPN solves those problems by providing multiple network paths between VPN tunnel connection points. In the event of a connection failure or device outage, Agile VPN is designed to automatically use another network path to maintain the existing VPN tunnel.

4. BranchCache

Windows Server 2008 R2 BranchCache feature can speed up perceived access to files for users at branch offices while allowing you to save on data line and bandwidth

costs. Implementing BranchCache can make an IT Pro look like a performance Wizard. Simply put, as the name implies, BranchCache caches frequently accessed data for remote locations (or branches), which effectively speeds up access to data.

BranchCache can be used to mitigate performance problems for remote sites and can delay the need to purchase more bandwidth, saving money, while increasing productivity

. BranchCachereduces wide area network (WAN) traffic and boosts network application responsiveness. It works by caching frequently used content on the network in remote or branch office locations to enhance productivity -- allowing remote users to work with files in an environment that is designed to be identical to the experience of their peers in the central office.

When remote clients attempt to retrieve data from servers located in the central data center, a copy of the retrieved content is stored on the local network at the remote location. Subsequent requests for the same content can be served from replicas help protect digital assets by providing branch offices and remote locations with read-only access to information replicated to those locations. Because the information is read-only, it prevents remote users from modifying or accidentally deleting information.

5. Remote Workspace, Presentation Virtualization, and Remote Desktop Gateway

IT Pros are finding that they need to support remote workers that are using their own hardware

. In other words, those remote users are accessing company resources with machines that IT Pros have no control over. Nevertheless, providing secure remote access to intranet-based resources from public computers or Internet kiosks can boost productivity considerably.

IT Pros can use a combination of the Remote Workspace, Presentation Virtualization, andRemote Desktop Gateway features in Windows Server 2008 R2, to allow remote clientcomputers

to access internal resources without the installation of additional software.

That allows mobile users to remotely access their desktop images. When paired with Windows 7, the remote user is provided with an experience that is identical to the experience they would have when using their desktop computers at the central office location -- including the same desktop icons, Start menu items, and installed applications. When the user closes the session, the remote Windows 7 client desktop environment reverts to the previous configuration.

NAP:-
Network Access Protection with DHCP Step-By-Step Guide Network Access Protection or NAP is a service which validates the health status of different type of clients which intend to use some specific services on the network. Once the client is trying to use the service, its health status is checked by using the health validation agent of NAP service installed on NAP server and if approved, the client is allowed to use that service. One of the services that can be well-integrated with NAP is DHCP. If the client trying to receive an IP address does not pass the health validation check, it is not allowed to receive an IP address and therefore is not able to connect to the network. Of course one of the disadvantages of using DHCP integrated with NAP is that it could be easily bypassed if the client avoided using a dynamic IP address configuration and the user set its IP address manually and joined the network. This actually would all go back to how much privilege is given to the user to be able to change its IP address manually. For this part, we would not talk about in this post as we would try to solely focus on the DHCP and NAP configuration both on the DHCP and NAP Servers and also on the client. First of all we need to install Network Policy Server Role. Open up Server Manager and click on Add Roles and then from the roles check Network Policy and Access Services and click Next. Then from the available Role Services, check Network Policy Server, click Next and then Install: Then from the Administrative Tools, click on Network Policy Server and then in the new windows click on Configure NAP: From the Network Connection Methods, choose Dynamic Host Configuration Protocol (DHCP) and then choose a name for the Policy: Since we do not have a Radius Server in our scenario, click Next again and in the next step click on Add and then give a name to the specified DHCP Scope: Click Next again so that this policy will be applied to all the users. Click Next again and in the new window you should specify a remediation server by clicking on the New Group. In the new Window, give it a name like Rem-Server. Click on Add and then give the IP address of the Remediation Server. Here I entered 10.10.0.10 Notes: A remediation server is the server that gives non-compliant computers (Unhealthy computers) the needed patches and updates to change their status to compliant and healthy. After you added the New Group, then do not enter any URL as the Troubleshooting URL since in this scenario we do not need one and then click Next and then click Next again and then click Finish. Then on the Network Policy Server console and under Network Access Protection click on System Health Validators and then on the right hand side right click on Windows System Health Validator and click Properties: in the new Windows click on Configure: and then in the following Windows you can specify what tests you need to be run on different types of clients (Windows Vista and Windows XP): I let them all on and then click OK twice and finish it all. And then on the server click on Run and type mmc and then from the File menu, choose Add/Remove Snap-in and then choose NAP Client Configuration and click Add and then choose the local computer and click on OK twice to open the following console. On the left pane, click on NAP Client Configuration and then Enforcement Clients and then on the right right click on DHCP Quarantine Enforcement Client and click Enable. Now you are done with the NAP Configuration on the server and you have to move to your Domain Controller and if you want this policy to be applied to all the computers, make some modification on the default domain policy using Group Policies. So on the domain controller open up Group Policy Management Console from the administrative Tools and then right click on the Default Domain Policy and click Edit: Go to Computer Configuration->Windows Settings->Security Settings->Network Access Protection->NAP Client Configuration->Enforcement Clients and then from the right hand side right click on DHCP Quarantine Enforcement Client and click Enable. Then Go to Computer Configuration->Windows Settings->Security Settings-> System Services and then on the right hand side double click on Network Access Protection Agent and from this Window apply the following configuration: Then go to your DHCP Server and open up DHCP from the administrative Tools, and we assume that you already have one scope: Right click on the scope name and then click Properties and then go to the Network Access Protection tab and click on Enable for this scope and then click OK. and then go to the scope Options and right click on it and then choose Configure Options and go to the Advanced Tab and from the User Class choose Default Network Access Protection Class and then in the options check DNS Server and add a DNS Server IP Address and then click OK. Now you are done and everything works fine. All you need to do is to go to your client and disable the firewall or disable your antivirus program or do something which makes your client NOT HEALTHY and then you will see that you will get an IP Address from the DHCP Server but this time with a DNS address of 100.100.100.100 You want to learn more about Network Access Protection and see more scenarios such as integration with VPN? Check out my new book below and have access to great and practical tutorials and step-by-step guides all in one book.

Technology and Tricks

Server Support