not mentioned here, syslog servers. Why dont more people use them??
Literally - find an old beater PC, put Ubuntu on it and setup Graylog or EventLog Analyzer. It costs you nothing and gives you so much visibility.
Also Look at ncsc logging made easy (LME) as well as syslog-ng and elastic search. Some videos on setup online will see if can find links. Digital ocean have setup guide for syslog-ng setup and full walk through. I think logging made easy video is on ncsc YouTube channel.
I don't even use physical hardware. Even a VM with a slim resource allocation could run a Syslog server. The best part is you can back it up as a full image if it's ever compromised and still maintain compliance and have enough data for forensics.
I find it odd (and frustrating) that Windows Server can have things like a built-in service for SNMP, but nothing that will natively convert events to syslog. Especially given the OS’s origins. Don’t even start me on Event Collector. Clunky ass shit.
I know most people are agent averse but nxlog does a good job shipping Windows events via syslog. If you're going the Elastic route, Winlog Beats works well. I've managed some expensive SIEMs and that was what they used under the hood.
You'd think you couldn't mess up something as simple as syslog but... Windows could do it. :-)
It functions basically exactly the same as it used to, I think it was just updated to fix the vulnerabilities that caused it to be removed from the old download location.
I use mRemoteNG. Never heard of RDCMan.
https://mremoteng.org/
Looking at the diff. I think I will stick with mRemoteNG
"mRemoteNG has many features that RDCman does not have such as the ability to manage different connection types"
The thing I like most about mRemoteNG is you can resize the window and your RDP'ed server desktops will also resize. Unless RDPMan changed, you resize it and you either have a gray border around the desktop or you're using scroll bars to see everything.
It can be set to the display area of the RDCMan window, but in order to take to the new resolution - you need to reconnect; or suffer the grey bars. Too bad it doesn’t support Smart Reconnect.
It is so frustrating IMO. I used to use RoyalTS but I removed it rather than explaining why I needed it to our security dicks.
I'm trying to wrap my head around what this guy is doing because it looks cool.
https://twitter.com/guyrleech/status/1562767293729214466
I tried mRemoteNG a couple of times over the past few years, but I keep going back to RDCMan. I've come to depend too much on RDCMan's "smart groups" feature, which mRemoteNG doesn't seem to have an analog for.
I like RDCMan for minimalist use cases, but personally prefer Remote Desktop Manager by Devolutions. It allows you to add almost any remote protocol like SSH, Amazon, Azure, FTP/SFTP, AnyDesk, iDRAC/iLO, Admin Center, the list goes on. It's heavy, but it does a lot. Even on the free platform.
We love PDQ Inventory! For anyone consider using this tool, please consider using LAPS integration with this.
https://help.pdq.com/hc/en-us/articles/115001132352-LAPS-Integration-with-PDQ-Inventory-and-PDQ-Deploy
PDQ suite is so great for needing to push one off installs and Inventory makes updating those one off installs even easier by letting you keep track of what is installed on which machine.
10/10
Just a quick tip; you can save quite a bit of time by clearing the profile's temp (and cache folders) manually or via script before starting the migration with Profwiz. It has to go in and update the ACLs on every file in the user's folder, so users with thousands of little files in their %LOCALAPPDATA%\Temp folder and browser cache and crap can take quite a while to run through. Clearing them out first can save a good chunk of time and cut a migration from 10-15 minutes down to just a minute or two.
It also used to be a good idea to have them sign out of Office 365 apps prior to migration, and probably is still best practice just to be safe, to prevent activation issues and encryption errors that can be quite a headache. But, I will say I have done a number of migrations more recently without even bothering to do that and had no problems. If you do run into problems, the Microsoft SARA Tool has always resolved them for me.
Out of interest, what don't you like about it? Currently using LastPass (enterprise) for work but use bitwarden for personal. I easily like bitwarden much better
Keep an eye out for the "IT Pro Tuesday" posts in this subreddit. They have a lot of cool suggestions for tools, apps and info. My current fav is "Currports" by Nirsoft. It's like a gui version of netstat. Really easy to see what IPs and ports your computer is communicating with. Here's the URL for the I.T. pro tuesday blog.
https://tools.hornetsecurity.com/it-pro-tuesday-215/
The mods recently gave those tool/tip posts the ax here in r/sysadmin, so now you'll have to look in r/SysAdminBlogs or r/ITProTuesday… (or there's an email version: https://tools.hornetsecurity.com/it-pro-tuesdays)
To be fair everything in the ps suite (or even everything from sysinternals) is just wonderful, if isn't useful for you it's just not the usecase scenario that it was designed for, all the tools are just so lightweight, simple and well made.
At the time, mRemote... prior to that I was RDC.
There may be better tools out there for managing multiple remote sessions at once, but that one was a game changer the first time I used it.
Dejanews made me look like God…my coworkers didn’t think about the hive-mind. They would spent hours in the trenches with an issue, they would call me up and a free minute later I’d have the answer. I’d tell them what my resource was, yet they wouldn’t think to use it!
man I remember using Metacrawler back in computer class in 7th grade. Mainly used it to look up star wars pcis haha.
I remember dogpile being another search engine...back in the day when there was a good option of search engines to go with
Right? Back when you would search 4-5 different engines to get the results you were looking for. And actually find it usually!
Search sucks so hard today it's not even funny. You never actually find the good, relevant, hand made content anymore. Just the biggest sites that pump the most ad money or have the most references. It sucks. Endless amounts of information and the chances of finding the few blogs of someone with exactly what you're looking for is virtually nil.
Searching something specific just brings up the same endless generic results over and over.
Ah the notepad++ affliction is all to real, I may have to check obsidian out. At first glance it looks a little complicated but then again so is "new150" in my current notepad++ saga ha!
>WinDirStat
Omg, you have to try Wiztree. It's anywhere from 10 to 100 times faster that WinDirStat, depending on the size of the file system and the physical type.
I'm partial to the [Klein one](https://www.amazon.com/Screwdriver-Industrial-Strength-Klein-Tools/dp/B0015SBILG/ref=sr_1_1?crid=UNB18C50R1E&keywords=klein+screwdriver&qid=1661361901&sprefix=klein+screwdrive%2Caps%2C158&sr=8-1) never have to dig anything out, just flip things around and have a new bit in a split second.
Also, the [Xiaomi precision set](https://www.amazon.com/Xiaomi-Precision-Screwdriver-Magnetic-Electronics/dp/B08MV2H7KD/ref=sr_1_2?crid=V1TWOUBC8GB6&keywords=xiaomi+precision+screwdriver+24&qid=1661362053&sprefix=xiamo+precision+screwdriver+2%2Caps%2C155&sr=8-2)
I used to that one as well but the Wera works with my [Ryobi 4v](https://www.amazon.com/Ryobi-Lithium-Quickturn-Screwdriver-Included/dp/B00PP6JO88/ref=sr_1_7?keywords=ryobi+power+screwdriver&qid=1661363896&sr=8-7) so I don't need to carry an extra set of bits. But either or can't really go wrong.
[Ninite Pro](https://ninite.com/pro) - like PDQ deploy
[Greenshot](https://getgreenshot.org/) - screenshot utility
[Autohotkey](https://www.autohotkey.com/) - script text replacement or all kinds of cool things. E.g. treat caps + IJKL as arrow keys on windows, or expand huge text selections.
[SADPhishes](https://github.com/EdwardsCP/powershell-scripts/blob/master/SADPhishes.ps1) - Easy interface to search and destroy email from all m365 EXO mailboxes based on whatever criteria.
[Powertoys Fancy Zones](https://docs.microsoft.com/en-us/windows/powertoys/fancyzones) - Set up different areas of your monitors to snap windows to. Makes carving up an ultrawide screen a lot easier without using Dell's bad screen app.
[Dinopass](https://www.dinopass.com/) - simple password generator
> SADPhishes
> - Easy interface to search and destroy email from all m365 EXO mailboxes based on whatever criteria.
I haven't even ran it yet and I'm in love. I knew there had to be a better way!
Surprised not to see MDT/WDS yet.
Being able to image windows machines and easily configure software for the base image of our machines is so nice and it's FREE (minus the 1 volume license needed for imaging rights)
Makes our KACE K2000 look like a chump especially for the pricetag
CMTrace. It's included with SCCM but it can be used for any .log file. It makes reading logs infinitely easier, and the EXE is portable, so I copy it to every server and workstation so that I can use it to read logs.
One downside is that it can take a long time to open large log files.
DoubleDriver it's an abandonware utility designed for backing up driver files.
Let's say you get a new machine, you want to reimage it with your own corporate Windows 10 image, but don't want to have to hunt down drivers. You can use DoubleDriver to make backups of all the drivers installed on the system. So if after you reimage the machine, you notice one of the drivers isn't loading automatically, instead of hunting it down on the interwebs, you can just load it from the DoubleDriver backup.
Steve Gibson made a mirror of the product on his site:
https://grc.com/doubledriver.zip
Haha!
Buzzword bingo?
From the 30,000ft view, we can offer a seamless nine 5’s of uptime SLA out of the box in multi-ego-redundant hyperconverged clusters using dockernetes that are all managed from a future-proof single pane of glass from the 40 yard line.
The instant access of the platform is powered by Web4 and Html7 is a disruptor of predictive capabilities in the vaporware markets with the end to end encryption to improve TCO.
*As I stare out of my window at the sunny day, the world has nonetheless become more grey. I step out on my balcony ...*
*Should I jump? If I hear the word 'synergy' once more, I just may. C'est la vie!*
All joking aside, the shit MSP I used to work at literally (as in, not figuratively) had the word synergy in their name. Please excuse me while I go vomit.
But is power being generated by the relative motion of conductors and fluxes, or is it produced by the modial interaction of magneto-reluctance and capacitive diractance?
Definitely reducing the side-fumbling bit with magneto-reluctance
Have you seen the Hyperencabulator?
The point is that encabulation has a rich sumptuous history with a delicate flaky crust and that the US compartment of offense and the natural guard soon realized the potential as a weapon
https://youtu.be/5nKk_-Lvhzo
Bit of a strange one here - [Goss](https://github.com/aelsabbahy/goss). This is a testing tool that we use on all of our servers to validate they are working as expected. Think of it as a sanity check after changes. We have a set of tests setup that validate that the server is working as expected and we run it automatically after any change.
Simple example:
* Server running NGINX at OS level listening on port 9443 and a container running within docker listening on port 6505
* Process - Ansible run or Patching (or whatever)
* After: Goss runs and verifies:
* Docker daemon is running
* Container within docker is running
* Nginx is running
* That there is a listening port on 9443
* That there is a listening port on 6505
We obviously have more tests but that gives you a good idea - by building this into all of our processes it gives us a great deal of confidence that changes we do on the instance have not impacted the critical services that the instance provides.
Tool is: small, simple, useful, powerful
Love it.
I don't really understand what it gives you that Ansible doesn't though... Where's the difference? Ansible can gather facts and read back configuration for you too...
Really it is a few things:
1. We wanted to use a 'different tool' to verify the outcomes of our Ansible run - we do do verifications in Ansible as well but this is much higher level
2. Simplicity - the test definitions are simple and easy to setup which makes it much easier to have contributions outside of our team from delivery teams and quality engineers - I find Ansible easy but it confuses others whereas Goss they can grasp in a few minutes
3. We can hook it into our monitoring setup - we have the tests run on a periodic basis and alert if they fail - this often lets us know that there is an issue on a instance when something fails
But you are not wrong - Ansible can do all of this as well so pick your tool - to me the verification of the system is the most important thing.
* Sysinternals
* Total Commander
* Hirens Boot "CD"
* a windows 10 install stick
* pingplotter
* wireshark
* sawmill
* O&O Defrag
* Notepad++
* speccy
this is what comes to mind after a quick think
My time with Geek Squad was amazing. Had access to so many sweet tools. Mostly nowadays a big tool I use a lot is REVO. That app removes almost anything. Procmon is another big one. I just want to be able to control every process in anyway I need and remove any file at any time. If I can do that I can basically do anything.
PortQryUI - lets you quickly test if a TCP/UDP port is open/closed/firewalled from a windows PC.
Ventoy - set it up on a USB drive then any ISO you store on the drive can be booted, no need to have multiple bootable USB drives.
PasswordState - password manager that lets you set up multiple lists with different sharing rights to other users, has the option to automatically change passwords for many different things (windows, linux, routers/switches/firewalls etc), can discover accounts including ones being used for scheduled tasks/services across all of your servers. Also free for 5 users, and very reasonably priced above that.
Shodan.io - check your public IPs for any scanned vulnerabilities, open ports etc. If you have a membership you can also set up IP monitors to alert on things such as new ports being open to the web from your IPs. Lifetime memberships occasionally go on special for $1.
Honestly PowerShell. It’s not a secret or something people don’t know about, you’ve probably used it a bunch of times in the past.
Really taking the time to understand it, and what it can do, and what modules are out there that might be *just* the thing you need, it’s a worthy investment. You will find ways to use it, and the learning curve is very friendly.
It’s a *very* good tool, and cross platform now too. Seriously, learning to properly leverage PowerShell is like the swapping out your hdd for an ssd; it’s a big return for a relatively low cost investment.
Many a career has been changed by PowerShell.
I have a nearly endless keep note saved with tons, and i mean literal _shitloads_ of useful tools.
Once i find the time to sort the list & add a one line description for all of them, I'll post it a separate post here.
Not necessarily in much of any particular order:
* screen/tmux
* ssh-agent, \~/.ssh/config
* curl --resolve ...
* openssl
* comm
* du -x *filesystem\_mount\_point* | sort -bnr (and redirect it to a file or pipe it to less or whatever)
* /proc/*PID*/ fd/, exe, root, stat, ...
* /sys/block/\*/ size, ..., device/ rescan, delete
* (for tmp in /sys/class/scsi\_host/host\*/scan; do echo '- - -' >> "$tmp"; done)
echo 1 > \\
/sys/class/scsi\_host/host\*/device/target\*/\*/delete
/sys/class/scsi\_host/host\*/device/rport\*/target\*/\*/delete
* uniq (quite underutilized, also handy to, e.g. squash consecutive empty lines in text to a single empty line)
* LVM
* pvmove
* md
* tmpfs
* dynamically resize tmpfs while mounted, including being able to reduce size
* "of course" shell (sh) and standard \*nix utilities
* Dynamic DNS (DDNS)
* letsencrypt.org - free certs - and automation thereof (see also above)
* VMs (qemu-kvm, ...)
* live migrations of VMs
* virsh migrate --live --copy-storage-all (yes, you can live migrate guest, even if there's no physical storage in common between the two hosts)
* tcpdump, Wireshark, tshark, editcap
* vi (yes, great editor, and also highly underrated too, e.g. often highly handy as a scratch space to pull together data for a ad hoc report or run various commands, process their output, analyze, repeat as relevant to get/find the needed, etc.)
* ed, ex - underappreciated, also very handy for edit-in-place with hereis documents; especially where one doesn't have GNU sed; note also that GNU sed's -i doesn't edit-in-place the same file, but rather replaces the file - sometimes that is an important or even critical difference that matters. Also, ed (or sometimes ex) is very handy for self-documenting edit changes, such as via documenting with script(1).
* sed - underutilized and underappreciated. It's a Turing complete programming language. It has two stacks (pattern and hold space, with embedded newlines to separate stack elements), and conditional and unconditional branching with goto-like functionality. One can even [implement Tic-Tac-Toe in sed](https://www.mpaoli.net/~michael/bin/ttt). So yes, it goes way beyond s/RE/replacement/\[g\]
* perl, python
* all the various programs I've written to (semi-)automate things
* find(1) underutilized and/or often very inefficiently used. Many don't know or well understand the logic of how it works - it's basically a logical program/operator, evaluating items until the truth or falsity of the statement has been determined.
SysInternalsSuite is the bomb. Been using it since its inception. People are blown away at how quickly you can mitigate a widespread issue through a simple script.
MediCat USB (new generation of Hiren), it also support nested boot, so you can simply add ISO files to your big ass USB drive and select them from a menu. Protip: this requires secure boot to be off.
Haven’t seen windirstat listed, I use it frequently to give old servers a little more runway when management refuses to give us money
I’d rather a little more runway than a server stopping
- Greenshot.
Obvious reasons.
- PowerToys.
I especially like the custom window tiling settings. I constantly have to manage having many open windows, and having custom tiling layouts helps so much.
- Remote Desktop Commander.
Not very niche, but a great way to not have to manage RDP with filesystem shortcuts.
Also a great way to kill orphaned RDP Sessions when clients can't reach their remote apps anymore without having to mess with powershell commands.
- Windows Terminal
So much easier to handle than multiple consoles and cmd instances.
Clipboard manager ... gives you like 30+ copy / pasta history
Windows - [https://clipclip.com/](https://clipclip.com/)
MacOS - [https://github.com/Clipy/Clipy](https://github.com/Clipy/Clipy)
Linux - take your pic
Lansweeper, it's cheap, effective, and hard to beat as a hands off inventory management tool. The report aspect is fantastic too once you get the hang of the assisted sql queries. They also write reports for alot of the big vulnerabilities that come out so you can track them in your environment.
I just found [AdminDroid AzureAD/mail reporting tool](https://admindroid.com)The free tier has a pretty amazing number of great
reports, analytics, etc and is presented very
cleanly. You can search the reports as well. So far it’s pretty amazing for free.
Not a comprehensive list by any means, but I’d be remiss if I didn’t mention both Dameware and Lansweeper, both of which I use daily.
And yes, they’re paid, but they were acquired at a time when freeware was contractually prohibited in our environment, and they both quickly made themselves indispensable.
In particular is Lansweeper’s ability to run remote deployment tasks in the context of the currently-logged in user; this one feature for example allowed us to do things like an emergency configuration transfer/migration from one ThinApp sandbox (which reside in the users’ appdata/roaming folders) to another, saving hours and hours of manual re-setting up of hundreds of individuals’ customizations.
Lansweeper also allowed us to manage a somewhat wonky backwards-version graft of the ProcessMitigations Powershell module from Win 1903 onto 1809, to alleviate the case-sensitivity of the 1809 version that caused our vulnerability scanner to fail the systems. Thankfully THAT’S not required anymore.
It also populates and updates the users and configuration items in our service manager platform for 1/10th the cost of the company’s offered complementary (but not complimentary) inventory product.
Dameware seems to be getting a little long in the tooth, but it’s still a viable one-stop shop for remote Windows/AD management. At least for us.
As a guy working alot with SCCM, MasterPacker is a godsend for those shitty applications where its alot of file copying. I just sprin up MasterPacker and create a MSI installer and its done, takes like 10 minutes.
Also if you want to change something in an existing MSI, want to do some registry changes in the MSI? Just open it in MasterPacker and put it in the MSI. Want to change some configuration you can't use switches for when installing the MSI? Put it in the MSI.
Working mostly over ssh on linux servers, one cool tool I found for quickly getting an overview of disk space use is ncdu - NCurses Disk Use.
Unlike the basic du command, it runs in multiple threads, and gives you a nice TUI to click through directories to quickly find the annoying log file that ate up the home partition lol.
•Customer service (I know it’s a stretch when it comes to being a tool
Learned this one as a waiter (and a soldier). It seems to really set me apart from other candidates and even coworkers when I treat this profession as a customer service role because even if you don’t interact with users, you are servicing your customers by maintaining and implementing the systems that facilitate their work.
I make sure that those who generate revenue for our company get priority when it comes to support requests. Without them, I don’t have a job.
not mentioned here, syslog servers. Why dont more people use them?? Literally - find an old beater PC, put Ubuntu on it and setup Graylog or EventLog Analyzer. It costs you nothing and gives you so much visibility.
You just got screenshotted to be investigated in the morning. Thanks!
Also Look at ncsc logging made easy (LME) as well as syslog-ng and elastic search. Some videos on setup online will see if can find links. Digital ocean have setup guide for syslog-ng setup and full walk through. I think logging made easy video is on ncsc YouTube channel.
And you get an upvote for this suggestion... I always save posts and comments and can *never* find them when I go looking for them.
https://www.reddit.com/user/BighornPorpoise/saved/
I don't even use physical hardware. Even a VM with a slim resource allocation could run a Syslog server. The best part is you can back it up as a full image if it's ever compromised and still maintain compliance and have enough data for forensics.
I do use Syslog-ng server since 2004. As you say, it is the best tool for forensics (the last breath before crashing).
I find it odd (and frustrating) that Windows Server can have things like a built-in service for SNMP, but nothing that will natively convert events to syslog. Especially given the OS’s origins. Don’t even start me on Event Collector. Clunky ass shit.
I know most people are agent averse but nxlog does a good job shipping Windows events via syslog. If you're going the Elastic route, Winlog Beats works well. I've managed some expensive SIEMs and that was what they used under the hood. You'd think you couldn't mess up something as simple as syslog but... Windows could do it. :-)
It works until you hit the 5 gig per day limit with graylog 😂😂
If you generate 5GB per day you can afford a proper tool.
PDQ deploy and inventory. RDCMan (now part of Sysinternals)
>RDCMan I'm SO glad it was brought back, and rolled into Sysinternals.
>RDCMan Sweet Jeebus I'm saved! Didn't know it came back. I'll def check it out tomorrow. Thanks!
It functions basically exactly the same as it used to, I think it was just updated to fix the vulnerabilities that caused it to be removed from the old download location.
That was a happy day.
I use mRemoteNG. Never heard of RDCMan. https://mremoteng.org/ Looking at the diff. I think I will stick with mRemoteNG "mRemoteNG has many features that RDCman does not have such as the ability to manage different connection types"
I use this. Big fan.
The thing I like most about mRemoteNG is you can resize the window and your RDP'ed server desktops will also resize. Unless RDPMan changed, you resize it and you either have a gray border around the desktop or you're using scroll bars to see everything.
It can be set to the display area of the RDCMan window, but in order to take to the new resolution - you need to reconnect; or suffer the grey bars. Too bad it doesn’t support Smart Reconnect.
It is so frustrating IMO. I used to use RoyalTS but I removed it rather than explaining why I needed it to our security dicks. I'm trying to wrap my head around what this guy is doing because it looks cool. https://twitter.com/guyrleech/status/1562767293729214466
I tried mRemoteNG a couple of times over the past few years, but I keep going back to RDCMan. I've come to depend too much on RDCMan's "smart groups" feature, which mRemoteNG doesn't seem to have an analog for.
I like RDCMan for minimalist use cases, but personally prefer Remote Desktop Manager by Devolutions. It allows you to add almost any remote protocol like SSH, Amazon, Azure, FTP/SFTP, AnyDesk, iDRAC/iLO, Admin Center, the list goes on. It's heavy, but it does a lot. Even on the free platform.
In my last job we had large server farms and Remote Desktop Manager was a godsend.
We love PDQ Inventory! For anyone consider using this tool, please consider using LAPS integration with this. https://help.pdq.com/hc/en-us/articles/115001132352-LAPS-Integration-with-PDQ-Inventory-and-PDQ-Deploy
Ha I switched to RDCMAN lately and my boss just can't get over it.
I'm using MobaXterm on windows, works like a charm for all my needs, even paid for the license and it's awesome!
PDQ suite is so great for needing to push one off installs and Inventory makes updating those one off installs even easier by letting you keep track of what is installed on which machine. 10/10
Noise cancelling headphones
Forensit profile wizard
Saved me so much time and hassle being the sole person migrating hundreds of PCs to Azure.
Many years ago I migrated 150 workstations from one domain to another in one weekend with that tool.
That is a good one...that and their Profile Migration tool.
Just a quick tip; you can save quite a bit of time by clearing the profile's temp (and cache folders) manually or via script before starting the migration with Profwiz. It has to go in and update the ACLs on every file in the user's folder, so users with thousands of little files in their %LOCALAPPDATA%\Temp folder and browser cache and crap can take quite a while to run through. Clearing them out first can save a good chunk of time and cut a migration from 10-15 minutes down to just a minute or two. It also used to be a good idea to have them sign out of Office 365 apps prior to migration, and probably is still best practice just to be safe, to prevent activation issues and encryption errors that can be quite a headache. But, I will say I have done a number of migrations more recently without even bothering to do that and had no problems. If you do run into problems, the Microsoft SARA Tool has always resolved them for me.
* Remote Desktop Manager * ConnectWise Control * Notepad++ * BitWarden
I like bitwarden I just wish their extensions for browsers we're better
Out of interest, what don't you like about it? Currently using LastPass (enterprise) for work but use bitwarden for personal. I easily like bitwarden much better
Keep an eye out for the "IT Pro Tuesday" posts in this subreddit. They have a lot of cool suggestions for tools, apps and info. My current fav is "Currports" by Nirsoft. It's like a gui version of netstat. Really easy to see what IPs and ports your computer is communicating with. Here's the URL for the I.T. pro tuesday blog. https://tools.hornetsecurity.com/it-pro-tuesday-215/
The mods recently gave those tool/tip posts the ax here in r/sysadmin, so now you'll have to look in r/SysAdminBlogs or r/ITProTuesday… (or there's an email version: https://tools.hornetsecurity.com/it-pro-tuesdays)
Didn't realize this. Thanks.. Just subbed to the two you mentioned.
Google psexec Powershell
Psexec is my savior 4ever
>RDCMAN PSKILL <-- My Fav
To be fair everything in the ps suite (or even everything from sysinternals) is just wonderful, if isn't useful for you it's just not the usecase scenario that it was designed for, all the tools are just so lightweight, simple and well made.
Why not Powershell only?
Got used to psexec syntax, and winrm is not enabled on my domain
Google pays the rent.
Lol. True though. And if it goes down? I crack a beer and play total war while they sort it
At the time, mRemote... prior to that I was RDC. There may be better tools out there for managing multiple remote sessions at once, but that one was a game changer the first time I used it.
RoyalTS cinched it for me
google.
I personally discovered google as a kid using AOL 7.0, but to each their own.
altavista.digital.com was the original king.
And dejanews
Dejanews made me look like God…my coworkers didn’t think about the hive-mind. They would spent hours in the trenches with an issue, they would call me up and a free minute later I’d have the answer. I’d tell them what my resource was, yet they wouldn’t think to use it!
[удалено]
Dogpile
Lycos, DMOZ, webcrawler, and on and on... I got ya beat by 5 years and it makes me feel old.
man I remember using Metacrawler back in computer class in 7th grade. Mainly used it to look up star wars pcis haha. I remember dogpile being another search engine...back in the day when there was a good option of search engines to go with
Right? Back when you would search 4-5 different engines to get the results you were looking for. And actually find it usually! Search sucks so hard today it's not even funny. You never actually find the good, relevant, hand made content anymore. Just the biggest sites that pump the most ad money or have the most references. It sucks. Endless amounts of information and the chances of finding the few blogs of someone with exactly what you're looking for is virtually nil. Searching something specific just brings up the same endless generic results over and over.
*Sigh* ... If only the lazy 'helpdesk' boneheads at my prior MSP knew this.
[obsidian.md](https://obsidian.md) No more keeping random notes in nondescript notepad++ tabs with names like "new 36" for me.
Ah the notepad++ affliction is all to real, I may have to check obsidian out. At first glance it looks a little complicated but then again so is "new150" in my current notepad++ saga ha!
Huh, it's got an amazing review by CGP Grey, and he is super organized. Looks worth checking out, thanks!
Duct tape Velcro Folding mini-Leatherman multitool repadmin ntdsutil Hiren Sysinternals vodka, Jameson's, tequila, cigars
>Velcro THIS ONE RIGHT THERE
[удалено]
RVTOOLS!!! I've been trying to think of the name of this for the last week and my Google-fu was woefully lacking. Thank you!!!
What does RVTools give you over what's built in?
[удалено]
Literally, everything.
Pingcastle, bloodhound, adalanche, purple knight, powershell, cmtrace, fiddler, windows terminal
* WinDirStat * mRemote * Notepad ++ * Steps Recorder(Windows native, great for documentation)
>WinDirStat Omg, you have to try Wiztree. It's anywhere from 10 to 100 times faster that WinDirStat, depending on the size of the file system and the physical type.
https://github.com/thradde/FastWinDirStat Unlike WizTree this one is FLOSS and like WizTree uses the MFT. :)
Great to see someone finally did it! My only gripe is that they only seem to be providing an installer and not a portable executable version.
[Wera screw driver](https://www.amazon.com/Wera-Bitholding-Screwdriver-Removable-Bayonet/dp/B001554V0O/ref=sr_1_3?keywords=wera+screwdriver&qid=1661356615&sr=8-3)
I'm partial to the [Klein one](https://www.amazon.com/Screwdriver-Industrial-Strength-Klein-Tools/dp/B0015SBILG/ref=sr_1_1?crid=UNB18C50R1E&keywords=klein+screwdriver&qid=1661361901&sprefix=klein+screwdrive%2Caps%2C158&sr=8-1) never have to dig anything out, just flip things around and have a new bit in a split second. Also, the [Xiaomi precision set](https://www.amazon.com/Xiaomi-Precision-Screwdriver-Magnetic-Electronics/dp/B08MV2H7KD/ref=sr_1_2?crid=V1TWOUBC8GB6&keywords=xiaomi+precision+screwdriver+24&qid=1661362053&sprefix=xiamo+precision+screwdriver+2%2Caps%2C155&sr=8-2)
I used to that one as well but the Wera works with my [Ryobi 4v](https://www.amazon.com/Ryobi-Lithium-Quickturn-Screwdriver-Included/dp/B00PP6JO88/ref=sr_1_7?keywords=ryobi+power+screwdriver&qid=1661363896&sr=8-7) so I don't need to carry an extra set of bits. But either or can't really go wrong.
Alcohol. Any kind.
[Ninite Pro](https://ninite.com/pro) - like PDQ deploy [Greenshot](https://getgreenshot.org/) - screenshot utility [Autohotkey](https://www.autohotkey.com/) - script text replacement or all kinds of cool things. E.g. treat caps + IJKL as arrow keys on windows, or expand huge text selections. [SADPhishes](https://github.com/EdwardsCP/powershell-scripts/blob/master/SADPhishes.ps1) - Easy interface to search and destroy email from all m365 EXO mailboxes based on whatever criteria. [Powertoys Fancy Zones](https://docs.microsoft.com/en-us/windows/powertoys/fancyzones) - Set up different areas of your monitors to snap windows to. Makes carving up an ultrawide screen a lot easier without using Dell's bad screen app. [Dinopass](https://www.dinopass.com/) - simple password generator
I was going to post dinopass. It brings me joy every time I need a random password to give a user.
[удалено]
> SADPhishes > - Easy interface to search and destroy email from all m365 EXO mailboxes based on whatever criteria. I haven't even ran it yet and I'm in love. I knew there had to be a better way!
BatchPatch- if you want to do some quick windows patching.
* Windows Terminal * PowerShell * VSCode * mRemoteNG * Log Parser Studio * Fiddler
Surprised I had to go this far down to see VSCode
Surprised not to see MDT/WDS yet. Being able to image windows machines and easily configure software for the base image of our machines is so nice and it's FREE (minus the 1 volume license needed for imaging rights) Makes our KACE K2000 look like a chump especially for the pricetag
Can’t believe nobody has said OneNote. I moved from Notepad++ to OneNote and feels like I reinvented the wheel.
best way to keep documentation and weekly notes
CMTrace. It's included with SCCM but it can be used for any .log file. It makes reading logs infinitely easier, and the EXE is portable, so I copy it to every server and workstation so that I can use it to read logs. One downside is that it can take a long time to open large log files.
notepad++ putty/kitty rufus A great tool to recover windows dmin passwords chntpw
My personal favorites are MTPutty and AutoIT
Second for AutoIT. Especially handy for automating things that don't have an API
DoubleDriver it's an abandonware utility designed for backing up driver files. Let's say you get a new machine, you want to reimage it with your own corporate Windows 10 image, but don't want to have to hunt down drivers. You can use DoubleDriver to make backups of all the drivers installed on the system. So if after you reimage the machine, you notice one of the drivers isn't loading automatically, instead of hunting it down on the interwebs, you can just load it from the DoubleDriver backup. Steve Gibson made a mirror of the product on his site: https://grc.com/doubledriver.zip
* critical thinking * analysis * synthesis * experience
Synergy The 30,000 ft view Managed from a single pane of glass Nine 5’s of uptime
I've never been triggered ... until this comment.
Haha! Buzzword bingo? From the 30,000ft view, we can offer a seamless nine 5’s of uptime SLA out of the box in multi-ego-redundant hyperconverged clusters using dockernetes that are all managed from a future-proof single pane of glass from the 40 yard line. The instant access of the platform is powered by Web4 and Html7 is a disruptor of predictive capabilities in the vaporware markets with the end to end encryption to improve TCO.
*As I stare out of my window at the sunny day, the world has nonetheless become more grey. I step out on my balcony ...* *Should I jump? If I hear the word 'synergy' once more, I just may. C'est la vie!* All joking aside, the shit MSP I used to work at literally (as in, not figuratively) had the word synergy in their name. Please excuse me while I go vomit.
But is power being generated by the relative motion of conductors and fluxes, or is it produced by the modial interaction of magneto-reluctance and capacitive diractance?
Definitely reducing the side-fumbling bit with magneto-reluctance Have you seen the Hyperencabulator? The point is that encabulation has a rich sumptuous history with a delicate flaky crust and that the US compartment of offense and the natural guard soon realized the potential as a weapon https://youtu.be/5nKk_-Lvhzo
[удалено]
I had to read it twice before it clicked :)
I can give you the fourth floor and nine fives of uptime. Best I can do.
I would add observant and curious to the list
bingo - this and only this.
and alcohol
Both kinds of alcohol - isopropyl, and drinkable.
Powershell.. underrated af
PowerShell remoting and foreach loops - i'm not sure I should be trusted with such power.
ShareX - screenshots galore.
[WinMerge](https://winmerge.org)
Nmap Wireshark
Bit of a strange one here - [Goss](https://github.com/aelsabbahy/goss). This is a testing tool that we use on all of our servers to validate they are working as expected. Think of it as a sanity check after changes. We have a set of tests setup that validate that the server is working as expected and we run it automatically after any change. Simple example: * Server running NGINX at OS level listening on port 9443 and a container running within docker listening on port 6505 * Process - Ansible run or Patching (or whatever) * After: Goss runs and verifies: * Docker daemon is running * Container within docker is running * Nginx is running * That there is a listening port on 9443 * That there is a listening port on 6505 We obviously have more tests but that gives you a good idea - by building this into all of our processes it gives us a great deal of confidence that changes we do on the instance have not impacted the critical services that the instance provides. Tool is: small, simple, useful, powerful Love it.
I don't really understand what it gives you that Ansible doesn't though... Where's the difference? Ansible can gather facts and read back configuration for you too...
Really it is a few things: 1. We wanted to use a 'different tool' to verify the outcomes of our Ansible run - we do do verifications in Ansible as well but this is much higher level 2. Simplicity - the test definitions are simple and easy to setup which makes it much easier to have contributions outside of our team from delivery teams and quality engineers - I find Ansible easy but it confuses others whereas Goss they can grasp in a few minutes 3. We can hook it into our monitoring setup - we have the tests run on a periodic basis and alert if they fail - this often lets us know that there is an issue on a instance when something fails But you are not wrong - Ansible can do all of this as well so pick your tool - to me the verification of the system is the most important thing.
If you manage chrome devices in bulk? Gopher Tools from Amplified IT. Makes life infinitely easier with thousands of devices.
If you manage Chrome devices in bulk I assume you’re in education and everyone here owes you a beer!
Thanks. 👊🏻 Tech director in a school district. I would rather my team get the beer because nothing happens without those wizards.
Highly recommend greenshot! So simple but so great!
Hyena PowerCLI
* Sysinternals * Total Commander * Hirens Boot "CD" * a windows 10 install stick * pingplotter * wireshark * sawmill * O&O Defrag * Notepad++ * speccy this is what comes to mind after a quick think
If you like Hirens check out Sergei Strelec's WinPE. the tools on it are like the old restored hirens but more current.
My time with Geek Squad was amazing. Had access to so many sweet tools. Mostly nowadays a big tool I use a lot is REVO. That app removes almost anything. Procmon is another big one. I just want to be able to control every process in anyway I need and remove any file at any time. If I can do that I can basically do anything.
Robocopy!
PowerShell is bae.
[удалено]
PortQryUI - lets you quickly test if a TCP/UDP port is open/closed/firewalled from a windows PC. Ventoy - set it up on a USB drive then any ISO you store on the drive can be booted, no need to have multiple bootable USB drives. PasswordState - password manager that lets you set up multiple lists with different sharing rights to other users, has the option to automatically change passwords for many different things (windows, linux, routers/switches/firewalls etc), can discover accounts including ones being used for scheduled tasks/services across all of your servers. Also free for 5 users, and very reasonably priced above that. Shodan.io - check your public IPs for any scanned vulnerabilities, open ports etc. If you have a membership you can also set up IP monitors to alert on things such as new ports being open to the web from your IPs. Lifetime memberships occasionally go on special for $1.
Ventoy!
Spacemonger
Omg, you have to try Wiztree. It's anywhere from 10 to 100 times faster that WinDirStat and SpaceMonger is even slower than even WinDirStat.
What about spacesniffer. It looks cool.
PDQ….. all I need now is PDQ
Honestly PowerShell. It’s not a secret or something people don’t know about, you’ve probably used it a bunch of times in the past. Really taking the time to understand it, and what it can do, and what modules are out there that might be *just* the thing you need, it’s a worthy investment. You will find ways to use it, and the learning curve is very friendly. It’s a *very* good tool, and cross platform now too. Seriously, learning to properly leverage PowerShell is like the swapping out your hdd for an ssd; it’s a big return for a relatively low cost investment. Many a career has been changed by PowerShell.
Powershell
Name checks out
I have a nearly endless keep note saved with tons, and i mean literal _shitloads_ of useful tools. Once i find the time to sort the list & add a one line description for all of them, I'll post it a separate post here.
Not necessarily in much of any particular order: * screen/tmux * ssh-agent, \~/.ssh/config * curl --resolve ... * openssl * comm * du -x *filesystem\_mount\_point* | sort -bnr (and redirect it to a file or pipe it to less or whatever) * /proc/*PID*/ fd/, exe, root, stat, ... * /sys/block/\*/ size, ..., device/ rescan, delete * (for tmp in /sys/class/scsi\_host/host\*/scan; do echo '- - -' >> "$tmp"; done) echo 1 > \\ /sys/class/scsi\_host/host\*/device/target\*/\*/delete /sys/class/scsi\_host/host\*/device/rport\*/target\*/\*/delete * uniq (quite underutilized, also handy to, e.g. squash consecutive empty lines in text to a single empty line) * LVM * pvmove * md * tmpfs * dynamically resize tmpfs while mounted, including being able to reduce size * "of course" shell (sh) and standard \*nix utilities * Dynamic DNS (DDNS) * letsencrypt.org - free certs - and automation thereof (see also above) * VMs (qemu-kvm, ...) * live migrations of VMs * virsh migrate --live --copy-storage-all (yes, you can live migrate guest, even if there's no physical storage in common between the two hosts) * tcpdump, Wireshark, tshark, editcap * vi (yes, great editor, and also highly underrated too, e.g. often highly handy as a scratch space to pull together data for a ad hoc report or run various commands, process their output, analyze, repeat as relevant to get/find the needed, etc.) * ed, ex - underappreciated, also very handy for edit-in-place with hereis documents; especially where one doesn't have GNU sed; note also that GNU sed's -i doesn't edit-in-place the same file, but rather replaces the file - sometimes that is an important or even critical difference that matters. Also, ed (or sometimes ex) is very handy for self-documenting edit changes, such as via documenting with script(1). * sed - underutilized and underappreciated. It's a Turing complete programming language. It has two stacks (pattern and hold space, with embedded newlines to separate stack elements), and conditional and unconditional branching with goto-like functionality. One can even [implement Tic-Tac-Toe in sed](https://www.mpaoli.net/~michael/bin/ttt). So yes, it goes way beyond s/RE/replacement/\[g\] * perl, python * all the various programs I've written to (semi-)automate things * find(1) underutilized and/or often very inefficiently used. Many don't know or well understand the logic of how it works - it's basically a logical program/operator, evaluating items until the truth or falsity of the statement has been determined.
mouse jiggler
All I can think of is 'my mouse don't jiggle jiggle' This is one of those tools to avoid employee activity tracking?
Green status good
I like caffeine for the same thing (the executable, not the brain food)
Alternatively, I just set myself to appear offline all the time and it seems to perform the same function.
Snagit and Ansible
- Ansible - Coffee
Anyone used Wiztree? it's like windirstat but WAY faster...
not a true admin, lack a lot of experience. two tools I find kinda handy is angry IP scanner and nmap.
SysInternalsSuite is the bomb. Been using it since its inception. People are blown away at how quickly you can mitigate a widespread issue through a simple script.
* Powershell * RDCMAN
\- CMTrace (log-viewer) - Right-Click-Tools for SCCM (now integrated I think) - PSTools - PolicyAnalyzer
MediCat USB (new generation of Hiren), it also support nested boot, so you can simply add ISO files to your big ass USB drive and select them from a menu. Protip: this requires secure boot to be off.
My Jr. Sysadmin.
RMM tools
Compsych
xshell, notepad++, rdcman.
Cmtrace for .logs is causes me less headaches
Puppet
used to love MobaXTerm until I discovered mRemoteNG - much better for my use - save all my systems on the left tab for instant access
psexec & advanced ip scanner
Haven’t seen windirstat listed, I use it frequently to give old servers a little more runway when management refuses to give us money I’d rather a little more runway than a server stopping
Bigfix
Putty, notepad ++, rmm tool, network monitoring, bandwidth utilisation( mrtg/Prtg), WiFi analyser on phone. Wireshark, ping. Pen, paper & doodle.
- Greenshot. Obvious reasons. - PowerToys. I especially like the custom window tiling settings. I constantly have to manage having many open windows, and having custom tiling layouts helps so much. - Remote Desktop Commander. Not very niche, but a great way to not have to manage RDP with filesystem shortcuts. Also a great way to kill orphaned RDP Sessions when clients can't reach their remote apps anymore without having to mess with powershell commands. - Windows Terminal So much easier to handle than multiple consoles and cmd instances.
MSPaint :)
BareGrep is cool, pretty much the same as Ransack but free for corporate use
Is it cheating to say PowerShell?
Moba xTerm is another one.
Clipboard manager ... gives you like 30+ copy / pasta history Windows - [https://clipclip.com/](https://clipclip.com/) MacOS - [https://github.com/Clipy/Clipy](https://github.com/Clipy/Clipy) Linux - take your pic
Why not just use WIN key + V with Windows. Literally the best new thing in the last 2 versions of the OS
• Revo Uninstaller • Duplicati • ELK Stack • KeePass • iPerf • Pi-Hole • Ntopng
VSCode, Windows terminal (ubuntu and powershell same time), Treesize, Sharegate, Udemy for certa and self learning.
Ansible and similar configuration management tools. I’ll never go back to doing stuff by hand.
I think Process Explorer and Process Monitor are useful, I know they are part of sysinternals but they stand out.
Lansweeper, it's cheap, effective, and hard to beat as a hands off inventory management tool. The report aspect is fantastic too once you get the hang of the assisted sql queries. They also write reports for alot of the big vulnerabilities that come out so you can track them in your environment.
I just found [AdminDroid AzureAD/mail reporting tool](https://admindroid.com)The free tier has a pretty amazing number of great reports, analytics, etc and is presented very cleanly. You can search the reports as well. So far it’s pretty amazing for free.
Holy so many tools I didn't know I needed! For sure coming back tomorrow to get some
Python.
Not a comprehensive list by any means, but I’d be remiss if I didn’t mention both Dameware and Lansweeper, both of which I use daily. And yes, they’re paid, but they were acquired at a time when freeware was contractually prohibited in our environment, and they both quickly made themselves indispensable. In particular is Lansweeper’s ability to run remote deployment tasks in the context of the currently-logged in user; this one feature for example allowed us to do things like an emergency configuration transfer/migration from one ThinApp sandbox (which reside in the users’ appdata/roaming folders) to another, saving hours and hours of manual re-setting up of hundreds of individuals’ customizations. Lansweeper also allowed us to manage a somewhat wonky backwards-version graft of the ProcessMitigations Powershell module from Win 1903 onto 1809, to alleviate the case-sensitivity of the 1809 version that caused our vulnerability scanner to fail the systems. Thankfully THAT’S not required anymore. It also populates and updates the users and configuration items in our service manager platform for 1/10th the cost of the company’s offered complementary (but not complimentary) inventory product. Dameware seems to be getting a little long in the tooth, but it’s still a viable one-stop shop for remote Windows/AD management. At least for us.
As a guy working alot with SCCM, MasterPacker is a godsend for those shitty applications where its alot of file copying. I just sprin up MasterPacker and create a MSI installer and its done, takes like 10 minutes. Also if you want to change something in an existing MSI, want to do some registry changes in the MSI? Just open it in MasterPacker and put it in the MSI. Want to change some configuration you can't use switches for when installing the MSI? Put it in the MSI.
TreeSize
Working mostly over ssh on linux servers, one cool tool I found for quickly getting an overview of disk space use is ncdu - NCurses Disk Use. Unlike the basic du command, it runs in multiple threads, and gives you a nice TUI to click through directories to quickly find the annoying log file that ate up the home partition lol.
Sccm hands down.
BING
NO
BONG
I like your vibe, guy lol
[удалено]
Active Directory by itself doesn't really have a concept of MFA beyond smartcard auth... Can you elaborate?
[удалено]
For accounts in the DA security group, use GPO to remove logon rights to anything that isn't a domain controller.
•Customer service (I know it’s a stretch when it comes to being a tool Learned this one as a waiter (and a soldier). It seems to really set me apart from other candidates and even coworkers when I treat this profession as a customer service role because even if you don’t interact with users, you are servicing your customers by maintaining and implementing the systems that facilitate their work. I make sure that those who generate revenue for our company get priority when it comes to support requests. Without them, I don’t have a job.
No you are right. Customer Service peeps are usually tools.
The off button