sysinternals

Revisiting Microsoft/Sysinternals Du as a batch file

Dave Farquhar security, Windows , , ,

My tips for using Sysinternals’ Du.exe were well received last week, and my former coworker Charlie mentioned a GUI tool called Windirstat that I had completely forgotten about. For the command-line averse, it’s an incredibly useful tool.

But there’s one thing that Du.exe does that makes the CLI worthwhile. It will output to CSV files for further analysis. Here’s the trick.

DU -L 1 -Q -C \\SERVERNAME\C$\ >> servers.csv

Sub in the name of your server for servername. You have to have admin rights on the server to run this, of course.

For even more power, run this in a batch file containing multiple commands to query multiple servers, say, in your runup to Patch Tuesday. Open the file in your favorite spreadsheet, sort on Directory Size, and you can find candidates for cleanup.

Read more

How to clean up a Windows server

Dave Farquhar security, Windows , , , , , ,

From time to time, Windows patches will fail to install because a server doesn’t have enough space to install them. Finding the ginormous files are that are hogging all the space on the C drive is really tedious if you do it by clicking around in Windows Explorer, but there’s a better way.

Download the free Sysinternals Du.exe utility and you can find the behemoths in minutes, if not seconds. Read more

What I would do to fix Dr. A’s computer

Dave Farquhar Hardware, Software, Windows , , , , , , , , , , , , ,

I left my conversation with Dr. A nearly convinced he doesn’t really need a new computer. The local store is pitching him a new $700 Dell Inspiron with a 1 TB hard drive and 6 GB of RAM and a 17-inch screen. But he could upgrade to a 1 TB hard drive for less than $125. If he doesn’t want to switch to Windows 7, his current Windows XP Professional will only use 4 GB of RAM anyway. Upgrading to 4 GB of RAM will cost less than $40. And looking at the new system, I don’t know that its CPU is all that much more powerful than what he already has.

To me, the clincher was this. I asked myself the question whether, if I were offered a machine exactly like his for $200 or $300, would I buy it. And it was an easy answer. I would.

I haven’t done a thorough analysis of the machine, but I’ve seen enough to have an idea what it needs. Much of it will seem familiar, if you’ve been reading me a long time.
Read more

Registry optimization

Dave Farquhar Windows , , , , , , ,

I gave my Windows 2000 system a little tuneup today. Nothing major, but it feels peppier now, and didn’t take all that long to do. Nor did it require any expensive utilities.

This works with Windows 2000, XP, NT4, and Vista. For Windows 9x advice, you’ll have to turn to an old critically acclaimed book written by someone you’ve never heard of.First, I ran Ccleaner, which does a general cleanup of temporary files and obsolete/incorrect registry entries. It found more than 300 MB of garbage to get rid of. Be sure to run both the file and registry cleanup, as they’re separate buttons. It found a lot less in the registry that needed to go.

Stage 2 is to run NTregopt. I recommend downloading the all-inclusive collection from Donn Edwards, which includes NTregopt, plus the Sysinternals system file defragmenter and the excellent JK-Defrag. NTregopt packs the registry, removing the empty space formerly occupied by now-deleted entries. In my case, it reduced the size of the registry by about 200K. Not a lot, but I don’t do a lot of installing/uninstalling on this system.

Stage 3 is to run the Sysinternals Pagedefrag, which is included in the Donn Edwards bundle. In my case, most of my registry files were in nice shape, but one of them was in a startling 28 fragments. Pagedefrag took care of that.

Of course, while you’re at it, it doesn’t hurt to do a general defragmentation. JK-Defrag is fantastic–much better than most commercial programs, and it’s free. In my younger days I might do a quick defrag both before and after registry optimization, but one defrag afterward takes less time and should usually suffice.

The registry optimization took about 10 minutes total, including the reboot. The disk defragmentation took another 45 minutes, but there was no need for me to sit and watch that.

The system boots faster now. It also feels peppier, but since the registry wasn’t in horrible shape, I’m guessing the defragmentation did more to help system speed than the registry work. Getting rid of 300 megs of garbage and moving a few gigabytes of rarely used data files to the end of the disk to make room up front for the stuff you do use makes a difference.

The nice thing is that optimization like this used to require a $99 software package, like Norton Utilities or Nuts & Bolts, and both of those packages also installed some junk that really did a lot more harm than good (like Norton Crashguard, which I used to call Norton Crashmaker). I devoted an entire chapter of the aforementioned book to installing and using utilities suites while keeping the problem-causing stuff off your system.

Today, you can download and install two files that do it for free and stay out of your way except when you need them.

Identifying what processes are talking on your Windows box

Dave Farquhar Windows , , , , , , ,

If you’re curious whether a particular piece of software might be spyware, or you have some other reason to believe your computer might have been compromised and might be talking to something it shouldn’t be, there’s a quick and easy way to find out besides using the standard netstat -an command.

Windows XP and 2003 (and, presumably, Vista) have the netstat -o command, which tells you what IP addresses your computer is talking to and on what ports, plus it adds the process IDs that have those ports open. There’s a hotfix to add that functionality to Windows 2000, but it appears you have to demonstrate a need for it in order for Microsoft to provide it.

Regardless, I like the Sysinternals tool TCPview better. The most important thing it does is give you the names of the application, instead of the process ID, using each port. That saves you from having to run task manager and figure it out yourself. It puts everything in a GUI window, making it a little bit easier to scroll around, and it also tries to resolve the IP addresses, which can be nice. So if all you have open is a web browser pointing at Google and you see processes talking to web addresses you’ve never heard of, you have reason to be suspicious.

The next time someone complains to me that a computer is running slow, once I think I’ve cleaned off the spyware I think I’ll run this utility just to see if there might be anything left.

Optimizing Windows networks

Dave Farquhar Windows , , , ,

My church’s IT czar asked me a good question the other day. His network performance was erratic and Network Neighborhood was messed up. Some computers saw different views of the network, although if you manually connected to other computers, that usually worked.
There are probably 35 or so computers on the network now, so it’s no longer a small network. He asked a few good questions, and the tips that came out of the discussion bear repeating here.

1. Establish a master browser. There’s supposed to be one and only one keeper of the Network Neighborhood’s directory, if you will. Whenever a Windows computer comes online, it calls for an election. Usually the winner of the election makes sense. But sometimes a computer that has no business winning the election wins. Or sometimes the computers seem to get confused about who won the election.

Networks shouldn’t be like the U.S. political system.

Windows NT, 2000, and XP boxes run a service called Computer Browser. Ideally, you want one master browser and a couple of backups online all the time. So pick four computers who are likely to always be on, and who are running Windows 2000 or XP, preferably (since they’re likely to be newer computers). Then turn the Computer Browser service off on all but those four computers. Browser elections and related bureaucracy can chew up 30% of your network bandwidth in worst-case situations, so this can be worth doing even if you’re not yet experiencing the problem.

2. Use WINS. Unless you have an Active Directory domain and you’re running DNS on Windows 2000 or 2003 Server, Windows boxes have to broadcast because they don’t know the addresses of any other computers on the network. All that broadcast traffic chews up bandwidth and can cause other unusual behavior. WINS is basically like Windows-proprietary DNS. Set up WINS on one of your Windows servers, if you have one, or on a Linux box running Samba, and you’ll end up with a faster, more reliable network.

If you’re running a home network with fewer than 10 PCs, this probably isn’t worth the effort–especially the WINS server. The Computer Browser service might be worth disabling but more because it’ll save you a little bit of memory. If you’re a large enterprise with hundreds or thousands of computers running that service, the freeware PSTools suite from Sysinternals has some command-line utilities that can help you turn off services remotely, to avoid the daunting task of visiting every desk.