Manage access permissions to your Windows systems, quickly scan log entries, and examine and manage locked files with this month’s selection of tools.
The Access Control Model handles access permissions to Windows resources. The Access Control List (ACL) defines who has access to what. The ACL is a list of Access Control Entries (ACEs), each of which specify access rights as allowed, denied or audited for a particular user, group or logon session.
It’s important to properly secure your systems with the ACL. While it may seem easier to give everyone access to everything, this dramatically increases your surface area exposed to malicious attack. Managing the ACL, however, can be cumbersome.
SetACL Studio, developed by Microsoft MVP Helge Klein, can simplify ACL management. This easy-to-use application lets you view and modify ACLs across the registry, services, shares, printers, Windows Management Instrumentation and, of course, the file system. To view or modify the details of an ACL, browse the Explorer-like tree down from the computer level to the target ACL. The detail pane shows you permissions either directly applied or inherited to the target, as well as the permissions owner.
You can also see any auditing lists applied to the target by toggling the detail pane from Permissions to Auditing. You can change the owner, permissions or auditing ACLs in a couple of clicks. You can also reset the owner, permissions or child items of the current node. The permissions dropdown contains standard and specific permissions, so you can select exactly what you need in one shot. You can also easily see inherited items. Once you’ve made your changes, click Save and you’re done.
SetACL Studio is $14.95 for a single license, and is available for both 32- and 64-bit Windows. You can try it out for 30 days by downloading SetACL Studio from the product Web site. If you’ve found yourself giving everyone access to everything just because it’s easier, or if you need help managing and visualizing ACLs across your Windows machines, check out SetACL Studio.
Just about every application and service generates some kind of log somewhere. Having that information at your fingertips is helpful for monitoring, troubleshooting and just getting a sense how things are going. Busy apps can log a lot of information, and trying to monitor those logs can be quite difficult. LogFusion Pro from Binary Fortress Software helps you monitor those logs in real time.
LogFusion Pro can auto-scroll to the newest lines of a log, much like the Linux/Unix command “tail.” You can disable auto-scroll if you’re looking for something with a particular set of lines and don’t want to auto-refresh. You can monitor pretty much any text log file, because you can define custom columns based on delimiters or other text patterns. LogFusion Pro can also open and monitor Event Logs on both local and remote Windows machines. You can even monitor OutputDebugStrings.
LogFusion Pro lets you open and watch multiple log files at once. Once you have a log open, you can set up highlight rules to ensure you catch important messages within the log. This can be either a regular expression match or just a straight text match. With each highlight rule, you can define the background and foreground highlight colors and choose to bold or italicize matched text. There’s a test section to ensure you’ll match what you want to match.
LogFusion Pro saves your highlight rules, so you don’t have to redefine them every time you open a log. If your log is still too “noisy,” even with your highlight rules in place, you can use the toolbar buttons to show only highlighted items. If you want to exclude those highlighted items, there’s an option for that as well. The toolbar also has “jump to next” and “jump to previous” highlighted row buttons. There’s also a handy scroll bar that shows you the location of the highlighted rows, so you can jump to particular sections of the log.
Other settings for LogFusion Pro include the log display font, whether or not to show blank lines in a log, and setting up “watched” folders. The watched folders option automatically opens logs created or modified when the application launches. If you want to view multiple logs at once, you can also pop each into its own window. This lets you set up your screen as you see fit, which is handy for using the tool in your network operations center or help desk.
A single lifetime license for LogFusion Pro runs a reasonable $12. A lifetime site license for unlimited computers at one site is $120. There’s a free 30-day trial license as well, so you can try before you buy. There’s also a limited free edition, but that’s restricted to personal use. You need to keep your eyes on your logs to keep things running smoothly, and a tool like LogFusion Pro can definitely help.
Having a set of portable tools to bring with you from desk to desk and machine to machine is essential. You might want to consider adding the NoVirusThanks File Governor, from NoVirusThanks Co. Srl, to your toolkit. This simple portable tool runs as a single executable and is available in both x86 and x64 versions, so you can run it on all flavors of Windows to see which processes have locks on what files.
To use the NoVirusThanks File Governor, double-click the executable and pick the directory you want to check for locked files. If you want a more permanent option, you can add the NoVirusThanks File Governor to the Windows “Send To” and Explorer Context menus via the application settings. The utility will scan the directories and sub-directories and list out the details of the locked files.
As it scans, it shows you details like the process id, or PID; the process filename that has the lock; the locked object, including the full path and the type of lock, such as a directory or file; the actual address of the file handle; and the path to the process that’s locking the file. Right-click a locked file for a context menu from which you can choose an action on that file, handle or process.
For file options, you can forcefully delete, delete on reboot, copy or rename the file. For file handles, you can unlock them or unload the DLL that’s locking the file or files. You can also view the details of a process or even terminate process. Additionally, NoVirusThanks File Governor has quick links to a number of Windows utilities to speed your troubleshooting. You can jump to the task manager, registry editor, system restore, local services, a command prompt or an Explorer shell; you can also see system properties or jump to the control panel from the Utilities menu. If you need a locked-file tool to add to your collection, give the free and easy-to-use NoVirusThanks File Governor a try.
Not a TechNet Subscriber?
Confidently evaluate Microsoft software and plan deployments with a Microsoft TechNet Subscription.