This documentation is archived and is not being maintained.
Toolbox New Products for IT Pros
The opinions expressed in this column are solely those of the author and do not necessarily reflect the opinions of Microsoft. All prices were confirmed at the time of writing, and are subject to change.
More Cmdlets for Windows PowerShell
Windows PowerShell is a command-line shell for Windows desktop clients and servers. One of the best parts of the .NET integrated shell is that it is easily extensible and those extensions can easily be packaged and redistributed. Developers extend the base functionality of Windows PowerShell by creating special .NET classes that expose functionality to the shell as compiled cmdlets. Because of this, numerous third-party vendors have developed extension toolkits for Windows PowerShell to help you manage your systems more effectively through new features and packaged automation.
One of the vendors that that does this is /n Software, which has compiled a very useful set of cmdlets for systems administrators in a package called NetCmdlets version 2. As its name suggests, the NetCmdlets package focuses on network protocols, remote device management, and messaging.
After installation, your Start menu will include a Windows PowerShell link with NetCmdlets enabled. Or, as with any extension, you can add it via the standard Add-PSSnapin shell command from any Windows PowerShell prompt. With a new feature in V2, you can now pipe input to each of the cmdlets as well as use parameter sets to form a more logical command structure with the extensions. Each of the cmdlets also supports the Get-Help usage displays (if you are new to Windows PowerShell, these are kind of like *nix "man" pages).
At the time of this writing, NetCmdlets includes 30 base cmdlets for your shell. For network protocol and service access, you get cmdlets for using NNTP, RSS, FTP, TFTP, LDAP, RAS, WebDav, HTTP, and even the Amazon Simple Storage Service (S3). With these you could easily set up monitoring checks for Web sites or Web folders, automate your log archiving to your FTP server securely, and script user or group creation via LDAP. You could even synchronize your clocks with the additional network tool Get-Time, which utilizes the Network Time Protocol (NTP).
As for network device management and monitoring, you can monitor and report your Syslog servers, monitor and send traps, and manage devices through SNMP. You can perform remote command execution via ssh, rexec, or rshell. At a lower level, you can use Get-Packet to monitor traffic across a network interface, Get-Trace to see routes to devices, and Get/Send-UDP to send Wake On LAN requests or other UDP datagrams.
For messaging, you are able to send HTML and text e-mails via SMTP, check e-mail via POP or IMAP, send IMs via XMPP (Jabber), and send SMS messages. And for "utility" type functions, you get Convert-Data, which can encode or decode data between formats (such as Base64 and MD5).
As you can see, NetCmdlets provides a useful set of tools for the system or network administrator with the potential for making complex management tasks much easier to automate via Windows PowerShell scripts. If you would prefer SSH-style command line access for your Windows machines, you might want to check out the company's paired PowerShell Server product, which allows you to connect via SSH to a Windows PowerShell environment on a remote machine, even from a PDA or BlackBerry device.
Price: Starts at $79.00 (direct) for a single workstation license and $299 (direct) for a single CPU server
Streamline administration with NetCmdlets
Manage your Passwords
KeePass Password Safe V2
It's an old complaint, but a real problem that gets worse every day: keeping track of your list of access codes, usernames, passwords, and management URLs is nearly impossible if you're not some sort of savant. For the rest of us, a password management utility can be a real time saver and prevent headaches, especially when time is of the essence. One password management utility I like is KeePass Password Safe.
The application is free, open source, and OSI certified. With V2 (which is in beta at the time of this writing), there are a number of new features and enhancements to existing features, which improve integration, speed up tasks, and strengthen security. KeePass is also a "stand-alone" .NET-wrapped application that requires no modifications to your system outside of the program directory, making it very portable.
To protect sensitive data, KeePass uses AES/Rijndael to encrypt its entire database. It encrypts in-memory data for all field data stored within the database and helps protect against dictionary attack by transforming the master-key rapidly. When you create a new repository, you can specify a master-key that is a composite of one or more of three key sources: a master password, a key file (which you can create within the application), and your Windows user account. Once your repository is created, you can then enter your passwords and organize them.
For those with dozens or even hundreds of passwords (which is not uncommon), KeePass includes a built-in search function that lets you find entries by title, password, username, or a variety of other reference fields. With each entry, you can also add a set of extra key/value pairs of string data as well as file attachments, allowing you to store as much information as you need (such as IP lists, DR instructions, infrastructure diagrams, contact lists, and so on), and it will all be encrypted within the repository when you save the entry. Each entry also maintains a history so you can track changes.
The application integrates with your desktop, allowing you to easily copy, drag and drop, and auto-type passwords into other applications (with in-memory timeouts and protections on each). KeePass has a built-in password generation helper to generate single or lists of passwords based upon the requirements you specify, such as length and acceptable characters.
There is also built-in support for Transaction Authentication Numbers (TANs), or single-use passwords. KeePass will keep track of these, expiring each in sequence after you use it.
KeePass V2 includes an import function that supports more than 25 file formats, from CSV to other password management programs like CodeWallet and KDB3. If it natively doesn't support your file format, the product Web site also has an additional set of 10 or so importer plug-ins you can drop into KeePass. You can also export your KeePass data for backups and transport. Or, if you prefer, you can synchronize your password database to a central or backup version via URL (HTTP) or file path, making it easy to share copies of the repository among your fellow administrators.
If you don't like the idea of shared copies of a repository, KeePass V2 even supports multi-user editing, so your team can change and share the same repository without having to worry about locked data. There are numerous plug-ins available to help you back up, synchronize, and integrate with Web browsers, as well as additional encryption plug-ins if the native AES/Rjindael doesn't suit your needs.
If you are dissatisfied with your current password management utility, if you like the security of being able to see the source of the application that protects your passwords, or if you are still using Notepad (gasp!) to keep track of your secure information, consider taking a look at the latest version of KeePass as a possible addition to your toolbox.
Keep track of your passwords with KeePass Password Safe
Build Powerful Regular Expressions
Regular Expression Designer
Information overload is a common problem for the systems administrator. Too frequently you find yourself chasing through thousands, if not millions, of lines of log files for clues to help troubleshoot or garner usage information for your environment. Fortunately, there are many tools out there, such as Windows PowerShell, to help you filter out irrelevant data through the use of incredibly powerful regular expressions.
Well, perhaps I should say "potentially" powerful regular expressions, since getting the hang of them can be tough. But because of this there are also numerous tools out there to help you design and test those regular expressions to ensure they are catching all the lines in those logs that you need to catch.
The free Regular Expression Designer, by the Australian company Rad Software, is a simple utility with no frills that can help you quickly build and test your regular expressions before applying them in applications. The UI is divided into logical sections: Input Text, Regular Expression, Match Results, Replace Expression, Replacement Results, Options, and Language Elements.
Most of the fields are self-explanatory. For Options, you can check off the usual regular expression options you want to apply to your data, such as ignoring case, spanning multiple lines, ignoring patterned whitespace, and explicit capture. In addition, you can also choose to evaluate your text from right to left, which is great for applicable languages and UNICODE. And for the Language Elements section, you can browse the different regular expression components, double-clicking on any to have them added to your current Regular Expression structure.
With so many expression options, I find it helpful to have this right in front of me so I don't have to remember all the grouping constructs and substation particulars. Regular Expression Designer also lets you save your expression workspace for later reuse. While it may not have all the bells and whistles of some other regular expression tools out there, Regular Expression Designer is easy to use, effective, and free.
Build powerful regular expressions with Regular Expression Designer
Windows Administration Resource Kit
One of the best things about Windows Server (and Windows in general) is that it supports many different levels of end-user expertise, allowing new administrators as well as veterans admins to get up and running quickly. But as your experience grows with systems administration in a Windows environment, you'll definitely find yourself wanting to get under the covers and forego the wizards to tune and tweak the systems to meet the requirements of your organization.
One of the first leaps for systems administrators in this vein is to use the incredibly useful set of "real-world" tools found in the Windows Server resource kits that have been updated and extended alongside releases of the Windows Server OS since the beginning. The release of Windows Server 2008 is no exception. One resource kit companion book that not only shows you how to use the tools but also educates and expands your systems administration horizons is Windows Administration Resource Kit by Dan Holme (Microsoft Press, 2008).
The book is organized into 10 solution collections, each of which helps address a group of the various administrative tasks you undoubtedly encounter as a systems administrator. Throughout the book there are references to the scripts and HTAs on the companion CD. As the author states, these are meant to be "templates" that you can tweak, customizing the VBScript to manage the particulars of your own infrastructure. With the book as your guide, this is very easy to do.
The first solution collection covers role-based management and explains how to script user group membership changes; it also details the basics of HTML Applications (HTAs), and it covers implementing role-based access control. The next group of solutions offers extensive details on how to manage files, folders, and shares (covering management of ACLs, quotas, distributed file systems, and the like). Then it covers user data and settings (UDS), showing you how, for example, to redirect user folders to SMB and DFS namespaces, configure offline files, and implement roaming profiles. One nice thing about this solution collection is that it also shows you what types of data you should only manage and access on the local system.
The next solution collection delves into SharePoint. This details the basics of SharePoint Services document repository management, covering document libraries, content types, templating, user uploads, alerts, document versioning, and more.
Active Directory is a hefty part of most Windows systems deployment, and fortunately, the book devotes the next four solution collections to its various components to help ease Active Directory management. Throughout, you see reference to and learn how to use a number of helpful management scripts and utility references to ensure the security and organization of your domains. For instance, you learn how to use the Delegation of Control Wizard to, well, delegate control of various administrative tasks to different groups within your organization. You explore practices for computer management as it pertains to Active Directory, including naming schemes, provisioning, reassignment, and computer-to-user association.
And then you get into Active Directory as it pertains to user objects, again covering best practices for creating, moving, naming, and provisioning users, as well as user attribute extensions and LDAP queries. And, finally for this group of solution collections, you cover administration of Groups, while also learning how you can automate and delegate administrative tasks for efficiency.
The next solution collection then gets into software distribution and patch management across your infrastructure, detailing how to package, remotely deploy, and automate those functions. Finally, the last solution collection covers Group Policy. This section covers best practices for creating, scoping, and deploying Group Policy Objects and explores how you can use Group Policy to implement auditing. In the Group Policy discussion, it even discusses the very important—though often ignored—art of testing, piloting, and rolling back policies.
One of my favorite things about this book is that it is driven by the real world, and while it references the scripts and utilities on the companion CD, it more importantly educates you in the methods of management, allowing you to apply and tailor the knowledge to the specifics of your own infrastructure. In addition to those included scripts, the companion CD also provides a complete electronic version of the book, so you can quickly reference it from wherever you are, rather than having to carry the hefty tome from desk to desk in case you need it. So if you are looking for inspiration on how to automate those redundant tasks, tweak your servers, or manage your end-users en-masse, you might want to take a gander at Windows Administration Resource Kit.
Price: $59.99 (list)
If you have a favorite tool or utility you would like to see featured here, please write to the author at email@example.com.
Greg Steen is a technology professional, entrepreneur, and enthusiast. He is always on the hunt for new tools to help make operations, QA, and development easier for the IT professional.