IT support for business, startups and developers

All Posts

Sysinternals: the Swiss Army knife for Windows Server

2025-10-13

#Windows Server #Sysinternals #administration #tools #PowerShell

Introduction

Sysinternals is a collection of free utilities from Microsoft, created by Mark Russinovich and Bryce Cogswell.
It helps system administrators access low-level information about Windows Server: processes, the file system, network connections, and autostart.
The suite includes more than 60 tools and is the de-facto standard for troubleshooting and diagnostics.

Key features

  • CPU, disk and memory performance diagnostics.
  • Troubleshooting application crashes and errors.
  • Security monitoring and analysis of suspicious processes.
  • Remote administration via PsTools.
  • Work with Active Directory and services.

Key utilities

UtilityPurposeInterface
Process ExplorerAdvanced Task Manager; shows process relationships, loaded DLLs and handles.GUI
Process Monitor (ProcMon)Monitors file, registry and network operations.GUI
PsToolsRemote management suite (PsExec, PsList, PsKill).CLI
AutorunsView and manage program and service autostart entries.GUI
TCPViewMonitor all TCP/UDP connections and associated processes.GUI
SysmonLogs security events and system changes.CLI

Practical scenarios

  1. Slow system boot — use Autoruns to disable unnecessary autostart items.
  2. “File in use” errorHandle or Process Explorer will show which process holds the file.
  3. High CPU loadPsList or Process Explorer can help find the source.
  4. Suspicious network activityTCPView will show who is establishing connections.
  5. Security auditing — configure Sysmon and analyze logs in the Event Viewer.

Automation with PsTools

Sysinternals is great for automation. With PsExec you can run PowerShell scripts or CMD commands on dozens of servers at once.
For example, to restart the Windows Update service:

108 | Specialized Tools — TFTP and SCP

2025-09-25

#tftp #scp #ssh #network protocols #administration

Introduction

In addition to “heavyweights” like SFTP, there are simpler, narrow-purpose protocols. They aren’t meant for everyday file sharing, but are indispensable in their niches. In this article, we’ll look at two such tools: TFTP and SCP.

TFTP (Trivial File Transfer Protocol) — maximum simplicity

As the name suggests, TFTP is a “trivial” or simplified version of FTP. Its main goal is to be as lightweight and easy to implement as possible.

082 | Firewall Basics: UFW — Simple and Powerful Protection

2025-08-14

#UFW #firewall #security #Linux #iptables #nftables #network #administration

Introduction: The First Line of Defense for Your Server

Before thinking about complex intrusion detection systems such as Fail2ban or CrowdSec, you need to build the first and most reliable line of defense—a firewall. A firewall controls all network traffic entering and leaving your server and blocks unauthorized connection attempts.

Traditionally, Linux servers have used iptables to manage firewalls, but its syntax can be complicated and confusing. Fortunately, there is a simpler and more intuitive tool — UFW (Uncomplicated Firewall).