Mike Welch
As mentioned in a recent post, the Windows Server 2003 Resource Kit
Tools are available and contain a lot more than just networking and
administrative type tools. Some should be in the PowerTools set
They can be downloaded for FREE at:
I spent many hours mining the web to find out what some of these tools
actually do since many of the Microsoft summary descriptions were
meaningless. For example, for the chklnks.exe utility, Microsoft's
description was:
Chklnks.exe: Link Check Wizard
which told me nothing, so I added:
Chklnks.exe: Link Check Wizard - removes dead *.LNK links in your
which of course assumes you know that a *.LNK is a Windows shortcut,
so it's still not perfect
(BTW, a LNK is a shortcut in Windows if
you don't know -- desktop and start menu).
Because this list is so long, I've deleted the trailing info I had
which renders a few descriptions useless. Anywhere you see (see
below) in the description, you won't find it in this doc.
Anyway, check some of this stuff out.
Mike's Picks:
cdburn, consume, creatfuk, delprof, diskuse, dvdburn, fcopy, logtime
[for the old-timers out there, this is like Norton's old TimeRun
utility...flashback!], pathman, qGrep, remapkey.
Complete List:
· Acctinfo.dll (see below)
· Adlb.exe: Active Directory Load Balancing Tool
· Admx.msi: ADM File Parser
· Atmarp.exe: Windows ATM ARP Server Information Tool
· Atmlane.exe: Windows ATM LAN Emulation Client Information
· Autoexnt.exe: AutoExNT Service allows running alternate batch file
· Cdburn.exe: ISO CD-ROM Burner Tool - given an *.ISO file, burns a CD
· Checkrepl.vbs: Check Replication
· Chklnks.exe: Link Check Wizard - removes dead *.LNK links in your
· Chknic.exe: Network Interface Card Compliance Tool for Network Load
· Cleanspl.exe: Spooler Cleaner
· Clearmem.exe: Clear Memory
· Clusdiag.msi: Cluster Diagnostics and Verification Tool
· Clusfileport.dll: Cluster Print File Port
· Clusterrecovery.exe: Server Cluster Recovery Utility - remounts a
disk that failed
· Cmdhere.inf: Command Here - Allows jump to Cmd.exe from start menu
· Cmgetcer.dll: Connection Manager Certificate Deployment Tool
· Compress.exe: Compress Files - Like Zip, use Expand to uncompress
· Confdisk.exe: Disk Configuration Tool - saves and restores sys info
· Consume.exe: Memory Consumers Tool - stressor program for testing
· Creatfil.exe: Create File - Creates an file of given size full of
NULLs for testing
· Csccmd.exe: Client-Side Caching Command-Line Options - see below
· Custreasonedit.exe: Custom Reason Editor - Reasons for shutdowns
(see Readme.htm)
· Delprof.exe: User Profile Deletion Utility
· Dh.exe: Display Heap
· Diskraid.exe: RAID Configuration Tool
· Diskuse.exe: User Disk Usage Tool - Shows how much disk space a user
is using
· Dnsdiag.exe: SMTP DNS Diagnostic Tool - (see Readme.htm) - DNS
Resolver Tool (DNSDiag) is a command-line tool that allows you to
troubleshoot e-mail delivery problems caused by Domain Name System
(DNS) issues. DNSDiag simulates the Simple Mail Transfer Protocol
(SMTP) service's internal code-path and displays diagnostic messages
that indicate how the DNS resolution is proceeding. DNSDiag must be
run on the computer where the DNS problems are occurring.
· Dumpfsmos.cmd: Dump FSMO Roles - who has control of what on nwork
· Dvdburn.exe: ISO DVD Burner Tool
· Empty.exe: Free Working Set Tool - empties mem used by app given PID
· Eventcombmt.exe: Check Replication - Search event logs of multiple
· Fcopy.exe: File Copy Utility for Message Queuing - like XCopy but
compresses to reduce bandwidth
· Frsflags.vbs - Clear File Replication Service flags - See below
· Getcm.exe: Connection Manager Profile Update - runs after login to
update service profile
· Gpmonitor.exe: Group Policy Monitor - collects info at every Group
Policy refresh, sends to a centralized location that you specify
· Gpotool.exe: Group Policy Objects - For replicated domains, domains
that contain more than one domain controller. It traverses all of your
domain controllers and checks each for consistency between the Group
Policy container (information contained in the directory service) and
the Group Policy template (information contained in the SYSVOL share
on the domain controller). The tool also determines whether the
policies are valid and consistent between all of your domain
controllers and displays detailed information about the Group Policy
objects (GPOs) that have been replicated between your domain
· Hlscan.exe: Hard Link Display Tool - Displays hard links (alternate
logical names for physical files) on an NTFS volume or in specified
files or directories of the volume.
· Ifilttst.exe: IFilter Test Suite - runs several tests to validate an
IFilter interface implementation.
· Ifmember.exe: User Membership Tool - Used in Win login scripts/batch
files, checks whether the current user is a member of a specified
group. Also will list all members and what groups they belong to.
· Inetesc.adm: Internet Explorer Enhanced Security Configuration -
allows changing security policies for members of a group
· Iniman.exe: Initialization Files Manipulation Tool - bombs out on my
· Instcm.exe: Install Connection Manager Profile - runs as a
disconnect action that checks to see if an updated service profile has
been downloaded and installs it.
· Instsrv.exe: Service Installer - installs and uninstalls executable
(.exe) services and assigns names to them.
· Intfiltr.exe: Interrupt Affinity Tool - used on multiprocessor
systems to affinitize interrupts of disk or network adapters to one or
more processors. Affinitizing interrupts to a processor can improve
system performance by improving processor cache locality.
· Kerbtray.exe: Kerberos Tray - GUI tool displays ticket information
for a computer running the Microsoft implementation of Kerberos V5
· Kernrate.exe: Kernel Profiling Tool - Shows which apps are using how
much of kernel.
· Klist.exe: Kerberos List - view and delete Kerberos tickets granted
to the current logon session.
· Krt.exe: Certification Authority Key Recovery
· Lbridge.cmd: L-Bridge - Replicate System Policies Between Domain
· Linkd.exe - Links an NTFS directory to a target object. LinkD grafts
the target name directly into the name space at the specified source
directory, so that the source directory subsequently acts as a
name-space junction. A junction acts as a surrogate, standing in for
the target object in the directory tree.
· Linkspeed.exe: Link Speed - displays the link speed to the remote
· List.exe: List Text File Tool - Displays and searches a text file.
· Lockoutstatus.exe: Account Lockout Status (see Readme.htm) -
displays lockout information about a particular user account.
· Logtime.exe - logs the start or finish of command-line programs from
a batch file to logtime.log. See also, NTimer.exe.
· Lsreport.exe: Terminal Services Licensing Reporter - displays
information about licenses granted by Terminal Services license
servers. It connects to Terminal Services license servers to obtain
information about the license key packs installed on the servers.
· Lsview.exe: Terminal Services License Server Viewer - displays the
name and type of the available Terminal Services license servers in
the user's current domain. It is useful for for monitoring and logging
the status of license servers.
· Mcast.exe: Multicast Packet Tool - send multicast packets or to
listen for packets being sent to a multicast group address. Useful
for testing whether or not there is multicast connectivity between two
computers on your network.
· Memmonitor.exe: Memory Monitor - works only if the app has a
debugger process attached to it.
· Memtriage.exe: Resource Leak Triage Tool - System and pool snapshots
(system, kernel, heap...)
· Mibcc.exe: SNMP MIB Compiler - Mibcc.exe recompiles the Perfmib.mib
file created by Perf2mib.exe and creates a new Mib.bin file.
· Moveuser.exe: Move Users - changes the security of a profile from
one user to another; enables you to change the account domain and/or
the user name.
· Mscep.dll: Certificate Services Add-on for Simple Certificate
Enrollment Protocol
· Nlsinfo.exe: Locale Information Tool - displays the information
about a locale on the target system.
· Now.exe: STDOUT Current Date and Time - similar to the standard
ECHO command, but with a time-stamp.
· Ntimer.exe: Windows Program Timer - like old TimeRun, measures how
long a program runs. See also, LogTime.
· Ntrights.exe - Grants/Revokes NT-Rights to a user/group
· Oh.exe: Object Handles Dump - must be run as a service though...
· Oleview.exe: OLE/COM Object Viewer - Type Library Viewer
· Pathman.exe: Path Manager - adds or removes components from system
or user paths; includes error checking that can handle abnormalities
such as repeated entries, missing entries, and adjacent semicolons.
Add/delete from User or System path on the fly.
· Permcopy.exe: Share Permissions Copy - copies share (Full Control,
Read, Change) and file (Full Control, Modify, Read & Execute, Read,
Write, Traverse Directory) level permissions (ACLs) from one share to
· Perms.exe: User File Permissions Tool - Perms displays a user's
access permissions for a specified file or set of files. Requires
"Backup files and folders" privs where file(s) stored, and admin
· Pfmon.exe: Page Fault Monitor - This command-line tool lets a
developer or system administrator monitor page faults that occur while
an application is running. While you can easily resolve soft page
faults with Virtual Memory Manager, use Pfmon to trace hard page
faults. A sustained high rate of hard page faults might indicate a
shortage of memory and cause a disk bottleneck.
· Pkiview.msc: PKI Health Tool - Tool-displays the status of one or
more Windows Server 2003 certification authorities that comprise a
public key infrastructure.
· Pmon.exe: Process Resource Monitor - monitors process resource usage
by tracking CPU and memory usage. (Esc exits)
· Printdriverinfo.exe: Drivers Source - Great util to see what drivers
are used for a printer, either locally or across the network.
· Prnadmin.dll: Printer Administration Objects - a COM-based tool for
managing printers, drivers and ports on local and remote computers.
Allows you to add/delete printer, add/delete driver, add/delete TCP
port, or view any of these.
· Qgrep.exe - This tool is used to search a file or set of files for a
particular string or pattern. It is much like the POSIX tool grep.exe.
Great Grep!f
· Qtcp.exe: QoS Time Stamp - measures end-to-end network service
quality. Sends a sequence of test packets through a network, then
reports on the queuing delay experienced by each packet. Packets that
do not arrive at the destination are recorded as dropped packets. This
tool can be used on either a production network or a controlled test
· Queryad.vbs: Query Microsoft Active Directory - perform a forest
wide search for an object in AD. Locked up on my box.
· Rassrvmon.exe: RAS Server Monitor - monitor the remote access server
activities on your server in greater detail than the standard Windows
tools allow.
· Rcontrolad.exe: Active Directory Remote Control Add-On - Installs
utility allowing remote admin.
· Regini.exe: Registry Change by Script - lets you make a number of
edits from one script file.
· Regview.exe (see Readme.htm) - view Group Policy Registry.pol files
without applying them to the registry.
· Remapkey.exe: Remap Windows Keyboard Layout - This tool changes
keyboard layout by remapping the scancode of keys. You must have
Administrator privileges to use this tool.
· Robocopy.exe: Robust File Copy Utility - copy/synchronize files from
a source to destination. Tons of options, can be used as a PoMan
· Rpccfg.exe: RPC Configuration Tool - configures Microsoft Remote
Procedure Call (RPC) to listen on specified ports. It also displays
the port settings and resets ports to the default settings for the
system. Use this tool to set, reset, and verify ports used for RPC
instead of editing the registry.
· Rpcdump.exe - queries Remote Procedure Call (RPC) endpoints for
status and other information on RPC; Interrogates the endpoint mapper
database to obtain a list of every registered endpoint. If the /i
switch is specified, the tool pings each endpoint to determine if the
service that registered the endpoint is listening.
· Rpcping.exe - Can confirm RPC connectivity between Microsoft
Exchange Server and any of the supported Microsoft Exchange Client
workstations on the network.
· RPingC.exe: RPC Connectivity Verification Tool CLIENT - confirms
Remote Procedure Call (RPC) connectivity between RPC servers and
clients on a network. RPC Ping checks to see if RPC services are
responding to RPC requests from client computers.
· RPingS.exe: RPC Connectivity Verification Tool - SERVER
· Rqc.exe: Remote Access Quarantine Client - Allows filtering of
· Rqs.exe: Remote Access Quarantine Agent - Allows filtering of ports.
· Setprinter.exe: Spooler Configuration Tool - Remote printer
administration. To set all the security descriptors the same for all
printers, configure one printer with the UI, save changes, then read
the descriptor, then set all the printers the same.
· Showacls.exe - NTFS only - enumerates access rights for files,
folders, and trees. It allows masking to enumerate only specific AC.
The most useful feature of ShowACLs is the ability to show permissions
for a particular user. Showacls /u:localhost\enlightened shows rights
for the current directory.
· Showperf.exe: Performance Data Block Dump Utility - This GUI tool
lets developers dump and display raw performance data as it is read
from the Win2K/XP performance registry. ShowPerf reads the performance
data from the registry, and then displays the unformatted and unsorted
output in a list box. You can use ShowPerf together with ExCtrlLst to
troubleshoot suspected problems in the performance registry or
problems with a specific performance DLL.
· Showpriv.exe: Show Privilege - displays the users and groups granted
a particular privilege. This tool must be run locally on the target
computer or on a domain controller to display users and groups with
domain privileges. Includes: AssignPrimaryTokenPrivilege,
AuditPrivilege, BackupPrivilege, ChangeNotifyPrivilege,
CreatePagefilePrivilege, CreatePermanentPrivilege,
CreateTokenPrivilege, DebugPrivilege, EnableDelegationPrivilege,
IncreaseBasePriorityPrivilege, IncreaseQuotaPrivilege,
LoadDriverPrivilege, LockMemoryPrivilege, MachineAccountPrivilege,
ProfileSingleProcessPrivilege, RemoteShutdownPrivilege,
RestorePrivilege, SecurityPrivilege, ShutdownPrivilege,
SyncAgentPrivilege, SystemEnvironmentPrivilege,
SystemProfilePrivilege, SystemtimePrivilege, TakeOwnershipPrivilege,
TcbPrivilege, UndockPrivilege.
· Sleep.exe: Batch File Wait - Woopie
· Sonar.exe: FRS Status Viewer - monitor key statistics and status
about members of a file replication service (FRS) replica set.
Administrators can use Sonar to watch key statistics on a replica set
in order to monitor traffic levels, backlogs, and free space.
· Splinfo.exe: Print Spooler Information - Collect data, such as
number of print jobs, pages, and print queues on each server, and
related stats.
· Srvany.exe: Applications as Services Utility - Allows running
anything as a service.
· Srvcheck.exe: Server Share Check - Displays a list of server shares
and who has access; enumerates the users on the ACLs for each share.
· Srvinfo.exe: Remote Server Information - displays information about
a remote server, including available disk space, partition types, and
status of services.
· Srvmgr.exe: Server Manager - Use this GUI-based tool to manage
Microsoft Windows NT version 4.0 or Microsoft Windows NT version 3.51
domains and computers. To manage Win2K/XP domains and computers, use
Active Directory directory service and the other Win2K/XP
administrative tools instead.
· Ssdformat.exe: System State Data Formatter
· Subinacl.exe - allows administrators to obtain security information
on files, registry keys, and services, and transfer this information
from user to user, from local or global group to group, and from
domain to domain. For example, if a user has moved from one domain
(DOMA) to another (DOMB), the administrator can replace DOMA\User with
DOMB\User in the security information for the user's files. This gives
the user access to the same files from the new domain
· Tail.exe - shows the end of a text file. It also can show the end of
the file as it grows, really useful for watching log files while
· Tcmon.exe: Traffic Control Monitor - consists of two components:
Tcmon.exe, the monitor shell and Tccom.exe, the traffic control COM
server. Tcmon.exe is a GUI tool that uses TcCom to drive the Traffic
Control API locally or remotely. With it, you can be add or remove
flows and filters. Tccom.exe is the service used by TcMon to
communicate with the traffic control server. It can also be called by
applications or scripts in VBScript or other scripting languages.
Network administrators can use it to remotely configure traffic
control on a host.
· Timeit.exe (see Readme.htm) - records the time a specified command
takes to run.
· Timezone.exe: Daylight Saving Time Update Utility - updates the
daylight saving information for the current time zone in the registry.
In some countries and regions, the start and end of daylight saving
time are changed every year, and there is no fixed start or end date.
· Tsctst.exe: Terminal Server Client License Dump Tool - Lets you view
license status for given user.
· Tsscalling.exe: Terminal Services Scalability Planning Tools
(installer for another set of tools)
· Uddicatschemeeditor.exe: UDDI Services Categorization Scheme Editor
- allows a user to create their own categorization schemes. The
schemes thus created have to be imported into your server either using
bootstrap.exe or via the Web UI at
http://servername/uddi/admin/default.aspx (then click on Data Import).
· Uddiconfig.exe: UDDI Services Command-line Configuration Utility -
enables you to adjust the configuration settings exposed by the UDDI
Services MMC snap-in
· Uddidataexport.exe: UDDI Data Export Wizard - enables the export of
entities hosted in any UDDI 2.0 site
· Usrmgr.exe: User Manager for Domains - GUI-based tool to manage
security for Microsoft Windows NT4.0/Win2K/XP domains, member servers,
and computers. It enables you to manage a Windows domain from a
Win4/2K/XP computer.
· Vadump.exe: Virtual Address Dump - shows the state and size of each
segment of virtual address space. This tool can be used to make sure
virtual address space is not over-allocated.
· Vfi.exe: Visual File Information - retrieves and generates file
information. You can use this information for testing purposes to
detect what files have changed in different versions of applications
or what the differences are between two seemingly identical computers.
This information is also valuable to track different versions of
resources that normally don't store version information.
· Volperf.exe: Shadow Copy Performance Counters
· Volrest.exe: Shadow Copies for Shared Folders Restore Tool
· Vrfydsk.exe: Verify Disk - uses the Volume Shadow Copy service (VSS)
in Windows Server 2003 to create a shadow copy of a given volume and
checks the consistency and integrity of the file system (FAT or NTFS)
on a specified volume.
· Winexit.scr: Windows Exit Screen Saver - screen saver that logs the
current user off after the specified time has elapsed. In other
respects it is similar to other screen savers and can be configured
and tested on the Screen Saver tab of the Display Properties dialog
box in Control Panel.
· Winhttpcertcfg.exe: WinHTTP Certificate Configuration Tool - enables
administrators to install and configure client certificates in any
certificate store that can be accessed by the Internet Server Web
Application Manager (IWAM) account; also eliminates the need to do
anything special to accounts such as the IWAM account to gain access
to certificates when using Active Server Pages (ASP).
· Winhttptracecfg.exe: WinHTTP Tracing Facility Configuration Tool -
configure trace capabilities for debugging and packet-sniffing
purposes. The ability to monitor WinHTTP functions and their
corresponding network traffic is very important. Debugging
applications that utilize encrypted wire protocols, such as Secure
Sockets Layer (SSL), preclude sniffing packets at the network
transport layer and require the ability to intercept traffic between
the client and server after it has been decrypted. Microsoft Windows
HTTP Services (WinHTTP) provides a trace facility that has a range of
capabilities for intercepting the traffic stream between the client
and server. Syntax isn't clear. Example: Winhttptracecfg -e 1 -l
c:\d\mw -d 0 -s 1 -t 1 -m 655350
· Winpolicies.exe: Policy Spy - trigger, view and troubleshoot all the
client-side processing of GPO. Another nice feature of this tool is
that it can stay in your system tray and inform you when GPO was
applied; Let's you dump ntuser.pol files, secedits, etc.
· Wins.dll: WINS Replication Network Monitor Parser - extension DLL
parses Windows Internet Name Service (WINS) data from within Network
Monitor, a feature of Microsoft® Windows® 2000. Useful as a way to
view and troubleshoot network issues related to WINS replication.
· Wlbs_hb.dll & Wlbs_rc.dll: Windows Load Balancing Server Network
Monitor Parsers
System Requirements
· Supported Operating Systems: Windows Server 2003, Windows XP
· 30 MB of free disk space
· Windows XP
· Windows XP SP1
· Windows Server 2003 family
1. If the Beta version of Resouce Kit Tools is installed, it needs to
be removed first.
2. Click the Download link to start the download. Do one of the
o To start the installation immediately, click Open or Run this
program from its current location
o To copy the download to your computer for installation at a later
time, click Save or Save this program to disk.
3. To install the Resource Kit tools, run the rktools.exe package.
After you accept the End User License Agreement (EULA), all necessary
files are installed to the %Program Files%\Windows Resource Kits\Tools
Prior to starting and using the Resource Kit tools, please be sure to
read the readme.htm file, which is located in the %Program
Files%\Windows Resource Kits\Tools folder.
