Commands from cmd does not set errorlevel as you might expect!

It might not be a surprise to you, but Windows commands inside cmd.exe does not change errorlevel as you might expect.

For example running a echo something > c:\somefile.txt, which will succeed actually creating the file, but not change errorlevel to 0. You can test it like this:

md 2>nul
echo %errorlevel%
1
echo this.works > c:\test.txt
echo %errorlevel%
1
type c:\test.txt
this.works

This echo can not really be solved by using cmd /c echo because that will just always succeed, for example:

md 2>nul
echo %errorlevel%
1
cmd /c echo this.works > c:\test.txt
echo %errorlevel%
0
type c:\test.txt
this.works
cmd /c echo this.fails > drivedoesnotexist:\test.txt
The filename, directory name, or volume label syntax is incorrect.
echo %errorlevel%
0

And now, testing if copy command file1 + file2 into file3 gives errorlevel 1 if one of the source files does not exists. Errorlevel 1 is what you might expect, but it is not the case here:

echo 1 > 1.txt
rm 2.txt
echo 3 > 3.txt
ls -la 2.txt
ls: File or directory "2.txt" is not found
copy /b 1.txt + 2.txt + 3.txt 123.txt
1.txt
3.txt
1 file(s) copied.
echo %errorlevel%0

This is not as I expected, I will want to find a way to get around this.

There are probably same problem with other cmd commands, I didnt try others.

Maybe I am doing something the wrong way, in my environment and installation ... need to investigate :-)

I have not been able to find anything in the cmd command line reference, and it does not seem to solvable if everything is put into a batch script, instead of running commands one by one. I did hope that, because of text on information about setlocal ENABLEEXTENSIONS which can be set in a script, but has no effect on the command prompt:

cmd does not set the ERRORLEVEL variable when command extensions are
disabled

But unfortunately it did not work, here is the run.cmd script i ran:

setlocal ENABLEEXTENSIONS
echo 1 > c:\1.txt
rm c:\2.txt
echo 3 > c:\3.txt
copy /b c:\1.txt + c:\2.txt + c:\3.txt c:\123.txt
echo %errorlevel%
endlocal

The above echo'd 0 and the errorlevel after the script is 0. So not a solution!

I still keep investigating :-)

Oh yeah - in case you ever wondered, you should never manually set the errorlevel to 0 or 1 or whatever you need. Instead you should always use a command for that. I am using "ver" to get errorlevel 0 and "md;2>nul" to get errorlevel set at 1, which I found on one of my favorite batch example webpages.

Dig into the Active Directory information store

I never needed to automated users and groups creation/deletion/changes in Active Directory on Windows. I have however needed to query lists of users and groups, membership and such. That was solved by some vbscripts.

A few days ago I needed to show the list of computers in an Organizational Unit (OU), so I searched for some ways to get that. And I bumped into the Microsoft dstools (dsget/dsquery/....) and they are just perfect for automating Directory service stuff.

The commands works from a Windows 2003 server, but not from XP.

Also, I need a intro for directory services, because I havnt used it much, and a then moved to a good simple dsquery tutorial.

Then I could make some quick oneliners, starting with a very comprehensive query that is highly educative of how the Directory of Level2OU is made:
dsquery * OU=Level2OU,OU=Level1OU,DC=domain,DC=domainext -limit 0 -attr *

Listing the members of a Windows group:

dsget group "CN=somegrp,OU=level2,OU=level1,DC=domain,DC=domainext" -members -expand

Show the computers of an OU:

dsquery computer OU=Level3OU,OU=Level2OU,OU=Level1OU,DC=domain,DC=domainext -limit 0

To automated the query, I have used psexec to run it on a remote server, with a user that has access to do queries:

psexec \\srv -u dom\usr -p pwd -e cmd /C "dsquery ou domainroot"

Other than that I just found the dstools to be very powerful and some googling shows many good examples of what people have done with it! Very impressive!

The article also mentions some need-to-have directory service binaries from joeware.net/freetools but I havnt tried them. They look good though, like lots of work has been wrappen into those exes:

AdFind [switches] [-b basedn] [-f filter] [attr list]

basedn RFC 2253 DN to base search from.
filter RFC 2254 LDAP filter.
attr list List of specific attributes to return, if nothing specified returns 'default' attributes, aka * set.
...

Dependency Walker commandline example

Dependency Walker (depends.exe) can be downloaded, or is in Windows 2003 resource kit.

I wanted to script the dependency check for some .dll files, so i ran toward remote server:
psexec \\someserver /u someuser -e cmd /c "environment.cmd&depends.exe /c /pb /oc "d:\depends.temp" "some.dll""

Now parse the output file, first column is status, look for "E,":
findstr /bic:"E," \\someserver\d$\depends.temp
if errorlevel 1 echo all OK

I have not made a way to avoid enter password, but if I need I recall there are some runas and similar alternatives.

More good Windows command line tools

Once again I am surprised to see more useful commandline tools, already in Windows.

When I was playing around with Powershell I stumbled upon Windows Command Reference, a .chm file with reference for a lot of command line utils in Windows:

The Windows command-line tools are used to perform various tasks related to
Windows Vista, Windows Server 2003, and Windows Server 2008.You can use the
command reference to familiarize yourself with new and enhanced command-line
tools, to learn about the command shell, and to automate command-line tasks by
using batch files or scripting tools.

Many of the tools in the reference are also in Windows XP and 2003, but the resource kit tools are not listed, for example jt.exe or tail.exe is not in the list.

With all these nice utils, and more to come probably, I am thinking a lot of old selfmade scripts can be replaced or simplified. I prefer to use windows builtin tools if possible, most often wrapped somehow.

Of course there will always come new needs, ideas for improvements, so script wrapping, script/batch control is just as much wanted as before!

Two of the utils I can use immediately, its tasklist.exe and taskkill.exe, which can query and kill processes depending on lots of different restrictions.

One of the good filter options is username, memusage and session number. Unfortunately only on one server at a time:

TASKLIST [/S system [/U username [/P [password]]]]
[/M [module] /SVC /V] [/FI filter] [/FO format] [/NH]

Description:
This command line tool displays a list of application(s) and
associated task(s)/process(es) currently running on either a local or
remote system.

Parameter List:
/S system Specifies the remote system to connect to.

/U [domain\]user Specifies the user context under which
the command should execute.

/P [password] Specifies the password for the given
user context. Prompts for input if omitted.

/M [module] Lists all tasks that have DLL modules loaded
in them that match the given pattern name.
If the module name is not specified,
displays all modules loaded by each task.

/SVC Displays services in each process.

/V Specifies that the verbose information
is to be displayed.

/FI filter Displays a set of tasks that match a
given criteria specified by the filter.

/FO format Specifies the output format.
Valid values: "TABLE", "LIST", "CSV".

/NH Specifies that the "Column Header" should
not be displayed in the output.
Valid only for "TABLE" and "CSV" formats.

/? Displays this help/usage.

Filters:
Filter Name Valid Operators Valid Value(s)
----------- --------------- --------------
STATUS eq, ne RUNNING NOT RESPONDING
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eq, ne, gt, lt, ge, le Session number
SESSIONNAME eq, ne Session name
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format
of hh:mm:ss.
hh - hours,
mm - minutes, ss - seconds
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB
USERNAME eq, ne User name in [domain\]user
format
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title
MODULES eq, ne DLL name

TclockEx is still a better Windows Clock

Similar to the awesome util Printkey 2000, there is another Windows util that is still my favorite for the task.. even that it is very very old: TclockEx.. a much better Windows task bar/system tray clock!

It serves a few important purposes for me:

• Display date and time in a better way
• Customizable format of "date and time copy to clipboard" when i doubleclick the systray. I use this format to get a quick datestring for usage in reports and documentation: yyyyMMdd-HHmm (eg. 20080427-0719)
• Display a simple calender with week numbers, shown by single click and week start can be modified to monday.
  

The original site in the About page http://users.iafrica.com/d/da/dalen does not work, instead I used http://www.rcis.co.za/dale/tclockex/.

For the paranoid people, here is my md5 sum for the safe exe:

1238b1c59fd4987d538144aa915e85c2 *tclockex-1.4.2.exe
1238b1c59fd4987d538144aa915e85c2 *tclockex.exe

Read more about alternatives to tclock here:

http://www.techsupportalert.com/best-free-tray-clock-replacement.htm

Windows forfiles.exe, similar to unix find

I have unix tools available on my Windows boxes, so I have have a tendency to use those, eg. using unix find to delete files older than x days.

Now a while ago I saw that there is a forfiles.exe in NT ressource kit, which can do similar job, only it does not work on UNC paths:

forfiles /P file://machine/share /M thesefiles*

ERROR: UNC paths (file://machine/share) are not supported.

You can get inspired by some cleanup examples:

forfiles /p C:\documentService\bin /s /m trace*.* /d -120 /c "cmd /c del @path"

forfiles /p D:\DocumentStore\imagingShare /s /m *.tif* /d -120 /c "cmd /c del @path"

And as always ss64.com has forfiles examples.

Another example for deleting files:

FORFILES /p C:\filename /s /m *.* /d -3 /c “CMD /C del /Q @FILE

Identify the process that locks a file on Windows

I wanted to identify the process that locks a file on Windows, I am sure you know the feeling:

del ft*
The process cannot access the file because it is being used by another process.

There was an execellent article that described how one of my favorite tools procexp.exe from PsTools has a "Find handle or dll" (CTRL+F) that does the trick.

I think process explorer can only see local processes locking a file, it can not see if you have locked using a share for example. I have not tested it.

The same article also describes some possible solutions for command line based, I didnt have a need for that yet though:

Note: There is also a command-line tool named Handle from Windows Sysinternals that can display open handles for any process in the system. See: View Open Handles to a file or folder from the context menu from the Winhelponline.com Blog.

...

Once installed, reboot Windows and use the Oh.exe (Open Handles) command-line tool. For exact parameters, open Help and Support center and type-in OH. The following example shows how to find the Process(es) which have locked the file "INBOX.DBX".
Open a Command Prompt window and type:
oh inbox.dbx >C:\Output.txt

As for the oh.exe method it require reboot after windows 2003 resource kit installation, or you will see:

The system global flag `maintain object type lists' is not enabledfor this system. Please use `oh +otl' to enable it and then reboot.

But it looks very powerfull:

oh - Object handles dump -- built by: dnsrv_dev(v-smgum)
Copyright (c) Microsoft Corporation. All rights reserved.

OH [DUMP_OPTIONS ...]
OH [FLAGS_OPTIONS ...]
OH -c [COMPARE_OPTIONS ...] BEFORE_LOG AFTER_LOG

DUMP_OPTIONS are:

-p N - displays only open handles for process with ID of n. If not
specified perform a system wide dump.
-t TYPENAME - displays only open object names of specified type.
-o FILENAME - specifies the name of the file to write the output to.
-a includes objects with no name.
-s display summary information
-h display stack traces for handles (a process ID must be specified)
-u display only handles with no references in process memory
-v verbose mode (used for debugging oh)
NAME - displays only handles that contain the specified name.

Windows command box shell tips

After so many years with the Windows command line shell, I still learn new stuff every now and then :-)

Today a collegue showed me a feature similar to bash ctrl+R for recalling commands, instead of using up and down arrow:

1. Type a bit of the command that you know you have used just a while back
2. Toggle through the commands with F8 ... nice :-)

While I am here, I want to remind myself:

• Enable quickedit mode in cmd box options tab: [v] QuickEdit Mode
• Increase Screen Buffer Size, Height: 9999
• Use doskey /history to get the last commands

More options for third party software updates

Not long ago I mentioned the Secunia PSI (Personal Software Inspector) as a mean to update your third party software on Windows.

Now I noticed that SANS ISC has a nice article with some more recommendations:

Other options are UpdateStar (Windows), SUMo - Software Update Monitor (Windows), VersionTracker [Pro] (Mac and Windows), RadarSync (Windows), UDC - UpdateChecker (Windows), Belarc Advisor (Windows), and App Update Widget (Mac).

I have not tried any of them yet :-)

The same day they had a really good point, about something that often bothers me on Windows and Mac:

Unprivileged user vs. Administrator: A few third-party Windows software do not show the availability of new updates unless you are running as Administrator.
...
Therefore, the conclusion is that you need to periodically (every day?) login as (or run things as) Administrator to perform periodic tests for new updates. Obviously, this is not practical for end users, so we clearly need to improve the third-party update mechanisms in Windows to be accurate, up-to-date and work smoothly from non-privileged accounts.

Query MSSQL from perl

I mentioned how to connect to MSSQL from batch, eg. using osql.exe, but today I wanted to do the same from Perl.

There are many samples on Google, using Win32::OLE or Win32::ODBC. Usually finding the right connection string is the hurdle.

For the ODBC connection strings it can look like this:

$DSN = 'driver={SQL Server};Server=$hostname\\$instance;database=$db;uid=$u;pwd=$p;';
if (!($db = new Win32::ODBC($DSN))){ die "Error: " . Win32::ODBC::Error() . "\n"; }

For Win32::OLE connection string with password can look like this:
my $ConnStr="Provider=SQLOLEDB;Initial Catalog=$db;Data Source=$server;User ID=$u;Password=$p;Network Library=DBMSSOCN";

But I really want to avoid the user and password in scripts. So for Win32::OLE connection string integrated security, without password, can look like this:
my $ConnStr="Provider=SQLOLEDB;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=$d;Data Source=$s;use Procedure for Prepare=0;Connect Timeout=4;Trusted_Connection=Yes";
# Provider=SQLOLEDB.1 or Provider=SQLNCLI.1

Testing connection, create a query, execute it, and work with is pretty straight forward:
my $Conn = Win32::OLE-> new('ADODB.Connection');
$Conn-> Open($ConnStr);
my $err = Win32::OLE::LastError();
if (not $err eq "0") { print"FATAL: no connection, OLE error 0x%08x: $err\n"; exit; } else { print"Connected OK\n"; }
my $Statement = "select servername from servertable where x = 0 AND id = 11";
if(! ($RS = $Conn->Execute($Statement)))
{ print Win32::OLE->LastError() ; exit; }
while (! $RS->EOF) {
$servername= $RS->Fields(0)->value;
print"servername is: $servername\n";
$RS->MoveNext; }
$RS->Close;
$Conn->Close;

Just for future reference the ODBC SQL update code could look like this:
$SqlStatement = "insert into dbo.MyTable values (\'$var1\',$var2,$number,getdate())";
if ($db->Sql($SqlStatement)){ print "Error: " . $db->Error() . "\n"; $db->Close(); exit; }

Windows IT Pro dec07 notes

It was a while since I read december 2007 Windows IT Pro issue, but here goes some notes from stuff I found particular useful, or otherwise hard to remember :-)

PDF utilities, similar to PDFcreator (that does not work on Vista), and working on Vista: CutePDF and PDFTools. I use PDFcreator all the time, but I dont use Vista just yet, but this is good to keep in mind! Some quotes from PDFTools features:

• encrypt a PDF file by assigning it a password
• create a protection-free version of encrypted PDF file
• create a PDF file by joining multiple PDF files
• split a PDF file in multiple ways, such as splitting each page to new PDF file and splitting a file after a given page number
• arrange pages in a PDF file
• overlay text or an image over a PDF file
• convert an XML file into a PDF file

Note that you need Java Runtime Environment/Java Development Kit (JRE/JDK) 1.4 or later to use PDFTools.

It was interesting to read "Are IT Pros Steering Their Children Away From IT" and "A Good Career For Your Kids", as since I recently became a dad I have actually been thinking about this several times!

I am certainly not recommending IT business to just anyone. I like to think of IT as being a "call", a desire, for helping people, deliver results, services and service to people, a call to engineer stable and innovative IT systems. For my daughter I will encourage her to do what ever she likes, and if that is IT, that is OK. I think an IT developer, administrator or project manager can be a happy job, but you have to be very aware of the all the factors. This is a hard topic to just put down some notes on, I definately have to give it some more thoughts and its own post, its really interesting and worth dicussing with wife, family and friends!

As you probably know Windows 2008 will have the Server Core option, which has a very limited GUI. This will be exciting to use, and undoubtly we will have to get used to many new command line utils and new/better usage of existing ones. One of the new tools we will get used to is the script SCRegEdit (Server Core RegEdit). Although regedit is a gui that will work in Server Core, SCRegEdit will help edit many registry keys, eg.:
scregedit /ar 0 enables remote desktop
scregedit /au 4 will download and install updates
scregedit /cs will allow Pre-Vista clients to connect with terminal services
... check out Microsofts Server Core guide, there are good tips:

Managing a Server Core installation: Overview
...
The script is located in the \Windows\System32 folder of a server running a Server Core installation. At a command prompt, open the folder, and then use the following command to display the usage instructions for the previous options:

cscript scregedit.wsf /?

Note:
You can use this command with the /cli option to display a list of common command-line tools and their usage.

Some VMware Server and VMware Workstation differences. So far I have managed fine with Server version. ESX will be next, the Workstation is never considered! But anyways interesting:

• Price, VMware Server is free :-)
• Server is service, Workstation is a desktop application
• Multiuser access for Server, not for Workstation. Server has a webinterface too!
  
• Workstation supports virtuals machines (VM) up to 8 GB RAM, Server only 3.6 GB RAM.
• Server can have only one snapshot, Workstation can have many.
• You can clone a Workstation virtual machine. In Server copying a VM is a manual process, but works fine.
• Workstation lets you manage several VMs in teams, eg. to have certain VMs startup before others. Server dont have VM Teams.
• Drag and drop objects from your desktop to the Workstation VMs. Server can not.
• You can capture an .avi movie of all activity in a Workstation VM.

So it was another great Windows IT Pro issue :-)

UPDATE: It was brought to my attention that VMWare workstation can be set up as a service [http://blogs.techrepublic.com.com/datacenter/?p=429&tag=nl.e101]

Query MSSQL from batch

Sometimes you want to perform the same batch task on several servers. For that I need a list of the servers that will need some job done. So I want to get the serverlist from the serverdatabase, instead of hardcoding the scripts. The most obvious would probably be using VBscript, but in this case turned to osql.exe for a quick solution:

set sqlbinary="\\someserver\c$\Program Files\Microsoft SQL Server\80\Tools\Binn\osql.exe"
set sqlserverinstance=HOSTNAME\INSTANCE
FOR /F "usebackq" %%A IN (`tempfile`) DO set sqltmp=%%A
set sqltmp=%sqltmp:/=\%
if exist %sqltmp% del %sqltmp%
echo Creating sql inputfile : %sqltmp%
echo set nocount on > %sqltmp%
echo select ServerName+^'::^'+ServerDesc >> %sqltmp%
echo from ServerTable where ServerType = 1 AND ServerGroup = 11 >> %sqltmp%
echo go >> %sqltmp%
%sqlbin% -d ServerDatabase -i %sqltmp% -n -E -S %sqlserverinstance% | egrep "^ [sS][0-9]" | sort | sed 's/^[ \t]*//'

Now I have a list with servernames and descriptions, which I can pipe to a .txt file or perform something on each :)

By the way, I stumbled upon an awesome Batch FAQ, really old, but with some very good points and links to more info. Here are some quotes:

*** How do I perform if-then-else in batch?

if not .%1==.help goto else
rem then commands here
goto endif
:else
rem else conditions here
:endif

...

*** What do all those }{ and $ things mean?

They're uniquely named temp files or variable names. It is
desirable to make the filenames as weird as possible to avoid
overwriting files that happen to have the same name. Also,
confusion is found in spacing and where the redirection
characters are, these all write "hey!" to a temp file...

echo>[myfile] hey!
>$$$tmp$$.$ echo hey!
echo hey! > tempfile

...

*** Utility programs for batch files

Batch simply wasn't designed to do the kinds of things users
want to do, although us batch hackers ignore this and try to
do them anyway. Batch input routines are especially kludgy
and incompatible, often it's easier to just use a utility
designed for the purpose and avoid the hassle.

SENVAR by Ed Schwartz makes it very easy to set an environment
variable to standard-input...

senvar evar - input from keyboard
program senvar evar > nul - input from program
senvar evar <> nul - input from file

SENVAR is at http://www.infionline.net/~wtnewton/batch/senvar.txt

The shareware XSET program by Marc Stern has many extra options,
like reading a file from a specific column and line number...

xset /mid 6 2 /line 3 evar <> nul

XSET is at http://members.tripod.com/~marcstern/xset.htm

ASET by Richard Breuer, free, makes mathematical operations as
easy as ASET result=2+2, functions for math, string handling,
file/kb input and more. File aset10.zip at Simtel.

Strings by Douglas Boling, free, provides commands for string
handling, modifying memory and master environment, reading files,
math, keyboard input and more. File string25.zip at Simtel.

Many more useful batch utilities can be found at...
Garbo: http://garbo.uwasa.fi/pc/batchutil.html
SimTel: ftp://ftp.simtel.net/pub/simtelnet/msdos/batchutl/

Playing with cmd, start and exit commands and parameters

If you are playing with Windows batch files you are probably using cmd parameters, such as /k to keep cmd box, or /c to close it after command completes, eg:
psexec \\server -e cmd /c "reg import d:\registry_setting.reg"

And similar, you are probably using "exit /b 1" to set errorlevel (returncode) of your script to 1 if it somehow failed.

I havnt used "start" before, but i had a bunch of scheduled tasks and one of those is running every minute, so I figured I would use "start /MIN". This workaround came to mind, because I have no idea how to make sure a tasks is running in session 0 for example, so the repeating task (every minute) can popup with stuff it is doing.. very annoying!

So I added "start /MIN" before my .bat script, but that was not enough. Running the scheduled task would not really start the script. So i added "cmd /C start /MIN somescript.bat", ugly but it worked! Now the scheduled task is minimized on every run.

I noticed that the start command creates its own "cmd /K" process, so my solution results in a process command line like this: "cmd /K somescript.bat". This means that because I am starting the somescript.bat with "start", I now have to add a trailing "exit" in the somescript.bat. Also ugly, but it works.

Now the weird thing I have been puzzled about is a bunch of cmd.exe processes hanging! Using procexp (part of pstools) I can see they are all started from within a Batch control system by running command "start anotherscript.bat". But the anotherscript.bat *does* actually have an exit at the end, so it seems strange that it is hanging. Perhaps it is a hickup in the batch control system!

I can not reproduce a hanging cmd.exe exit command, but I did manage somehow, with a bunch of start, cmd, exit, exit /b 1, etc etc, to create a hanging cmd.exe, where exit command would NOT complete! I dont know how, but in process explorer (procexp), I could see the cmd that was hanging. What could be happening is that exit hangs it self if a child process has disappeared. From the procexp I can not bring window for hanging cmd.exe pid 4696 to front. And then exit command inside cmd.exe pid 4448 is hanging for ever! It did not help to kill 4696 manually, exit of 4448 is still hanging! I had to kill 4448 manually, very annoying!

I suspect it being something weird with start and exit usage, but I am not sure. The exit /? puzzles me, and i am always using exit /B 1 instead of just exit 1. Maybe thats wrong?

exit /?
Quits the CMD.EXE program (command
interpreter) or the current batch
script.

EXIT [/B] [exitCode]

/B specifies to exit the current batch script instead of
CMD.EXE. If executed from outside a batch script, it
will quit CMD.EXE

exitCode
specifies a numeric number. if /B is specified, sets
ERRORLEVEL that number.
If quitting CMD.EXE, sets the process
exit code with that number.

Windows users and groups information

Being part of a Windows administrator group, responsible for a bunch of Windows server, where there is more than one administrator can be quite challenging!

We have a bunch of scripts that does some automatic documentation of:

• Server shares
• Server scheduled tasks
• Server services with sc.exe
• Ntfs permissions of selected directories.

Now I want add a script for documentation of the server users and groups!

Here is my first thoughts of what I would like:

1) given a username, script should return:
show group membership
show username details

2) given a groupname, script must give:
show members
show username details for each member

3) given a servername, return list of:
local users and run 1) for each username
local groupnames and run 2) for each groupname

I did some Google searches:

enumerate group memberslist of members in a local group, eg. who is member
of "administrators"
backup and recovery of windows users and groups
list of users and groups on windows server
enumerate local users and their membership
enumerate windows users with wmi

I ended up with a simple vbscript that combines a good userinfomation binary with some user and group info vbscript code. The output from the script is text, easily diffable, so changes can quickly be spottet.

Someone else surely should have cooked up something smart, as this task seems like something many administrators would appreciate. If you know of such script or application, please leave a comment :-)

A thing that puzzled me for a while was how to get output from the binary into the same STDOUT where I would be starting my script with cscript.exe listusersandgroups.wsf. This was needed as I want to pipe script output to a text file for version control commit and change management :-) So this was easily worked around like this:
set objWshShell = CreateObject("WScript.Shell")
set objWshShell = objWshShell.Exec(strCommand)
Do While objWshShell.StdOut.AtEndOfStream<>True
' running a file from inside vbscript and get output in same command window
strLine=objWshShell.StdOut.ReadLine
WScript.Echo strLine
Loop

The usual way I have started programs from inside VBscript, would be to have them hidden, similar to this:
set objWshShell = objWshShell.Exec(strCommand)
intRC = objWshShell.Run(StrCommand, 0, TRUE)
' parm 1 = command line
' parm 2 = window style (1 = normal, 0 = hidden)
' parm 3 = if true, waits for command
If intRC <> 0 Then ...
' and destroy it properly:
if isObject(objWshShell) then set objWshShell = nothing

Read more about the normal .Run method.

Software Inspector for personal Windows package management

Windows package management is not an easy task, often left only to WSUS server, WPKG, group policies or simply the individual applications automatic updates.

Leaving updates to only the applications and users themselves obviously is not good enough! Although this has gotten better the last years, some sort of action and verification is needed.

For example the Java Runtime Environment does not deinstall old versions when new versions are installed. Probably as a service for you, so your old java applications can decide which one they want to use, avoiding problems with incompatibility. But this update strategy also leaves a hole for crackers to potentially abuse!

I did mention installing and updating Windows applications with win-get, but it probably is not a option for anyone else than the tech geek at home.

How much package management Microsofts new NAP service can handle is unknown to me. What I have read so far sounds like it can do limited checks, such as if Windows hotfixes are applied and Firewall is on. I need hands on to know more I guess.

Well, here is something worth trying Software Inspector from Secunia:

Online version:
http://secunia.com/software_inspector/
Secunia Software Inspector
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.


Offline, for installation on your PC:
https://psi.secunia.com/
Version: 0.9.0.0 / Size: 444,892 bytes / Changelog
The Secunia PSI is only free for private individuals
The Secunia PSI is available free of charge.
Secure your PC. Patch your applications. Be proactive.
Scan for Insecure and End-of-Life applications.
Track your patch-performance week by week.
Direct and easy access to security patches.
Detect more than 300,000 unique application versions

For work, it would be perfect to have a central Software Inspector server (ala WSUS server) which has info of all computers where an agent was installed. Great for reporting and verification of your Windows package management tools actually does its thing as you are expecting!

Batch script userinput checking

I have to run a script with the runas command, but since the script is running commands toward several servers there is the danger of locking out the runas user if the password given is wrong. Simply because runas does not verify the password, it just executes the commands.

So to avoid problems I would like to ask the user for the password, verify the password, and only actually run the runas command if the password is as expected.

At a first glance this sounded good, I just had to put in the checksum of the expected userinput in the script, then calculate the checksum of the userinput, and compare the two inside the script.

At second thought this solution was not really acceptable, because if the users password changes, you would have to update the script! Not very robust or elegant. So instead a colleague pointed out the obvious, which of course is to check errorlevel of a single run of runas. That should not lock out the user:
runas /user:domain\username net >nul 2>&1
if not errorlevel 0 (set status=failure & goto exiting)

To make any of above approaches work, we needed a method of getting users input, and a method of sending that input to runas.

Getting the users input in a .batch file was solved by using a special .com file:
echo hP1X500P[PZBBBfh#b##fXf-V@`$fPf]f3/f1/5++u5>%inputfile%
echo Enter a string (it will not echo here):
for /f "tokens=*" %%i in ('%inputfile%') do set userinput=%%i
if "%userinput%"=="" (set status=stringempty & goto exiting)
if "%userinput%"=="^C" (set status=stringcancel & goto exiting)

Sending the %userinput% content back to runas could not be done with a redirection like <, so a mini vbscript for pasting a string was made: Set oArgs=wscript.Arguments
WScript.sleep(1000)
Set WshShell = CreateObject("WScript.Shell")
WshShell.SendKeys oArgs(0)&VBCRLF

Others have been discussing how to pipe passwords into runas, but i dont want to use the approaches described.

So problem was solved without using hardcodet md5 or sha256 checksums! But just to have the hardcoded approach for optional other use, here is how it was done:
FOR /F "usebackq" %%A IN (`echo %userinput% ^| md5deep.exe`) DO set md5hash=%%A
echo debug: md5hash of userinput is: %md5hash%
if "%md5hash%" == "77e2d91aa21a4158d889fb9836f38288" (set status=ok_string_is_hej & goto dosomething)
if "%md5hash%" == "291013bf3a3c543625a2777073f91799" (set status=ok_string_is_password & goto dosomething)

In the above i used md5deep to calculate a checksum of the batch string, and it could easily have been sha256deep.exe which is part of md5deep package.

I would have used Microsofts own Windows checksum util FCIV (FILE CHECKSUM INTEGRITY VERIFIER), but there are at least 2 problems with the current version 2.05:

First, fciv.exe does not take input from STDIN, which means you can not run like this:
echo foobar | fciv.exe

You have to echo into a file and then calculate the checksum:
echo foobar > foobar.txt
fciv.exe foobar.txt
//
// File Checksum Integrity Verifier version 2.05.
//
5e963b88334c3c4487572cce68496989 foobar.txt

So I used md5deep package, which actually does calculate checksum of input from stdin, useful for strings:
echo foobar | sha256deep.exe
791132eb55910a285d5bfeae94b49ead8d5184d7ecf70bccdeafd0e456c2916d
echo foobar | md5deep.exe
5e963b88334c3c4487572cce68496989

The second problem with fciv.exe is the output: it is too verbose! I would need only the checksum so I can put it into a variable. So md5deep it is!

The trick to actually get the output from external md5deep command into a batch variable, is to use a for loop, and escape the pipe () with a ^ instead of a \ which was what I tried first.

Apparently the hat (^) is the dos char for escaping, eg. used if you want to echo the following characters from a .batch file into another file: ^@, ^> and ^&. For example:
echo ^@echo off > c:\tempscript.bat
echo dir c:\ ^> c:\dirlist.txt >> c:\tempscript.bat
echo del c:\tempfile.log /F /Q >> c:\tempscript.bat
echo exit >> c:\tempscript.bat

Another md5 sum checker, built in java (source available), which can check a dir and subdirs, like md5deep.exe can be found here.

Event log ID to description and vice versa

Where do you go for event log id information? Google it - as anything else :-) Today i wanted to know the event ID for a Windows 2003 server rebooting, how do i find that?

Besides google it, I could look in an event log around the time of a reboot for a server.

I can not search it on Microsofts Events and Errors Message Center. It is useful if you have the event id, but not really for free text search.

I came closer when looking at Ultimate Windows Security website, but the lists are not complete and I didnt see an option for search.

512

All Versions

Windows NT is starting up

513

Win2003 XP

Windows NT is shutting downI

I thought EventID.net would be the place, but i can also only look up know ID numbers. They do require a registration fee for the more exotic search options, so perhaps I need to go there, I dont know. Besides that looking up info about eg. event id 513 gives really useful information:

Source	Security
Type	Success Audit
Description	Windows NT is shutting down. All logon sessions will be terminated by this shutdown.
English please!	Request a translation of the event description in plain English! An example of "English please" is available here.
Details	Comments and links for event id 513 from source Security

I will give the 3 scripts evtstats.pl/lsevt2.pl/lsevt.pl from Windows Security Analysis a try, as with that i can run a query toward a Windows 2003 server and grep for the word reboot. Perhaps this is the best way :-)

Other than this, i am not sure how to find this information, besides Googling of course :-)

Oh, while I am at it, i will leave a link to Stephen Bunting guide of repairing event log files.

Book review: Windows Forensic Analysis

I finally had a chance to finish reading Windows Forensic Analysis. From the start I was happy with the way the book is written, and I give it 5 of 5 possible. I am not working with forensics in my daily administration work, but I learned a lot about security methods and tools in general, something that can be of great help for normal administration too.

The book is flooded with tools worth trying, and with examples usage. The examples illustrates the topic really well, and the tools are perfect to get started on your own.

In addition to tool suggestions the author provides the reader with many perl scripts, which further helps in better understanding of the topic, and makes you want to learn more! The scripts are also simply useful and saves you a lot of time when you want to try the stuff discussed in the book. I just loooved the scripts!

I consider myself an okay experienced Windows administrator (since 1999), and many of the topics was not new. But I liked another explanation of the topics, and I also learned a lot of totally new stuff.

I recommend all Windows administrators reading this book! And dont forget to read Richard Bejtlichs review (TaoSecurity), he knows how to wrote really useful reviews!

Fetchlog alternatives for Windows and 2003/2000/NT resource kit tools

I am looking for an alternative to the simple fetchlog util on unix, which tails a file and has a bookmark of how far it has checked in the file. When a string is found, i can do action, such as launch script, send mail or restart services. Works well for some simple purposes :-)

I am not looking for full blown log analysis, such as OSSEC which I really like though.

I havnt found anything that I really want to use, but here is my list of things to try:

WinTail. $49.95, with basics such as send notify mails, but can it run a script, eg. a restart of a service? That is really often needed. 30 day trial, worth a try I guess.

Some more simple tail tools:
Tail4Win. Also 30 day trial, $45, looks similar to normal tail, there seems no notify option.
MakeLogic Tail. Freeware, tails more than one file, requires JRE 5.0, has no notifications it seems.
tail.exe. Windows 2003 resource kit (see below), does not tail more than one file!
Tail Ace. Freeware, multiple logfiles, but no notifications, java based, requires JRE 6.0.
Tail XP. Freeware. Tails more than one file, but you can not see difference, and it is showing in a gui which can not be piped to a grep for example. Only takes one file from commandline -f argument, and still opens it in a gui. No notifications.

None of the above really meets what I at least need of a fetchlog tool. If I can not find a fetchlog alike tool, I would at least need a grep tool that can tail -f more than one file, and from commandline. And output must be possible to send to STDOUT for more processing and use in scripts, eg. based on errorlevel. So far I havnt found anything that does this!

Some of the more full blown tools I stumbled upon was:
http://www.xpolog.com/home/products/xpologCenter.jsp

A comprehensive loganalyzer tool overview is available at download32.com, but it is all the stuff, not just what I am looking for, this tail -f specifics overview is not much better. Perhaps using a unix tools on Windows would be better than using the simple tools above, because those tools can be piped into other commands, which i really need.

Of course a normal tail without -f wont do, but since it has so nice batch example code here it is (for more of the same, take a look here and here):

@echo off
if {%1}=={} @echo FileName parameter requied.&goto :EOF
if not exist %1 @echo %1 does NOT exist.&goto :EOF
setlocal
set file=%1
set /a number=10
if not {%2}=={} set /a number=%2
for /f %%i in ('find /v /c "" ^< %file%') do set /a lines=%%i @echo %lines% lines in file %file%. if %number% GEQ %lines% set /a start=0&goto console set /a start=%lines% - %number% :console more /e +%start% %file% endlocal  

It was a surprise to me that the Windows 2003 resource kit free tools has a tail.exe, of course it is not enough for notifications and actions, and it can not tail more than one file! For completeness, here is the Windows 2003 resource kit tool list:

• Acctinfo.dll (documented in Readme.htm)
• Adlb.exe: Active Directory Load Balancing Tool
• Admx.msi: ADM File Parser
• Atmarp.exe: Windows ATM ARP Server Information Tool
• Atmlane.exe: Windows ATM LAN Emulation Client Information
• Autoexnt.exe: AutoExNT Service
• Cdburn.exe: ISO CD-ROM Burner Tool
• Checkrepl.vbs: Check Replication
• Chklnks.exe: Link Check Wizard
• Chknic.exe: Network Interface Card Compliance Tool for Network Load Balancing
• Cleanspl.exe: Spooler Cleaner
• Clearmem.exe: Clear Memory
• Clusdiag.msi: Cluster Diagnostics and Verification Tool
• Clusfileport.dll: Cluster Print File Port
• Clusterrecovery.exe: Server Cluster Recovery Utility
• Cmdhere.inf: Command Here
• Cmgetcer.dll: Connection Manager Certificate Deployment Tool
• Compress.exe: Compress Files
• Confdisk.exe: Disk Configuration Tool
• Consume.exe: Memory Consumers Tool
• Creatfil.exe: Create File
• Csccmd.exe: Client-Side Caching Command-Line Options
• Custreasonedit.exe: Custom Reason Editor (documented in Readme.htm)
• Delprof.exe: User Profile Deletion Utility
• Dh.exe: Display Heap
• Diskraid.exe: RAID Configuration Tool
• Diskuse.exe: User Disk Usage Tool
• Dnsdiag.exe: SMTP DNS Diagnostic Tool (documented in Readme.htm)
• Dumpfsmos.cmd: Dump FSMO Roles
• Dvdburn.exe: ISO DVD Burner Tool
• Empty.exe: Free Working Set Tool
• Eventcombmt.exe: Check Replication
• Fcopy.exe: File Copy Utility for Message Queuing
• Frsflags.vbs
• Getcm.exe: Connection Manager Profile Update
• Gpmonitor.exe: Group Policy Monitor
• Gpotool.exe: Group Policy Objects
• Hlscan.exe: Hard Link Display Tool
• Ifilttst.exe: IFilter Test Suite
• Ifmember.exe: User Membership Tool
• Inetesc.adm: Internet Explorer Enhanced Security Configuration
• Iniman.exe: Initialization Files Manipulation Tool
• Instcm.exe: Install Connection Manager Profile
• Instsrv.exe: Service Installer
• Intfiltr.exe: Interrupt Affinity Tool
• Kerbtray.exe: Kerberos Tray
• Kernrate.exe: Kernel Profiling Tool
• Klist.exe: Kerberos List
• Krt.exe: Certification Authority Key Recovery
• Lbridge.cmd: L-Bridge
• Linkd.exe
• Linkspeed.exe: Link Speed
• List.exe: List Text File Tool
• Lockoutstatus.exe: Account Lockout Status (documented in Readme.htm)
• Logtime.exe
• Lsreport.exe: Terminal Services Licensing Reporter
• Lsview.exe: Terminal Services License Server Viewer
• Mcast.exe: Multicast Packet Tool
• Memmonitor.exe: Memory Monitor
• Memtriage.exe: Resource Leak Triage Tool
• Mibcc.exe: SNMP MIB Compiler
• Moveuser.exe: Move Users
• Mscep.dll: Certificate Services Add-on for Simple Certificate Enrollment Protocol
• Nlsinfo.exe: Locale Information Tool
• Now.exe: STDOUT Current Date and Time
• Ntimer.exe: Windows Program Timer
• Ntrights.exe
• Oh.exe: Open Handles
• Oleview.exe: OLE/COM Object Viewer
• Pathman.exe: Path Manager
• Permcopy.exe: Share Permissions Copy
• Perms.exe: User File Permissions Tool
• Pfmon.exe: Page Fault Monitor
• Pkiview.msc: PKI Health Tool
• Pmon.exe: Process Resource Monitor
• Printdriverinfo.exe: Drivers Source
• Prnadmin.dll: Printer Administration Objects
• Qgrep.exe
• Qtcp.exe: QoS Time Stamp
• Queryad.vbs: Query Active Directory
• Rassrvmon.exe: RAS Server Monitor
• Rcontrolad.exe: Active Directory Remote Control Add-On
• Regini.exe: Registry Change by Script
• Regview.exe (documented in Readme.htm)
• Remapkey.exe: Remap Windows Keyboard Layout
• Robocopy.exe: Robust File Copy Utility
• Rpccfg.exe: RPC Configuration Tool
• Rpcdump.exe
• Rpcping.exe
• RPing: RPC Connectivity Verification Tool
• Rqc.exe: Remote Access Quarantine Client
• Rqs.exe: Remote Access Quarantine Agent
• Setprinter.exe: Spooler Configuration Tool
• Showacls.exe
• Showperf.exe: Performance Data Block Dump Utility
• Showpriv.exe: Show Privilege
• Sleep.exe: Batch File Wait
• Sonar.exe: FRS Status Viewer
• Splinfo.exe: Print Spooler Information
• Srvany.exe: Applications as Services Utility
• Srvcheck.exe: Server Share Check
• Srvinfo.exe: Remote Server Information
• Srvmgr.exe: Server Manager
• Ssdformat.exe: System State Data Formatter
• Subinacl.exe
• Tail.exe
• Tcmon.exe: Traffic Control Monitor
• Timeit.exe (documented in Readme.htm)
• Timezone.exe: Daylight Saving Time Update Utility
• Tsctst.exe: Terminal Server Client License Dump Tool
• Tsscalling.exe: Terminal Services Scalability Planning Tools
• Uddicatschemeeditor.exe: UDDI Services Categorization Scheme Editor
• Uddiconfig.exe: UDDI Services Command-line Configuration Utility
• Uddidataexport.exe: UDDI Data Export Wizard
• Usrmgr.exe: User Manager for Domains
• Vadump.exe: Virtual Address Dump
• Vfi.exe: Visual File Information
• Volperf.exe: Shadow Copy Performance Counters
• Volrest.exe: Shadow Copies for Shared Folders Restore Tool
• Vrfydsk.exe: Verify Disk
• Winexit.scr: Windows Exit Screen Saver
• Winhttpcertcfg.exe: WinHTTP Certificate Configuration Tool
• Winhttptracecfg.exe: WinHTTP Tracing Facility Configuration Tool
• Winpolicies.exe: Policy Spy
• Wins.dll: WINS Replication Network Monitor Parser
• Wlbs_hb.dll & Wlbs_rc.dll: Windows Load Balancing Server Network Monitor Parsers

Now that we are looking at Windows 2003, I am reminded that i have previously gotten help (RMTSHARE.EXE) from Windows NT resource kit tools! So here is that list. Some of the Windows NT resource kit tools can be downloaded from Microsoft.

ADDUSERS.EXE: AddUsers - Command-line utility, creates or writes user accounts to a comma delimited file.
(Updated) ANIEDIT.EXE: Animated Cursor Creator - Windows-based tool for drawing and editing animated cursors.
APIMON.EXE: API Monitor
ASSOCIATE.EXE
(Updated) ATANALYZR.EXE: AppleTalk network device ANaLYZeR
AUDITCAT.HLP: Audit Categories Help
(New) AUDITPOL.EXE: AuditPol
AUTOEXNT.EXE: AutoExNT Service - Enables you to start a batch file, AUTOEXNT.BAT, at boot time without having to log on to the computer on which it will run.
(Updated) AUTOLOG.EXE: Windows NT Auto Logon Setter

BREAKFTM.EXE: Automated Mirror Break/Restore Utility
BROWMON.EXE: Browser Monitor - Windows-based tool, shows browser status.
BROWSTAT.EXE: Browser Status - Command-line utility, diagnoses browser problems and shows browser status.

C2CONFIG.EXE: Windows NT C2 Configuration Manager
CHOICE.EXE: Input from Batch Files - (MS-DOS 6.0 utility).
(Updated) CLIP.EXE: Clip
(New) CLIPSTOR.EXE
CMDHERE.EXE: Command Prompt Here
COMPREG.EXE - A Win32 character-based/command-line "Registry DIFF" that enables you to compare any two local and/or remote Registry keys in both Windows NT and Windows 95.
COMPRESS.EXE: File Compress - Command-line utility, compresses files. Needed for Setup customization.
(Updated) COUNTERS.HLP : Windows NT Performance Counters Help
Crystal Reports Event Log Viewer - Provides an easy way to extract, view, save, and publish information from the Windows NT system, application, and security event logs in a variety of formats.

dbWeb
(New) DEFPTR.EXE: Default Printer
DELPROF.EXE: User Profile Deletion Utility
DELSRV.EXE
(New) DEPENDS.EXE: Dependency Walker
Desktop Themes for Windows NT 4.0
DESKTOPS.EXE: DeskTops
DFLYDIST.EXE: Compound File Layout User Tool
(Updated) DH.EXE - Command-line utility, enables you to lock heaps, tags, stacks, and objects.
DHCPCMD.EXE: DHCP Administrator's Tool - Command-line utility.
(Updated) DHCPLOC.EXE: DHCP Server Locator Utility - Command-line utility, detects unauthorized DHCP servers on a subnet.
(Updated) DIRUSE.EXE: Directory Disk Usage - Command-line utility, shows disk space used per directory.
DISKMAP.EXE
DISKSAVE.EXE - Enables you to save the Master Boot Record and Boot Sector as binary image files.
DISKUSE.EXE - Command-line utility, scans directories on a hard disk and reports on space used by each user.
(New) DNSCMD.EXE
DOMMON.EXE: Domain Monitor - Windows-based tool, gives status on domains, domain controllers, trust relationships.
DRIVERS.EXE: Device Driver Information - Command-line utility, shows what drivers have loaded.
DSKPROBE.EXE: DiskProbe
DUMPEL.EXE: Dump Event Log - Command-line utility, dumps the event log to a file.

EM2MS.EXE
EMWAC Server CGI Gateway Scripts
ENUMPRN.EXE
EXCTRLST.EXE: Extensible Performance Counter List
EXETYPE.EXE: Finding the Executable Type - Command-line utility, identifies the hardware platform of a .EXE file.
EXPNDW32.EXE: File Expansion Utility - File Expansion utility, expands the compressed files on Windows NT distribution media.

FILEVER.EXE: FileVer - Command-line utility, examines the version resource structure of a file or a directory of files and displays information on the versions of executable files.
(New) FILEWISE.EXE
FINDGRP.EXE: Find Group - Command-line utility, finds all group memberships of a specified user.
(Updated) FIXACLS.EXE: Reset System File Permissions
FLOPLOCK.EXE: Lock Floppy Disk Drives - Command-line utility or service that restricts access to floppy drives.
FORFILES.EXE
FREEDISK.EXE
FTEDIT.EXE: FT Registry Information Editor - Windows-based tool, enables you to create, edit, and delete fault tolerance sets for disk drives and partitions of local and remote computers.

GETMAC.EXE
GETSID.EXE
GFLAGS.EXE
(Updated) GLOBAL.EXE
GRPCPY.EXE: Group Copy

HCLNT4.HLP: Hardware Compatibility List - HCL in online Help format
(Updated) HEAPMON.EXE

IFMEMBER.EXE - Command-line utility, checks whether the current user is a member of a specified group
. IMAGEDIT.EXE: Image Editor - Windows-based tool, enables the creation of icons and cursors, and also used by the Animated Cursor Creator.
Index Server
INSTALLD.CMD (NTDETECT.COM): Startup Hardware Detector
INSTSRV.EXE: Service Installer - Installs any service.

KERNPROF.EXE: Kernel Profiler
KILL.EXE: Task Killing Utility - Command-line utility, use to end one or more tasks, or processes.
KIX32.EXE: KiXtart 95
(New) KIXGRP.EXE

LAYOUT.DLL
LEAKYAPP.EXE: LeakyApp
LINKCK.EXE: Link Checker
(Updated) LOCAL.EXE
LOGEVENT.EXE: Event Logging Utility
(New) LOGOFF.EXE
LOGTIME.EXE

MIBCC.EXE: SNMP MIB compiler
MONITOR.EXE: Performance Data Logging Service and Configuration Tool
(Updated) MUNGE.EXE

NETCLIP.EXE: Remote Clipboard Viewer
NETCONS.EXE: Net Connections
(New) NETDOM.EXE
NETSVC.EXE: Command-line Service Controller - Command-line utility, remotely starts, stops, and queries the status of services.
(Updated) NetTime for Macintosh
NETWATCH.EXE: Net Watcher - Windows-based tool, shows who is connected to shared directories.
NLMON.EXE
NLTEST.EXE
NOW.EXE: Now - Displays the current date and time on STDOUT, followed by any command-line arguments you add.
(Updated) NTCARD40.HLP: Adapter Help - Describes settings for hardware supported under Windows NT.
NTDETECT.COM (INSTALLD.CMD): Startup Hardware Detector
(Updated) NTEVNTLG.MDB
(Updated) NTIMER.EXE
(Updated) NTMSG.HLP
(New) NTRIGHTS.EXE
NTUUCODE.EXE: 32-Bit UUDecode and UUEncode Utility

OH.EXE
OLEVIEW.EXE: OLE/COM Object Viewer
OS2API.TXT - List of compatible APIs in the OS/2 subsystem.

PASSPROP.EXE
(Updated) PATHMAN.EXE: Pathman
(Updated) PERF2MIB.EXE: Performance Monitor MIB Builder Tool
(Updated) PerfLog: Performance Data Log Service
PERFMTR.EXE: Performance Meter - Text-mode utility, provides performance information.
(Updated) Performance Tools
Perl 5 Scripting Language
PERMCOPY.EXE
PERMS.EXE: File Access Permissions per User - Command-line utility.
PFMON.EXE: Page Fault Monitor
PMON.EXE: Process Resource Monitor - Command-line utility.
POLEDIT.EXE: Windows NT System Policy Editor
POSIX Utilities
Power Toys
PSTAT.EXE: Process and Thread Status - Command-line utility, shows process statistics. Useful for debugging problems.
PULIST.EXE
PVIEWER.EXE: Process Viewer - Windows-based tool, shows the processes running in the system and allows ending processes and boosting priority.

QSLICE.EXE: CPU Usage by Processes - Windows-based tool.
QUICKRES.EXE: Quick Resolution Changer

RASLIST.EXE
RASUSERS.EXE: Enumerating Remote Access Users - Command-line utility.
RCMD.EXE: Remote Command Service - Remotely administers and runs command-line programs, client program. Used with RCMDSVC.EXE.
(New) REG.EXE
REGBACK.EXE: Registry Backup - Command-line utility, backs up Registry hives to files without the use of tape.
REGDMP.EXE
(Updated) REGENTRY.HLP: Windows NT Registry Entries - Online Help file
REGFIND.EXE
Regina REXX Scripting Language
REGINI.EXE: Registry Change by Script - Command-line utility, good for Setup programs.
REGKEY.EXE: Logon and FAT File System Settings - Windows-based tool, sets new Registry settings without actually editing the Registry. (Not on PPC RISC-based computers)
REGREST.EXE: Registry Restoration - Command-line utility, restores Registry hives from files.
Remote Access Manager
(Updated) Remote Console
(Updated) REMOTE.EXE: Remote Command Line - Command-line utility, runs command-line programs on remote computers.
Remote Kill
RIPROUTE.WRI: Routing with Windows NT Server
RMTSHARE.EXE: Remote Share - Command-line utility, sets up or deletes shares remotely and can grant and remove ACLs on those shares.
ROBOCOPY.EXE: Enhanced Network File-Copying Utility - Command-line utility.
RSHSVC.EXE: TCP/IP Remote Shell Service
RSHXMENU.EXE: Security Power Toy
RUNEXT: Run Extension

SC.EXE
SCANREG.EXE - A Win32 character-based/command-line "Registry GREP" that enables you to search for any string in keynames, valuenames, and/or valuedata in local or remote Registries keys in both Windows NT and Windows 95.
SCLIST.EXE
SCOPY.EXE: File Copy with Security - Command-line utility.
SECADD.EXE
SECEDIT.EXE
(Updated) SETEDIT.EXE
SETUPMGR.EXE: Setup Manager - Windows-based tool, enables Windows NT to be installed or upgraded remotely.
SETX.EXE
ShareUI
SHORTCUT.EXE
(Updated) SHOWACLS.EXE
SHOWDISK.EXE
SHOWGRPS.EXE
SHOWMBRS.EXE
SHUTDOWN.EXE and SHUTGUI.EXE: Remote Shutdown - Command-line and GUI utilities, remotely shut down a server.
(New) SIPANEL.EXE: Soft Input Panel
SLEEP.EXE: Batch File Wait - Command-line utility, waits for a specified amount of time. Useful in batch files.
SNMPMON.EXE: SNMP Monitor
SNMPUTIL.EXE: SNMP Browser
SOON.EXE: Near-Future Command Scheduler
SRVANY.EXE: Applications as Services Utility
SRVCHECK.EXE
SRVINFO.EXE
SRVINSTW.EXE: Service Installer Wizard
(New) SRVMON.EXE: Service Monitor
(Updated) SU.EXE - Enables you to start a process running as an arbitrary user.
(Updated) SUBINACL.EXE: SubInAcl
SYSDIFF.EXE

TDISHOW.EXE: TDI Tracing Utility - Command-line utility, traces packets going across the TDI layer.
TELNETD.EXE: Telnet Server Beta
TEXTVIEW.EXE: TextViewer
TIMEOUT.EXE
(Updated) TIMESERV.EXE: Time Synchronizing Service - Command-line utility or service.
TIMETHIS.EXE: TimeThis
TIMEZONE.EXE
TLIST.EXE: Task List Viewer
TLOCMGR.EXE: Telephony Location Manager
TOPDESK.EXE: Multiple Desktops - Windows-based tool.
(Updated) TOTLPROC.EXE
TweakUI
TZEDIT.EXE: Time Zone Editor - Windows-based tool.

UPTOMP.EXE: Uni to Multiprocessor Upgrade Utility
USRSTAT.EXE
USRTOGRP.EXE: Add Users to Groups - Command-line utility, adds users to local or global groups from a user-specified input text file.

VDESK.EXE

(New) WAITFOR.EXE
WCAT: Web Capacity Analysis Tool
Web Administration of Microsoft Windows NT Server
WhoAmI
(Updated) WINAT.EXE: Command Scheduler
WINDIFF.EXE: File and Directory Comparison - Windows-based tool.
WINEXIT.SCR: Windows Exit Screen Saver - Logs the current user off after a specified time has elapsed.
(Updated) WINLOGO.DOC: "Designed for Windows NT and Windows 95" Logo Handbook
(Updated) WinMsdP.EXE - Command-line utility, generates a text file of all the information in WINMSD.
WINSCHK.EXE
WINSCL.EXE
WINSDMP.EXE: WinsDump
WNTIPCFG.EXE: Graphical IPConfig Utility

XCACLS.EXE

The Windows 2000 resource kit tools are equally important(jt.exe), here is a (not complete list). You can download some of the Windows 2000 resource kit tools from Microsoft.

Active Directory Sizer (adsizer.exe)
Application Programming Interface monitor (apimon.exe)
Application Security (appsec.exe)
Cluster Quorum Restore Utility (clusrest.exe)
Counter List (ctrlist.exe)
Cluster Verification Utility (clustsim.exe)
Domain Controller Diagnostic Tool (dcdiag.exe)
Delete File and Reparse Points (delrp.exe)
Delete Server (delsrv.exe)
Display Heap (dh.exe)
DHCP Database Export Import Tool (dhcpexim.exe)
Directory Disk Usage (diruse.exe)
Disk Map (diskmap.exe)
Disk Partition (diskpart.exe)
Disk Manager Diagnostics (dmdiag.exe)
List Loaded Drivers (drivers.exe)
Drive Share (drmapsrv.exe)
Dump Event Log (dumpel.exe)
Dump FSMO Roles (dumpfsmos.cmd)
Registry Size Estimator (dureg.exe)
Encrypting File System Information (efsinfo.exe)
Extensible Performance Counter List (exctrlst.exe)
Extract Cabinet (extract.exe)
FAZAM 2000
GetMAC (getmac.exe)
Get Security ID (getsid.exe)
Group Policy Verification Tool (gpotool.exe)
Group Policy Results (gpresult.exe)
GUID to Object (guid2obj.exe)
Heap Monitor (heapmon.exe)
Hard link display tool (hlscan.exe)
If Member (Ifmember.exe)
IIS Migration Wizard (IISMIGrationWizard_Setup.exe)
Installation Monitor (instaler_setup.exe)
File-In-Use Replace Utility (inuse.exe)
Internet Protocol Security Policies Tool (lpsecpol.exe)
Kerberos Tray (kerbtray.exe)
Kerberos List (klist.exe)
Network Connectivity Tester (netdiag.exe)
Now (now.exe)
NT Detect (ntdetect.com)
Open Handles (oh.exe)
OLE/COM Object Viewer (oleview.exe)
Path Manager (pathman.exe)
File Access Permissions per User (perms.exe)
Page Fault Monitor (pfmon.exe)
Process and Thread Status (pstat.exe)
PuList (pulist.exe)
File Copy (rdpclip.exe)
Relog (relog.exe)
RPC Configuration Tool (rpccfg.exe)
RPC Dump (rpcdump.exe)
RPC Connectivity Verification Tool (rpings.exe)
Manipulate Service Principal Names for Accounts (setspn.exe)
SetX (setx.exe)
Performance Data Block Dump Utility (showperf.exe)
File Replication Service (FRS) Status Viewer (sonar.exe)
Near-Future Command Scheduler (soon.exe)
Automated Installation Tool (sysdiff.exe)
Timethis (timethis.exe)
Trace Dump (tracedmp.exe)
Trace Enable (traceenable.exe)
Trace Log (tracelog.exe)
Terminal Server Capacity Planning Tools (tscpt.exe)
User State Migration Tool (usmt.exe)
Virtual Address Dump (vadump.exe)
Who Am I (whoami.exe)
WinStation Monitor (winsta.exe)
Windows NT IPConfig Utility (wntipcfg.exe)
XCacls (xcacls.exe)

Maybe someone knows of a website that does "Windows alternatives for open source tools", similar to "Open source alternative for Windows (commercial) tools"?