|
Last
updated October 6, 2000
|
| |
This
page presents a continuously growing collection
of applets that fill holes in the functionality
that NT comes with out of the box.
| |
Autologon v1.0 |
Configure
WinNT/2K auto-logon properties |
| |
AutoRuns v1.2 |
Easily
view autostart and startup programs configured
on your system |
| |
ClockRes v1.0 |
View
the resolution of the system clock, which
is also the maximum timer resolution |
|
EFSDump v1.02 |
Dump
information about Win2K encrypted files |
| |
Hostname |
Convert
IP addresses to host names and vice versa |
| |
IsTrial v1.0 |
See if
you have a trial version of WinNT/2K, and
if so, when it will expire |
| |
Junction 1.02 |
Create
NTFS directory junctions
|
| |
LoadOrder v1.0 |
See the
order in which devices are loaded on your
WinNT/2K system |
| |
PsTools v1.1 |
A collection
of command-line tools including PsUptime,
PsLoggedOn, and more. |
| |
Streams v1.1 |
View
NTFS file stream information |
| |
Strings v2.02 |
Search
files for ASCII or UNICODE strings |
| |
Sync v2.0 |
Flush
the WinNT/2K file system cache to disk |
| |
VolumeId v1.0 |
Change
the volume IDs of hard drives and floppy disks |
|
|
Windows NT/2K provides
Registry settings that can be set so that a user
is automatically logged in the next time the system
would otherwise put up the logon dialog box. However,
the Registry values are hidden very deep, and are
a pain to configure. This program, Autologon, will
do the Registry configuration for you, and allow
you to enable and disable auto-logon when you want.
Autologon easy enough to use. Just run autolog.exe,
fill in the dialog, and hit Enable. To turn
off auto-logon, hit Disable. If the DefaultPassword
is NULL, autologon will only occur once and then
be disabled. Also, if the shift key is held down
before the system performs an autologon, the autologon
will be disabled for that logon.
Download Autologon
(8KB)
Download
Autologon Source (21KB)
|
| |
This applet shows you
what programs are configured to run during system
bootup or login. These programs include ones in
your startup folder, Run, RunOnce, and other Registry
keys. You'll probably be surprised at how many executables
are launched automatically. AutoRuns works
on Windows 9x and Windows NT/2K. (The complete list
of auto-run locations was obtained from David
Solomon's "Windows 2000 Internals" seminar)
Download AutoRuns
(32KB)
Download AutoRuns
plus Source (40KB)
|
|
Ever wondered
what the resolution of the system clock was, or
perhaps the maximum timer resolution that your application
could obtain? The answer lies in a simple function
named GetSystemTimeAdjustment, and the ClockRes
applet performs the function and shows you the result.
See "Inside Windows NT High Resolution Timers"
for information on increasing the resolution. ClockRes
works on Windows NT/2K only, and does not take any
command-line arguments.
Download ClockRes
(12KB)
|
|
| Windows
2000 introduces the Encrypting File System (EFS)
so that users can protect their sensitive data.
Several new APIs make their debut to support this
factility, including one - QueryUsersOnEncryptedFile
- that lets you see who has access to encrypted
files. This applet uses the API to show you what
accounts are authorized to access encrypted files.
Full source code is included.
Usage: efsdump [-s]
<file or directory>
-s Recurse
subdirectories.
EFSDump takes
wildcards e.g. 'efsdump *.txt'.
Download EFSDump
(23KB)
|
|
| Hostname
is a very simply utility that takes either an
IP address (e.g. 123.456.7.8), or a host name (e.g.
ftp.ntinternals.com), and performs a translation
into its inverse form. For example, if you pass
hostname an IP address, you'll get back a
host name, and if you pass it a host name it will
give you the corresponding IP address. It runs under
Windows 95/98 and Windows NT/2K.
Usage: hostname [IP address, hostname]
Download hostname
(11KB)
|
|
| Microsoft
makes available a 120-day time-locked version of
Windows NT, and their Beta versions expire 240 days
after they are installed. However, Microsoft does
not provide any means of determining if the version
of NT you are running is a time-locked version or
not. Many organizations run into problems when an
installation they had forgotten was a trial version
suddenly announces it is shutting down. This applet
will tell you whether your systems are running trial
versions of NT, and if they are, their exact expiration
times.
Usage: istrial
Download IsTrial
(13KB)
|
|
Win2K's
version of NTFS supports directory symbolic links,
where a directory serves as a symbolic link to another
directory on the computer. For example, if the directory
D:\SYMLINK specified C:\WINNT\SYSTEM32 as its target,
then an application accessing D:\SYMLINK\DRIVERS
would in reality be accessing C:\WINNT\SYSTEM32\DRIVERS.
Directory symbolic links are known as NTFS junctions
in Win2K. Unfortunately, Win2K comes with no tools
for creating junctions - you have to purchase the
Win2K Resource Kit, which comes the linkd program
for creating junctions. I therefore decided to write
my own junction-creating tool: Junction.
Junction not only allows you to create NTFS
junctions, it allows you to see if files or directories
are actually reparse points. Reparse points are
the mechanism on which NTFS junctions are based,
and they are used by Win2K's Remote Storage Service
(RSS), as well as volume mount points.
If you want to view reparse information, the usage
for Junction is the following:
Usage: junction [-s] <directory or file
name>
-s Recurse
subdirectories.
If you want to create or delete a junction, use
Junction like this:
Usage: junction [-d] <junction directory>
[<junction target>]
To delete a junction specify the -d switch and the
junction name.
Download Junction
(16KB)
Download Junction
Source (22KB)
|
|
This applet
shows you the order that a Windows NT or Windows
2000 system loads device drivers. Note that on Windows
2000 plug-and-play drivers may actually load in
a different order than the one calculated, because
plug-and-play drivers are loaded on demand during
device detection and enumeration.
Download LoadOrder
(16KB) |
|
| The NTFS
file system provides applications the ability to
create alternate data streams of information. By
default, all data is stored in a file's main unnamed
data stream, but by using the syntax "file:stream",
you are able to read and write to alternates. Not
all applications are written to access alternate
streams, but you can demonstrate streams very simply.
First, change to a directory on a NTFS drive from
within a command prompt. Next, type "echo hello
> test:stream". You've just created a stream
named 'stream' that is associated with the file
'test'. Note that when you look at the size of test
it is reported as 0, and the file looks empty when
opened in any text editor. To see your stream enter
"more < test:stream" (the type
command doesn't accept stream syntax so you have
to use more).
NT does not come with any tools that let you
see which NTFS files have streams associated with
them, so I've written one myself. Streams
will examine the files you specify and inform
you of the name and sizes of any named streams
it encounters within those files. Streams
makes use of an undocumented native function for
retrieving file stream information. Full source
code is included.
Usage: streams [-s] <file or directory>
-s Recurse
subdirectories.
Streams takes wildcards e.g. 'streams
*.txt'.
Download Streams
(19KB) |
|
| Working
on NT and Win2K means that executables and object
files will many times have embedded UNICODE strings
that you cannot easily see with a standard ASCII
strings or grep programs. So we decided to roll
our own. Strings just scans the file you
pass it for UNICODE (or ASCII) strings of a default
length of 3 or more UNICODE (or ASCII) characters.
Note that it works under Windows 95 as well.
Usage: strings [-s] [-a] [-n X] <file or
directory>
Strings takes wild-card expressions for
file names, and additional command line parameters
are defined as follows:
| -s |
Recurse subdirectories. |
| -a |
Scan for ASCII instead of UNICODE |
| -n X |
Strings must be a minimum of X characters
in length. |
To search one or more files for the presence
of a particular sting using strings use
a command like this:
strings * | findstr /i TextToSearchFor
Download strings (14KB)
|
|
| UNIX provides
a standard utility called sync, which can
be used to direct the operating system to flush
all file system data to disk in order to insure
that it is stable and won't be lost in case of a
system failure. Otherwise, any modified data present
in the cache would be lost. Here is a an equivalent
that I wrote, called Sync, that works on
both Windows NT/2K and Windows 95/98. Use it whenever
you want to know that modified file data is safely
stored on your hard drives. Unfortunately, Sync
requires administrative privileges to run. This
version, 2.0, also lets you flush removable drives
such as ZIP drives. Source code to the NT-only version
of Sync is available on the Dr.
Dobb's Journal Sysinternals CD-ROM
Usage: sync [-r | drive letter list]
-r Flush
removable drives.
Specifying specific drives (e.g. "c e")
will result in Sync only flushing those
drives.
Download Sync (18KB)
Download Sync
for Compaq Alpha (39KB)
|
|
| While WinNT/2K
and Windows 9x's built-in Label utility lets
you change the labels of disk volumes, it does not
provide any means for changing volume ids. This
utiltity, Volumeid, allows you to change
the ids of FAT and NTFS disks (floppies or hard
drives) on both Windows NT/2K and Windows 9x.
Usage: volumeid <driveletter:> xxxx-xxxx
Note that changes on NTFS volumes won't be visible
until the next reboot. In addition, you should
shut down any applications you have running before
changing a volume id. NT may become confused and
think that the media (disk) has changed after
a FAT volume id has changed and pop up messages
indicating that you should reinsert the original
disk (!). It may then fail the disk requests of
applications using those drives.
Download VolumeID
(15KB)
|
Back to Top |
|
|
|
|
