The Top IT Tools, and where to get them!

In today’s post we’re going to take a closer look at 23 cmd-line tools that I find absolutely vital as a Windows sysadmin, Exchange admin, and general trouble-shooter. Each is free as in beer, many are free as in speech, and all can just sit somewhere in your path to be invoked at need.

I tried to decide whether to sort by use (too hard,) or favourite (Sophie’s choice!,) or category (too many are multitaskers,) and finally just decided that alphabetical was the way to go. So, in no particular order other than the classical Latin alphabet, here are the top 26 cmd-line tools on my computer.

1. Dig

Call me old-school on this one, but I just like dig better than I do nslookup. Maybe it’s the familiarity with it, or that it works the same on Windows and Linux, but this tool for querying DNS servers in invaluable. While I may not use it every day, I definitely use it multiple times per week. You can download dig as a part of the BIND for Windows, available at

2. Err

The Exchange Error Lookup Tool is not just for Exchange. Use this tool along with any hex code you get from a Windows error to see just what the heck that 0xc0ffee error might mean. It reads from the headers of all installed software, so if you run this on the server that has the error, you will get all possible references. Even running just on my workstation, I usually get enough to go on. You can download Err from

3. Host

Host is another great tool for quickly checking DNS for the ip.addr to go along with a name. While dig can be used to specify a server, get more details, recurse, etc., host just queries your configured DNS server and gives you an answer. Yes, you can do this with nslookup and a lot of folks just use ping to do the same thing, but host is a little more graceful, a little less noisy, shorter to type than nslookup, and makes you look cool when you use it. Well, maybe not that last part. It too is a part of the BIND for Windows package available at

4. Iperf

One of the best network throughput tools, EVAR, iperf is my go-to tool for checking to make sure all the wires and cables and little boxes of blinky lights are actually passing the bits and the bytes the way they should. Get it from and check out the great tutorial they have on that page.

5. md5sum

Sometimes, I feel a little paranoid, but when someone posts a file’s MD5 hash, I actually like to check it when I download it, and that’s where md5sum comes in. There are various file integrity check tools out there, but I like this old standby, which you can download from Of course, MD5 is old and busted, so is losing popularity quickly.

6. OpenSSL

There are lots of tools to manipulate certificate requests, certificates, and keys, but OpenSSL is the best. You can grab the Windows port from

7. PsExec

One of the best of the best tools from the Sysinternals guys, PsExec lets you execute commands on remote Windows machines, of course assuming that you have admin rights and the binaries exist on the remote machine. Well, actually, with -c you can copy over the executable or script, so all you really need is rights! You can download the suite of PsTools and read more on how to use PsExec at

8. PsFile

Another of the Sysinternals tools, PsFile is like “net files” but doesn’t truncate names and allows you to force close open files if need be. You can download the suite of PsTools and read more on how to use PsFile at

9. PsInfo

I use PsInfo with PsExec to quickly check uptime, build, and other hardware details from machines without having to log onto them and run Winver plus SystemInfo and then have to do maths. Get it in the PsTools collection and read about how to use it at

10. PsKill

Manes, Casper Manes. License to kill, bad processes that is. PsKill is like kill -9 or the resource kit utility kill, with the added benefit of being able to work remotely. See for more on how to use it as well as to download the PsTools suite.

11. PsList

Yet another in the great set of PsTools, PsList lets you list (and kill) processes running on remote computers, as well as to gather details on them like you would with Perfmon. See for all that it can do, or for yet another link to download the PsTools.

12. PsPing

Combining both ICMP, TCP, and UDP ping capabilities, as well as tests for latency and bandwidth, this great network tool in the PsTools is fantastic for troubleshooting networks. Read all about it at

13. PsService

PsService lets you view and manipulate services on both local and remote systems. Need to restart the DNS service on a DC without first logging on to it? Run a script to check the status of the BITS service on all systems? PsService is for you. Read all about it at

14. PsShutdown

Like shutdown on steroids, PsShutdown can also force log offs or just lock the console too. There’s a ton of switches documented at

15. PsSuspend

Not the last of the PsTools, but the last one in this article, PsSuspend can simply pause, or suspend, a process that you need to let finish, later. You know where to get it, and here’s where to read about it

16. Putty

Sure, PuTTy is more of a GUI than a cmd-line tool, but since you usually use the GUI to launch a terminal session to another host, skip the middle-man and just go straight to it. Use putty.exe with switches for -ssh, -telnet, -rlogin, or -raw and specify the remote host to get right into it. You can download PuTTy from

17. restart.cmd

A simple batch file I put on pretty much any server I use frequently; this just restarts whatever service I need to bounce. Syntax is simple.
net stop %1 && net start %1
For example, to restart the DNS server, I would just type at the cmd-line
restart dns

18. Rsh

Rsh is the remote shell, a clear-text cmd line shell that can connect to RSH services on Windows and Linux hosts. Like telnet but faster, and ssh without encryption, or even PsExec, it only comes in handy when connecting to a legacy Remote Shell service, but those pop up often enough to keep this close. Download it from

19. sha1sum

Like its MD5 cousin above, but more useful, since SHA checksums are often used to prove not only integrity of single files, but also entire images. You can grab this at

20. Tcping

While perhaps not as fully featured as PsPing, I still prefer tcping because it has the ability to beep on up or down, which is dead useful when I bounce a server and need to know when I can finally log back into it, but also don’t feel like keeping an eye on it. Not that I would ever do that, say, during production hours! for the down low, erm, download I mean.

21. Tcproute

When routers and firewalls block ICMP, they make me cry. If I need to learn a path but can’t use simple ICMP traceroute, tcproute does the trick. It’s also by Eli Fulkerson and available at

22. Wget

Wget is a great tool for fetching content from websites…like, all the content. It can mirror a complete site, including all graphics, links, etc. and can be dead useful for grabbing a copy for later analysis or before it’s all gone.

23. Whois

Yet another great tool from the Sysinternals guys, whois lets you look up domain names and ip.addrs to get information about the owners. Use the -H switch to leave out a lot of the legal mumbo-jumbo. You can download whois from

Leave A Comment?