2013 in review

The WordPress.com stats helper monkeys prepared a 2013 annual report for this blog.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 18,000 times in 2013. If it were a concert at Sydney Opera House, it would take about 7 sold-out performances for that many people to see it.

Click here to see the complete report.


Managing VMware Workstation VMS Remotely with WSX


Traditionally, if you wanted to access your VMware Workstation virtual machines remotely, you would do it with RDP (for Windows VMs) or VNC (which works for all Workstation VMs). However, neither of those would give you remote power controls for the virtual machines. Thus, if a VM was powered off you couldn’t access it. Additionally, the VMs must be connected to the network to manage them remotely (not on a private network or behind NAT). If you did want power controls for the virtual machines, you could connect to the Workstation host computer using RDP (assuming it’s running Windows) or a tool like LogMeIn.com to gain that access. Still, none of these solutions are ideal and, for that reason, VMware has recently released their new WSX – a HTML5 browser-based GUI for Workstation 9 virtual machines and ESXi hosts.

Introduction to VMware WSX

The new WSX is a free solution but it does require that you are running VMware Workstation, version 9 on your computer. Workstation 9 and WSX are compatible with both Windows and Linux host operating systems. WSX is small and an easy installation that very quickly gives you a great web-based graphical interface for your Workstation VMs – allowing you to control their power (power on / off / resume) and access the virtual machine control of each. Thus, you don’t need RDP, the OS doesn’t have to be installed, and the VM doesn’t need network access. WSX is not a full replacement for the Workstation GUI as WSX only provides the controls mentioned, not the ability to create new VMs or edit the virtual hardware configurations of your VMs, for example.

I was initially surprised when I first tried WSX that with WSX you gain remote power controls and console access to virtual machines that are running on VMware vSphere / ESXi hosts. Those VMs aren’t running on Workstation and they aren’t running on the host operating system that is running WSX. Thus, WSX can give you remote control of your ESXi VMs – at no cost, through a web interface, as long as you are using Workstation.

Downloading WSX

To download VMware WSX, you’ll need a free VMware account as you’ll have to login. If you don’t have one, they are easy (and free) to create. You can download WSX from the same place that you downloaded VMware Workstation so it’s easy to find. While WSX doesn’t have a license, it requires that you are running VMware Workstation (which does have a license). If you don’t already have VMware Workstation 9 running, you can download it and use it at no cost for 30 days at the “Try Workstation” website.

VMware WSX is available in a Windows installer, Linux 32 bit, and Linux 64 bit.

Figure 1:
Downloading VMware WSX

I downloaded the Windows version of WSX (which is both 32 and 64 bit compatible).

Installing WSX

Once I downloaded the ~10MB VMware WSX, I was ready to install.

Figure 2:
VMware WSX Ready for Install

Upon executing WSX, the installer began.

Figure 3:
WSX Installer

From here, I went through the installation process, taking all the defaults. Initally, I accepted the end user license agreement.

Figure 4:
Accepting WSX EULA

Next, I accepted the default for the WSX port number to connect to WSX. That port number is 8888. Thus, to connect to the WSX web interface (based on the default port number), you would connect to http://localhost:8888 but only if you were using your web browser on the local computer (running WSX). If you were across the LAN, you would have to know the IP address or hostname of the computer that is running Workstation and WSX.

Figure 5:
Default WSX Port Number

Next, I clicked Install to begin the WSX installation.

Figure 6:
Beginning WSX Installation

As WSX is such a small installation, it only took a couple of minutes to install.

When the install is completed, you’ll see the message

Figure 7:
WSX Installation is Complete

From here, you’re ready to start administering your Workstation WSX.

Managing VMware vSphere with WSX

When you first point your local web browser to http://localhost:8888, you’ll be prompted for a username and password. That username and password is going to be the username and password that you installed WSX under (or I believe that any administrative user name and password will work).

Figure 8:
Logging into WSX

Once logged into WSX, you’ll see a sort of virtual machine library on the left. However, by default you may not have any VMs.

Figure 9:
Welcome to WSX

You’ll see the Shared VMs option (which would be for local VMs in Workstation). What I very quickly found out is that you can Add Server. What’s that mean? What kind of server? I was wondering the same thing until I clicked on it and found out that WSX can manage VMware vSphere / ESXi host virtual machines – either standalone or as managed by VMware vCenter.

In this case, I’m going to connect to an ESXi host (not vCenter). To connect WSX to an ESXi host, click Add a server and enter the hostname of your ESXi server, as you see in the graphic below.

Figure 10:
Adding a Server to WSX

Next you’ll be prompted to provide credentials to access the ESXi host (likely your root username and password).

Figure 11:
Logging into the ESXi Host

From there, you’ll see the VMs running on the ESXi host.

Figure 12:
VMs Running on ESXi, Seen Through WSX

You can now access the console of each VM and control its power.

Figure 13:
Console Access to VM Running in ESXi

As you can see, I can access the VM’s console, I see its CPU and memory configuration, and I can power it off or suspend it.

Managing VMware Workstation VMs with WSX

To access VMs running in Workstation, just as we did with the ESXi host, you’ll first have to use the Workstation option to Share the VM. This is easy to do. Simply drag and drop the VM to the Shared VMs folder in the Workstation inventory tree. When you do so, this will automatically bring up the Share a Virtual Machine Wizard.

Figure 14:
Sharing a Virtual Machine

From here, you’ll just need to answer a few basic questions.

You’ll have to specify 1) what you want the name of the VM to be once it is shared and 2) if you want the VM to be moved or copied to the share area. You can take the defaults (to move the VM), as I did, without hurting anything.

Figure 15:
Sharing a VM – Transfer Type

When the sharing is completed, you should see the results in Figure 16, where the VM is now in the shared folder.

Figure 16:
Sharing a VM Results

With the VM successfully shared, you should now be able to access it using WSX.

If we go back to the WSX web interface and you click on Shared VMs (localhost), you should now see your shared VMs (I shared a few more VMs than just one for demonstration purposes).

Figure 17:
Workstation Shared VMs Through WSX

If you click on any of the VMs, you should see the same interface we saw when we remotely accessed our ESXi server VMs.

Figure 18:
Accessing a Shared VM Through WSX


Active Directory Powershell – Advanced Filter

Here is the list of supported operators in Active Directory Powershell Advanced Filter:


Logical Operator Description Equivalent LDAP operator/expression
-eq Equal to. This will not support wild card search. =
-ne Not equal to. This will not support wild card search. ! x = y
-like Similar to -eq and supports wildcard comparison. The only wildcard character supported is: * =
-notlike Not like. Supports wild card comparison. ! x = y
-approx Approximately equal to ~=
-le Lexicographically less than or equal to <=
-lt Lexicographically less than ! x >= y
-ge Lexicographically greater than or equal to >=
-gt Lexicographically greater than ! x <= y
-and AND &
-or OR |
-not NOT !
-bor Bitwise OR :1.2.840.113556.1.4.804:=
-band Bitwise AND :1.2.840.113556.1.4.803:=
-recursivematch Uses LDAP_MATCHING_RULE_IN_CHAIN (Win2k3 SP2 and above) :1.2.840.113556.1.4.1941:=


Example 1:  Get all entries         Get-ADObject -Filter { ObjectClass -like "*" }

        LDAP Filter Equivalent: (objectClass=*)

Example 2: Get entries containing “bob” somewhere in the common name         Get-ADObject -Filter { CN -like "*bob*" }

        LDAP Filter Equivalent:  (cn=*bob*)

Example 3: Get entries with a bad password count greater than five         Get-ADUser -Filter { badpwdcount -ge 5 }

        LDAP Filter Equivalent: (badpwdcount>=5)

Example 4: Get all users with an e-mail attribute         Get-ADUser -filter { email -like "*" }         -or-         Get-ADObject -filter { email -like "*" -and ObjectClass -eq "user" }

LDAP Filter Equivalent: (&(objectClass=user)(email=*))

Example 5: Get all user entries with an e-mail attribute and a surname equal to “smith”         Get-ADUser -Filter { Email -like "*" -and Surname -eq "smith" }         -or-         Get-ADUser -Filter { Email -like "*" -and sn -eq "smith" }

        LDAP Filter Equivalent: (&(sn=smith)(objectClass=user)(email=*))

Example 6: Get all user entries with a common name that starts with “andy” and users with a common name of “steve” or “margaret”         Get-ADUser -Filter { CN -like "andy*" -or CN -eq "steve" -or CN -eq "margaret" }         -or-         Get-ADObject -Filter { objectClass -eq "user" -and (CN -like "andy*" -or CN -eq "steve" -or CN -eq "margaret") }

        LDAP Filter Equivalent: (&(objectClass=user) | (cn=andy*)(cn=steve)(cn=margaret))

Example 7: Get all entries without an e-mail attribute         Get-ADUser -Filter { -not Email -like "*" }         -or-         Get-ADUser -Filter { Email -notlike "*" }

        LDAP Filter Equivalent: (!(email=*))

Example 8: Get all users who did not logon since January 1, 2007         $date = new-object System.DateTime -ArgumentList @(2007,1,1,0,0,0)         Get-ADUser -Filter { -not LastLogon -le $date }

        LDAP Filter Equivalent:  (&(lastlogon<=X)(objectClass=user))         ## where X is number of 100-nanosecond slices since Jan 1st 1601

Example 9: Get all users who have logged on in the last 5 days         $date = (get-date) - (new-timespan -days 5)         Get-ADUser -Filter { lastLogon -gt $date }

        LDAP Filter Equivalent:  (&(lastLogon>=128812906535515110) (objectClass=user)(!(objectClass=computer)))

Example 10: Get all security groups The following example query string searches for group objects that have the ADS_GROUP_TYPE_SECURITY_ENABLED flag (0x80000000 = 2147483648) set.         Get-ADGroup -filter { groupType -band 0x80000000 }         -or-         Get-ADGroup -filter { GroupCategory -eq "Security" }

        LDAP Filter Equivalent: (&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))

Example 11: Check if a user is a member of a group (recursively) The following example query string uses the LDAP_MATCHING_RULE_IN_CHAIN, which is a matching rule OID that is designed to provide a method to look up the ancestry of an object.

        Get-ADUser -Filter { memberOf -RecursiveMatch "CN=Administrators,CN=Builtin,DC=Fabrikam,DC=com" } -SearchBase "CN=Administrator,CN=Users,DC=Fabrikam,DC=com"  -SearchScope Base                       ## NOTE: The above command will return the user object (Administrator in this case) if it finds a match recursively in memberOf attribute.         -or-         $userObj = Get-ADUser Administrator         $groupObj = Get-ADUser Administrators         Get-ADUser -Filter { memberOf -RecursiveMatch $userObj.DistinguishedName } -SearchBase $groupObj.DistinguishedName -SearchScope Base

        LDAP Filter Equivalent: (memberof:1.2.840.113556.1.4.1941:=(CN=Administrators,CN=Builtin,DC=Fabrikam,DC=com)))

Logical Disk Free Space Monitor

Throughout my years working with MOM and Operations Manager 2007, periodically I hear complaints about Operations Manager not alerting on low disk space conditions, or that administrators are receiving false alerts.  Just about every time I’ve been called upon for this type of issue, it turned out to be thresholds not being adjusted properly, not that Operations Manager didn’t do it’s job correctly.

Before I get into this deeply, I want to iterate the importance of having a good disk free space monitoring definition in place.  I have seen so many companies struggle with disk free space monitoring, when they really don’t need to.  The problem almost always starts with not having a good discussion around your free space requirements, defining the thresholds for server roles and types, and then executing on the design.

This is a basic requirement for monitoring operational health of every server role in your infrastructure.  Whether we’re talking about file servers, database servers, web servers or application servers, it is a mistake to put this on the back-burner and not define your requirements as soon as possible for each server role.

Two types of monitoring

My standpoint from a disk space monitoring perspective is simple, and it is aligned with the intent and purpose of Operations Manager.  It’s two-fold.

Reactive and Proactive

Although it may seem elementary, let me explain the difference between reactive and proactive monitoring, and how it relates to the Logical Disk Free Space Monitor.

There are two scenarios when it comes to state changes in monitors, and each of these can be paired up with either reactive or proactive type monitoring.

Two-State Monitor = Reactive Only
This monitor has only two states.  Healthy is required for one of the states.  The other state can be warning or critical.  In my opinion, a two-state monitor almost always defines some type of reactive monitoring scenario.  In other words, a component being monitored by a two-state monitor is either healthy, or an administrator needs to take immediate action in order to correct the problem.  This is synonymous to ON and OFF.  There is no period of time where this component is in a degraded state, but still functioning, that allows an administrator to take remediation actions to correct the issue before it worsens.

Three-State Monitor = Reactive and Proactive
This monitor has three states.  Healthy, Warning and Critical.  The rules are similar to the Two-State monitor, as far as Healthy and Critical states are concerned.  However, there is an additional state that connotes a degraded condition.  In a degraded condition, the service or component is still functioning, but there are problems on the horizon if the administrator doesn’t plan to take remediation actions at the earliest convenience.

With this additional Warning (or degraded) state, we lend another type of monitoring to our operational monitoring; Proactive.  Although this borders on both Reactive and Proactive, this is still very much proactive, in my opinion, because the administrator is informed of a degraded condition before is turns critical.

How does this relate the Logical Disk Free Space monitor?  Well, this is a Three-State monitor.  Hence, we are provided with the best of both worlds from an operational standpoint.  Both Proactive and Reactive.

Another part of Proactive monitoring is provided by the reporting feature in Operations Manager.  This goes above and beyond the capabilities of having a monitor warn your staff of a degraded state.  This arms you with the capability to perform trend analysis of your applications and hardware, allowing your company to use this information for planning and provisioning resources in your infrastructure.

My argument

I have been in my share of arguments around monitoring disk space, usually relating to general recommendations for the threshold types used in this monitor.  One of the most heated arguments I’ve heard around these thresholds, is to only use one type of threshold; either the MB threshold or the Percentage threshold.  My argument has always been to use both these threshold types, and not to generalize an entire IT infrastructure based on a single threshold type.

By using only one threshold type, I don’t see how anyone could encompass the array of disk sizes and different types of server roles in the environment, and define a disk free space monitoring solution using only one threshold type.  In my opinion, using only one threshold type generalizes all the unique attributes that make up the infrastructure as a whole.  All I ask is that you read this article before making a decision as to how you’re going to use this monitor.

The problem

I’ve done my time going through the ranks of systems administration.  And this includes carrying a pager, and reacting to alerts from that pager, 24/7.  This being the case, I know one thing for sure.  And that is…

I do not want to be stirred out of a deep sleep, pulled away from my family or have my golf game interrupted, in order to check on an alert that was triggered, only to find there was plenty of free space on the server I was alert on.

Sound familiar?  I bet it does.

If you answer yes to any of the below questions, your reactive thresholds are not adjusted correctly.

1.  At the earliest convenience, do you adjust the threshold for that instance?  Or, just  disable monitoring for that drive and be done with it (I have seen this done).

2.  Do you have a routine down, and you know exactly when that alert will trigger, so you auto-respond to that alert without actually checking it?  Or have you started ignoring alerts altogether?

5.  Do you end up just checking on that server every day when you come in and when you leave, and see that it’s grown by 100MB each day, just waiting to bring it up in a meeting to allocate more drive space?

Whatever the case may be, you know that this drive is not in a critical state and there is no need to be alarmed yet.  Growth of that particular disk has always averaged around 100MB a day, and you know the SAN group will not allocate more space until it’s down to 10GB free.

Make your case

To the on-call admin wearing the pager, listen up.  I’m offering this argument to you, so you can then present your ideas to the operations monitoring group.

First thing you’ll want to do is download the Logical Disk Free Space Monitor Calculator (attached to bottom of article).  Also grab this query, to help map out what your current disk sizes look like.  A method I often use is, plug in the largest disk size, the smallest disk size, and the average disk size in the the calculator.  Then start playing with the thresholds in the calculator to determine your unique threshold requirements for both System and Non-System drives.

First things first.  How does the Logical Disk Free Space monitor work, when using both the MB and % threshold types?  Here’s how.

The moment BOTH thresholds are exceeded, the state of that monitor will change.

Some basics of the monitor.  This monitor is targeted to each type of Windows Server (2000, 2003 and 2008).  Just keep that in mind when adjusting thresholds.

This is a double-threshold, three-state monitor.  However, being that there two types of thresholds (MB and %), there is actually four thresholds that need to be set for this monitor.

Go ahead and open up the monitor properties and take a peak at the thresholds.  To do this, go to the Authoring space.


Click on Monitors, then click Scope.


Type Logical Disk in the Look for input box, and check all three targets (for each type).  Then click okay.


If you expand each of the types, as shown in the image below for 2003 type, you’ll find the monitor.  Do not confuse the Free Space monitor with the Availability monitor.

Open the properties of the monitor.


As you’ll see, these thresholds are also split into to types of drives; System and non-System.  This may sound confusing, but it’s really quite simple and there is good reason for it.  As you might expect, System type drives host the operating system.  Non-System type drives are all other drives.

And here are the tabs showing the properties of the monitor.


The reason for the two types of drives is because, drives that host the operating system are usually well-defined with specific volume sizes.  These drives usually do not fluctuate in free space.  And if they do, we monitor that.  But, the monitoring is generally much more strict and will match as closely as possible to a true warning or critical state for the operating system to function properly.

In other words, a System type drive with 500MB of free space is okay.  This drive doesn’t need to generate an alert unless it drops below, for example, 200MB.  That’s when we would actually do something to free up some space.  That’s when we need to be paged.  That truly warrants an alarm.

Out of the box, the System type drive thresholds are as follows.


Also by default, this monitor generates an alert when it changes to critical.  What this means to you, is you’ll see a state change in the Operations Console when the drive hosting the operating system drops below 200MB.  This state will persist, allowing you to catch this warning state in the console before it reaches critical state, or until someone moves some files off and creates more free space.

There is a state view specifically for monitoring Logical Disk free space in the Microsoft Windows Server node of the monitoring pane in the Operations Console.  You can also create a view in My Workspace to spot check a specific set of servers for drives in a Warning state once each day.  This is part of the proactive monitoring I mentioned.

So, when the drive hosting the operating system drops below 100MB, you’ll get a page and an alert in the Operations Console.  Again, this is when action must be taken with urgency.  Hence, critical or reactive.

Out of the box, the non-System type drive thresholds are as follows.


As far as non-System type drives, this is usually the tricky threshold that needs to be discussed with your operations team.  This is when you can put my disk space calculator to use.

I’m not going to get into semantics about all the different server roles and make recommendations for types of server roles.  I’ll just note that the type of server is an important factor in determining disk space monitoring requirements.  For instance, database servers will usually have different disk space monitoring thresholds than file servers.

I will, however, be using a file share server role in an example.  This is only to get you thinking in the right direction, and is not intended to be a recommendation.


The company has 40 Windows Server 2003 File Share Servers.  The majority of these servers have a 40GB system drive, hosting the operating system, with the exception of a handful of servers that were installed in 2003.  At the time, the standard build was a 20GB system drive.

For the file shares, most later model servers have one 800GB volume.  There are quite a few servers with two 300GB volumes.  Then there are a few older model servers, which have two or four 80GB volumes.

The questions that need to be answered are:

What is a warning state?
This is the state in which your administrators need to be informed of a degraded situation.  At this state of the monitor, there is time to take action to resolve the issue before it turns into a critical state.  In other words, this the proactive threshold.

What is a critical state?
This is the state in which your administrators need to be alerted of a critical situation.  In this state, an alert will be raised in the Operations Console and a page will be sent to your on-call administrator.  This state connotes an urgent issue, and action must be taken at once.  In other words, this is the reactive threshold.

These questions need to be answered for both types of drives.

System Drives

In your meeting with the operations monitoring team, these thresholds and state were discussed, and everyone agreed upon the following.  Regardless of the size of the system drive, 20GB or 40GB, and considering the operating system drive usually doesn’t fluctuate, and the fact that nobody should be storing data on those drives anyway, a warning should be raised when free space drops to 500MB.

This should give administrators adequate elbow room to proactively monitor for warning conditions and take remediation actions at the soonest opportunity.

Everyone also agreed that we only need an on-call admin to be paged if a drive hosting the operating system drops below 100MB.  This is considered critical, as this will affect operating system performance and render it unresponsive soon, and we want someone paged to move files off that drive immediately.

Using the calculator, you determine that the thresholds for the system drive should be adjusted as follows.


Note that only a single threshold needed to be adjusted.  The critical MB threshold, by default, meets our requirements.  And both the warning and critical % thresholds, by default, meet our requirements.  We need to create an override, for the file share servers, only for the warning MB threshold.

Here’s what it looks like in the calculator.


Remember, our decision was based on MB thresholds only.  We did not even care about % free space.

Given that 10% and 5%, for warning and critical, are well over our defined 500MB and 100MB, respectively, given our drive sizes, we don’t need to play with the % thresholds.  Technically, these % thresholds will be exceeded on our 40GB drives at 4GB and 2GB, for warning and critical.

Remember that both MB and % need to be exceeded, in order for a state change to occur.  So, again, we only need to create an override for the warning MB threshold.  And that override setting is 500MB.

Non-System Drives

Remember, most later model servers have one 800GB volume.  There are a few with two 300GB volumes.  Then there are a few older model servers, which have two or four 80GB volumes.

As I mentioned earlier, these non-system drives are usually a bit trickier to find a good balance.  This is because there is a vast difference in volume sizes, and we’re trying to wrap our heads around a happy medium.

In the meeting with the operations monitoring team, we discussed only using the % threshold, and setting it at 10% and 5% for warning and critical, respectively.  This didn’t go over very well.  Because, again, we don’t want to wake our on-call admin up in the middle of the night because there was only 40GB left on a file share.  That’s not exactly an urgent issue.  Plus, we already know about that server and we’re expecting addition drive space to be allocated on Wednesday.  We knew this because we saw the state change in the Operations Console when that volume dropped to 80GB two weeks ago.

We discussed only using the MB thresholds, adjusting them to 20GB and 4GB, for warning and critical, respectively.  This didn’t go over well, because we really don’t want to wake the on-call admin again when one of the smaller 80GB drives drops to 4GB free space.  These are not high volume drives, and when they are out of space we plan to move that data off to a larger volume anyway.

Rather than jumbling with these numbers, you break out the calculator, plug in the volume sizes (800, 300 and 80GB), and start plugging in some threshold values.  After a few iterations, everyone liked the following thresholds.


Notice in the middle columns in the calculator, that the 800GB drive changes state for both warning and critical on only the MB threshold value.  The 80GB drive changes state for both warning and critical on only the % threshold.  The 300GB actually will use the % threshold value for the warning state change, and the MB threshold value for the critical state change.

This is a great balance for these file share servers.  Each size volume has an adequate warning threshold, to allow plenty of time to proactively monitor these warning states and take action at the earliest convenience.

This also generates a critical state, subsequently generating an alert in the Operations Console and paging the on-call admin.  These are all truly critical states, that require immediate action.

This meets all our requirements to expedite warning and critical states appropriately.  And, most importantly, you’re on-call admin will appreciate that we have a good definition around monitoring disk space.  Now he’s taking these pages seriously, and isn’t bothered for non-critical conditions.

Using Views for Proactive Monitoring

With well defined thresholds around disk free space monitoring, allowing for ample time to take action without urgency, we can use the Logical Disk state view in the Operations Console to proactively monitor free disk space.  Checking this state view once per day will be a part of the daily routine.

You can find this state view here.


What we’re looking for here are servers in a warning state.  If you have hundred, or thousands of servers, you can make this easier to look at by sort by the State column header.

If you want a more targeted view, containing only file share servers in a warning state, you can create a new state view in My Workspace.  Here’s an example of such view.


So, not only are we monitoring for reactive conditions, we are also proactively monitoring disk space by means of establishing well defined thresholds for the Logical Disk Free Space monitor.

Again, as I mentioned earlier, another important piece of proactive monitoring is the report feature in Operations Manager.  We can take proactive measures much further by using the reporting component.  This will give us even richer information, like trend analysis for future planning and provisioning of resources.

I hope now you have a good understanding of how this monitor works.  Along with the given example, and the free space calculator, you should now be armed and ready to tackle these disk free space alerts that have been so troubling for so many…especially for those on-call administrators.

101 Free Admin Tools

Admin Tools

We know administrators love tools that make life easier – especially when they’re free! So here are 101 of them!

System and network analysis

1. NTFS Permissions Explorer

Using this MMC snap-in you can quickly visualize the user and group permissions of a local or remote folder or drive in a hierarchical format to help identify problems.


2. Xirrus Wi-Fi Inspector

Wi-Fi Inspector is a powerful Wi-Fi management and troubleshooting tool that allows you to locate and verify Wi-Fi devices, detect rogue Access Points, troubleshoot connections, and search for Wi-Fi networks.


3. Whois

Whois performs a lookup of the registration information of a given IP address or domain name.


4. ShareEnum

ShareEnum allows you to scan and view the security settings of file shares on your network.


5. PipeList

PipeList displays a list of named pipes on your system, including the number of active instances and the instance threshold.


6. TcpView

TCPView allows you to view detailed TCP and UDP connection information in a user friendly format.


7. The Dude

The Dude from MicroTik can automatically scan all devices within a given subnet and then draw and layout a map of your network.


8. Microsoft Baseline Security Analyzer

The MBSA is a tool that can be used to detect missing security updates and typical security misconfigurations.


9. WireShark

WireShark is an interactive network protocol analyser and capture utility. It provides for in-depth inspection of hundreds of protocols and runs on multiple platforms.


10. Look@LAN

Look@LAN allows you to quickly scan your network looking for active nodes. It provides monitoring, reporting, logging and OS detection features.


11. RogueScanner

RogueScanner will scan your network looking for rogue devices and access points, classifying them in a way that allows you to quickly see what’s on your network.


12. Capsa Free Network Analyzer

Using this tool you can monitor, troubleshoot and diagnose issues on your network. It has a Microsoft Office-like user interface.


13. SuperScan

SuperScan is a fast connection-based TCP port scanner, pinger and hostname resolution tool.


14. Blast

Blast is a lightweight TCP service stress test tool that can help pinpoint weaknesses in your network.


15. UDPFlood

UDPFlood is a lightweight UDP service stress test tool that sends out packets to a specified IP or port.


16. IPplan

This tool allows you to quickly and easily track and manage your network IP addresses.


17. NetStumbler

NetStumbler is an application that allows you to detect the presence of a wireless network using 802.11a/b/g. It is useful for detecting rogue access points, finding locations with poor signal, verifying network configurations and determining the cause of wireless interference.


18. PingPlotter

PingPlotter is a lightweight tracert application that generates graphs to help you visualize the route of the packets from source to destination.


19. SolarWinds Free Permissions Analyzer for AD

Using this tool you can quickly visualize the user and group permissions of a folder or shared drive in a hierarchical format. It can track share level permissions, provide a breakdown of share level and file level permissions and help identify why certain users have the permissions they do.


20. Angry IP Scanner

Angry IP Scanner is a fast standalone IP address and port scanner.


21. FreePortMonitor

FreePortMonitor is a tool for monitoring servers and applications on your network.


22. WirelessNetView

WirelessNetView monitors the activity of wireless networks in the area and displays information related to them, such as SSID, Signal Quality, MAC Address, Channel Frequency, etc.


23. BluetoothView

BluetoothView monitors the activity of Bluetooth devices in the area and displays information related to them, such as Device Name, Bluetooth Address, Device Type, etc.


24. Vision

Vision allows you to view all open TCP and UDP ports and then maps them back to the owning process or application.


25. Attacker

Attacker is a TCP/UDP port listener that allows you to define a list of ports that you want it to listen on and it will notify you when a connection is established on that port.


26. Total Network Monitor

Total Network Monitor is a comprehensive network monitoring application that allows you to view the state of your network. It is customizable and has advanced alerting features, letting you know when something is wrong.


27. IIS Logfile Analyser

This tool allows you to analyse your IIS logfiles to determine website statistics such as number of visitors, number of downloads, etc.


28. ntop

ntop uses a web-based interface that allows you to monitor network traffic and statistics.


System testing and troubleshooting

29. Pinkie

Pinkie is a collection of network troubleshooting utilities that allows pinging multiple hosts, forward and reverse DNS lookup, a ping sweeper, and a subnet calculator.


30. VMWare Player

VMWare Player is a multi-platform virtualization solution that can be used to create and run multiple 32-bit or 64-bit virtual machines. Ideal for testing or development environments.


31. Oracle VirtualBox

VirtualBox is a free, multi-platform general-purpose virtualization solution that can be used to create and run multiple virtual machines. Ideal for testing or development environments.


32. ADInsight

ADInsight is a real-time monitoring tool used for troubleshooting LDAP (Lightweight Directory Access Protocol) clients.


33. Process Monitor

Process Monitor allows you to monitor activity related to processes, threads, DLLs, the registry and file system in real-time. Useful for troubleshooting application and system related issues.


34. SpiceWorks Network Troubleshooting

SpiceWorks Network Troubleshooting is an all-in-one tool that allows you to perform routine troubleshooting tasks such as killing processes remotely, access devices remotely, ping, tracert and nslookup, and even compare the status of two devices.


35. RAMMap

RAMMap allows you to analyse physical memory allocation in your system. You are able to determine how much file data is cached in RAM, how much RAM is used by the kernel and device drivers, etc.


36. Autoruns

Autoruns allows you to view which programs are configured to run at system boot up or login.


37. LogFusion

Using LogFusion you can view and monitor log files in real-time.


38. Microsoft Log Parser

Using Microsoft Log Parser you can generate a custom-formatted output file containing the results of multiple log file sources such as XML, CSV, Event Logs, or the Registry.


39. AppCrashView

AppCrashView allows you to view Windows Error Reporting (*.WER) files in a simple user interface and then save the results into TXT/CSV/HTML/XML file format.


40. RootKitRevealer

RootKitRevealer allows you to detect the presence of rootkits that operate by attempting to hide their files or registry entries.


System and network management

41. Bitcricket IP Subnet Calculator

This tool allows you to calculate subnets and CIDR routes automatically using its intuitive interface and auto-discovery feature.


42. EMCO Remote Installer Starter

The free version of EMCO Remote Installer (Starter edition) allows you to perform a software inventory of applications installed on your network. You can retrieve and track changes as well as save reports.


43. ManagePC

ManagePC allows you to create an inventory of all your machines in the domain, including hardware, software, devices, patches, group policies, etc.


44. Pandora FMS

Pandora FMS is a network monitoring solution that allows you to monitor multiple platforms, from Linux machines, to Solaris machine, to Windows machines. It provides alerts and reporting for CPU, disk and memory usage, temperature, or even application values.


45. SNARE Audit and EventLog Management

SNARE (System iNtrusion Analysis and Reporting Environment) allows you to install agents onto your server machines to facilitate the centralized collection of logs, including Windows, Solaris, AIX, ISA Server, IIS Server, SMTP, Exchange, Apache, etc.


46. OCS Inventory

OCS Inventory is an automated inventory and deployment application. It allows you to determine what devices or software are installed on your network and deploy software or configuration scripts using a simple web-based interface.


47. Zenoss Core – Enterprise IT Monitoring

Using the Zenoss Core application, you can monitor systems availability, performance, events and configuration across the network.


48. Unipress Free Help Desk

Unipress Free Help Desk is a simple yet powerful Help Desk solution that allows you to create, assign and receive issue tickets. It contains a web portal and knowledgebase for self-help.


49. SysAidIT Free Help Desk

Using this tool, you can easily manage and service requests and create an inventory of installed software and network devices on your network.


50. Cyberx Password Generator Pro

Cyberx Password Generator Pro allows you to create random highly secure passwords.


51. KeePass Password Safe

KeePass is a lightweight, user-friendly password manager. It allows you to store all your passwords in a central location that is encrypted using military grade encryption.


52. TweakUAC

Using TweakUAC you can quickly enable, disable UAC or set it to quiet mode.


53. Microsoft Application Compatibility Toolkit

The Microsoft Application Compatibility Toolkit allows you to evaluate and mitigate application compatibility issues during the pre-deployment phase of a Windows 7, Windows Vista, or new Internet Explorer version installation.


54. ExtraSpy Employee Monitor

ExtraSpy Employee Monitor allows you to monitor employee activities across your network to help detect misuse of company property or unproductive individuals.


55. NetWrix USB Blocker Freeware

Using this tool you can centrally manage access control of removable media on your network.


56. FileZilla

FileZilla is a cross-platform FTP, FTPS and SFTP client.


57. Wake On Lan 2 .NET

The Wake On Lan 2 .NET tool allows you to manually or automatically power on, restart or shutdown machines or devices over your local network.


58. Speccy

Speccy is a system information tool that allows you to quickly see comprehensive details related to your machine.


59. Active Directory Explorer (ADExplorer)

ADExplorer is an advanced Active Directory viewer and editor tool. It allows you to navigate through an Active Directory database and view and edit object properties and attributes.


60. ADRestore

ADRestore allows you to restore deleted Windows Server 2003 Active Directory server objects.


File and disk management

61. Disk2vhd

Disk2vhd allows you to create a Virtual Hard Disk (VHD) of a live machine, which can then be loaded using Microsoft Virtual PC or Microsoft Hyper-V.


62. Defraggler

Using Defragler you can defrag individual files on an NTFS or FAT32 file system.


63. PageDefrag

PageDefrag allows you to view the defragmentation status of the system Page File and Registry Hives and defragments them. It also allows you to defragment events logs and Windows 2000/XP hibernation files.


64. PsPad

PsPad is a powerful text editor that can be used as a substitute for Notepad and is useful for creating scripts, programming, file comparison, etc.


65. MD5Summer

Using MD5Summer, you can quickly generate MD5 hashes for files within a folder, allowing you to ensure or verify file integrity.


66. Universal Viewer

Universal Viewer is a multi-format file viewer that allows you to view different file types from a single interface. Supported file formats include Text, Image, MS Office, Audio, Video, amongst others.


67. FreeCommander

FreeCommander is a comprehensive file manager that aims to be an alternative to Windows Explorer.


68. Recuva

Using Recuva you can recover files you accidentally deleted from your machine.


69. Steganos LockNote

Steganos LockNote allows you to securely store confidential notes such as license keys, passwords, phone numbers, etc. It uses AES-256 encryption to store your text in a self-executable container that requires a password to open it.


70. Microsoft SyncToy

SyncToy is an application that can be used as a backup utility to synchronized files and folders between two locations.


71. 7-Zip

7-Zip is a powerful file archiving utility with a high compression ratio that supports a multitude of compression formats, including 7z, GZIP, TAR, ZIP, CAB, MSI, etc.


72. PeaZip

PeaZip is a cross-platform file and archive manager that supports volume spanning, high levels of compression and encryption and support for a wide range of archiving formats.


73. Bacula

Bacula is a suite of applications that allow for the backup, recovery and verification of data across a network.


74. Areca Backup

Areca Backup is a file-based backup application that supports incremental, image and delta backups to a local drive or an FTP server.


75. DirSync Pro

Directory Synchronize Pro is a powerful synchronization utility used to synchronize the contents of a directory to a given location. It provides scheduling, filtering, and logging functionality.


76. Amanda Network Backup

Amanda is a powerful multi-platform backup and archiving application that supports tape, disk, and optical media. Using a single master backup server, you can set Amanda to backup multiple clients across your network.


77. WebSynchronizer

WebSyncrhonizer allows you to manually or automatically backup, replicate and synchronize files to an FTP server or across your network.


78. KGB Archiver

KGB Archiver is a file archiving tool with a high level of compression that uses AES-256 for its encryption feature.


79. Iometer

Iometer is a disk I/O performance analysis tool that allows you to perform stress tests and displays the read and write speed of a specified drive.


80. Notepad++

Notepad++ is a powerful text editor that can be used as a substitute for Notepad and is useful for creating scripts, programming, file comparison, etc.


Performance and availability monitoring

81. ManageEngine Free HyperV Performance Monitor

HyperV Performance Monitor allows you to monitor CPU, Memory, Disk and Network utilization of your Microsoft Hyper-V virtual servers. It displays the results in a dashboard.


82. Nagios

Nagios is a powerful network monitoring tool that allows you to ensure that your critical systems, applications and services are always up and running. It provides features such as alerting, event handling, and reporting.


83. ManageEngine Free Exchange Health Monitor

Exchange Health Monitor allows you to monitor CPU and memory resource utilization, mail queue status, POP/IMAP performance counters, mailbox users, etc of your Microsoft Exchange 2003/2007/2010 servers. It displays the results in a dashboard.


84. Kratos Exchange Monitor

Kratos Exchange Monitor will continuously monitor your Microsoft Exchange Servers and provide a real-time view of its health, including mail queues, CPU and memory utilization, hard drive space, etc.


85. ManageEngine Free Windows Health Monitor

Windows Health Monitor allows you to monitor CPU and memory resource utilization, disk usage and I/O, running applications, etc of your Windows Client and Server machines. It displays the results in a dashboard.


86. ManageEngine Free Ping Tool

Free Ping Tool monitors the availability of servers, routers, switches, mail servers and web servers using the power of ICMP ping. It displays the results in a dashboard.


87. ManageEngine Free SQL Health Monitor Tool

The SQL Health Monitor Tool will monitor the performance and availability of your Microsoft SQL Server 2005 and 2008 servers. It can monitor CPU, memory and disk usage, as well as SQL specific parameters such as page reads/writes and buffer cache. It displays the results in a dashboard.


88. ManageEngine Free VM Configuration Tool

Using the VM Configuration Tool you can configure VMWare ESX virtual servers options like increasing or decreasing RAM and allocating more CPUs. It also monitors the performance of the virtual machines, reporting on CPU, memory, disk and network utilization.


89. Kratos Network Device Monitor

This tool allows you to monitor any SNMP devices on your network, ensuring their availability and performance.


90. IxChariot QCheck

QCheck is a small yet powerful network performance management tool that allows you to quickly check network response times, TCP/UDP throughput, streaming traffic, and troubleshoot wireless network performance problems.


91. EasyNetMonitor

A small, lightweight tool for monitoring local and remote hosts to determine if they are alive or not.


Remote management

92. Remote Desktop Manager

Remote Desktop Manager is a tool that allows you to centrally manage your remote connections. It support RDP, VNC, TeamViewer, FTP, SSH, Telnet, etc.


93. TightVNC

TightVNC is a cross-platform lightweight application used for remotely administering clients and server machines.


94. Microsoft RDCMan

RDCMan allows you to manage multiple remote desktop sessions from a single interface.


95. Terminals

Terminals is a secure multi-tab remote connection management client. It supports both terminal services and remote desktop client and allows you to better manage multiple connections from a single interface.


96. PsFile

PsFile displays a list of files on a system that are opened remotely and allows you to close them.


All-in-one toolkits

97. Net Tools 5.0

Net Tools is a comprehensive set of monitoring, network scanning, security and administration tools packed into an intuitive and user friendly UI. It includes 175 utilities including an Advanced Port Scanner, TCP Packet Sniffer, Bandwidth Monitor, Hash MD5 Checker, Fast FTP Client, and Standard Encrypter.


98. ManageEngine Free Windows Tools 2

The ‘Free Windows Tools 2’ kit contains a set of free Windows tools for Network Administrators, including the Remote Task Manager Tool, Wake on LAN, Software Inventory Tool, Remote Command Prompt Tool, GPO Update, Shutdown/Restart Tool, Join/Unjoin Computer Tool, Currently Logged On User, Hard Disk Space Detector Tool, Local Users/Groups List Tool, Network Share Browser Tool, and Laptop Battery Power Monitor Tool.


99. Axence NetTools Pro

NetTools Pro is a set of tools that network administrators can use for monitoring, network scanning, security and administration.


100. Free IP Tools

Free IP Tools is a collection of common tools used to troubleshoot network applications and services in a single interface. It includes tools such as PortScan, TraceRoute, Shares, SNMPAudit, etc.


101. PsTools

PsTools is a suite of tools that help you to administer your systems. The tools including in the package allow you to display, execute and kill processes remotely, retrieve system and logon information, and control account passwords and services.


– See more at: http://www.gfi.com/blog/101-free-admin-tools/#sthash.dWvtG734.dpuf

Difference between vSphere, ESXi and vCenter

VMware Inc. is a software company that develops many suite of software products specially for providing various virtualization solutions. There are many cloud products, datacenter products,  desktop products and so on.

vSphere is a software suite that comes under datacenter product. vSphere is like Microsoft Office suite which has many softwares like MS Office, MS Excel, MS Access and so on. Like Microsoft Office vsphere is also a software suite that has many softwares like vCenter, ESXi, vSphere client and so on. So the combination of all these softwares is vSphere. vSphere is not a particular software that you can install and use, “it is just a package name which contains sub components”.

ESXi and vCenter are components of vSphere. ESXi server is the most important part of vSphere. ESXi is the virtualization server. It is type 1 hypervisor. All the virtual machines or Guest OS are installed in ESXi server. To install, manage and access those virtual servers which are above of ESXi server, you will need other component of vsphere called vSphere client or vCenter. Now, vSphere client is another component of vSphere which allows administrators to connect to ESXi servers and access or manage virtual machines. vSphere client is installed on the client machine. The vSphere client is used from client machine to connect to ESXi server and perform management tasks. So now what is vCenter?

vCenter is a centralized management application that lets you manage virtual machines and ESXi hosts. It can be installed on Windows Server or Linux Server. vSphere client is used to access vCenter Server and manage the datacenter. vCenter is must for enterprises to have enterprise features like vMotion, VMware High Availability, VMware Update Manager and VMware Distributed Resource Scheduler (DRS). So vCenter is another important part of vSphere package. You have to purchase vCenter license separately.

Difference between vSphere, ESXi and vCenter

The picture above shows in a more descriptive way. vSphere is a suite, ESXi is a hypervisor that is installed on a physical machine. vCenter is installed as virtual machine on top of ESXi server. vSphere Client is installed on laptop or desktop PC and is used to access ESXi Server and vCenter server for management purpose.

You can install vSphere in your PC to get more knowledge of this amazing technology. For more informaiton about VMware you can visit VMware’s Official website.

NESSUS Set up scans

{ Set up scans and read results }

Background Information
  1. What is NESSUS?
    • Tenable Network Security provides enterprise-class solutions for continuous monitoring and visibility of vulnerabilities, configurations, user activity and system events that impact security and compliance.
    • Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture.
  2. Reference Link: 
  3. Lab Notes
    • In this lab we will do the following:
      1. Create a Nessus Internal Scan
      2. Scan Damn Vulnerable WXP-SP2
      3. Analyze Results
      4. Export Results
  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with “no warranties, either express or implied.” The information contained is provided “as-is”, with “no guarantee of merchantability.”
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your “own” test environment is considered malicious and is against the law.
    • © 2012 No content replication of any kind is allowed without express written permission.
Section 1: Login to PENTEST-WXP (Attacking Machine)
  1. Start Up VMWare Player
    • Instructions:
      1. Click the Start Button
      2. Type Vmplayer in the search box
      3. Click on Vmplayer


  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on PENTEST-WXP
      2. Edit Virtual Machine Settings
    • Note:
      • This VM is running Windows XP.


  3. Set Network Adapter
    • Instructions:
      1. Click on Network Adapter
      2. Click on the radio button “Bridged: Connected directly to the physical network”.


  4. Start Up PENTEST-WXP
    • Instructions:
      1. Click Play virtual machine
  5. Send Ctrl+Alt+Del
    • Instructions:
      1. Click Player
      2. Click Send Ctrl+Alt+Del


  6. Logging into PENTEST-WXP
    • Instructions:
      1. Username: administrator
      2. Password: Supply your password


  7. Open a Command Prompt
    • Instructions:
      1. Start –> All Programs –> Accessories –> Command Prompt


  8. Determine IP Address
    • Instructions:
      1. ipconfig
    • Note(FYI):
      • My IP Address is 
      • Your IP Address will probably be different.


Section 2: Login to Damn Vulnerable WXP-SP2 (Victim Machine)
  1. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Edit Virtual Machine Settings
    • Note:
      • This VM is running Windows XP.
      • This is the Victim Machine that we will be scanning with PENTEST-WXP.


  2. Set Network Adapter
    • Instructions:
      1. Click on Network Adapter
      2. Click on the radio button “Bridged: Connected directly to the physical network”.


  3. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Start Up your VMware Player
      2. Play virtual machine


  4. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Username: administrator
      2. Password: Use the Class Password or whatever you set it.


  5. Open a Command Prompt
    • Instructions:
      1. Start –> All Programs –> Accessories –> Command Prompt


  6. Obtain the IP Address
    • Instructions:
      1. In the Command Prompt type “ipconfig”
    • Note(FYI):
      • In my case, Damn Vulnerable WXP-SP2’s IP Address
      • This is the IP Address of the Victim Machine.
      • Record your IP Address.


Section 3: Login to Nessus
  1. Start the Nessus Web Client
    • Instructions:
      1. Make sure you are on PENTEST-WXP
      2. Click on the Nessus Web Client located on the desktop
  2. Login To Nessus
    • Instructions:
      1. Username: admin
      2. Password: Supply your password
      3. Click the Sign In To Continue Button


Section 4:  Creating a Scan
  1. Click on Scan
    • Instructions:
      1. Click on the Scan Tab
      2. Click on New Scan
  • Create New Scan
    • Instructions:
      1. Scan Title: Damn Vulnerable WXP-SP2
      2. Scan Type: Run Now
      3. Scan Policy: Internal Network Scan
      4. Scan Target: Input Damn Vulnerable WXP-SP2’s IP Address.
        • In my case, the IP Address is
      5. Click the Create Scan Button


  • Monitor the Scan
    • Instructions:
      1. Click on the Running Status


  • Host Result Summary
    • Instructions:
      1. Wait 5 to 10 minutes until scan is 100% complete.
      2. Click on the purple section to see the most critical vulnerabilities.


  • View Critical Alert(s)
    • Instructions:
      1. Click on MS08-067


  • Analyzing MS08-067 Results
    • Instructions:
      1. Read the Synopsis
      2. Read the Description
      3. Read the Vulnerability Information
        • This will show you which tools can be used to exploit this vulnerability.
    • Note(FYI):
      • Basically the attacker can use a tool like Metasploit to mangle the kernel by overflowing the stack and then execute code after overrunning the kernel.


  • View Critical Alert
    • Instructions:
      1. Export Format: CSV
      2. Click the Export Button


  1. Download Report
    • Instructions:
      1. Click the radio button “Save File”
      2. Click the OK button.


Section 5:  Proof of Lab
  1. Open a Command Prompt
    • Instructions:
      1. Start –> All Programs –> Accessories –> Command Prompt


  2. Proof of Lab Instructions
    • Instructions:
      1. cd “My Documents\Downloads”
      2. type *.csv | findstr MS08-067
      3. date /t
      4. echo “Your Name”
        • Replace the string “Your Name” with your actual name.
        • e.g., echo “John Gray”
      5. Do a PrtScn
      6. Paste into a word document
      7. Upload to Moodle
%d bloggers like this: