CorvettePower.COM
26Mar/04

Cool XP Security Command Line Tools

Found this on http://www.informit.com/weblog/index.asp?g=windowsserver

The following are a series of tools for scripting and automating processes on a Windows XP. These command line tools are available to run in batch files or to gather information automatically to be processed by scripts. Microsoft evolves the tools with each operating system, so here is a list of some useful built-in tools to use with XP.


SystemInfo.exe – This utility allows you to determine the computers key configuration settings, such as OS version, registered owner, up time, hotfixes, logon server and more. It uses WMI and dumps the information to screen, so you can capture it if needed. It also allows remote computers to be checked and the output can be formatted in CSV for easy import into a database or Excel sheet. Use “systeminfo /?” for the syntax.


TaskList.exe – This utility will show you all the tasks running on the computer, very similar to Task Manager. The advantage of tasklist is that it dumps the output to screen, so you can capture it. You can format the output for input into your favorite database or spreadsheet. You can also do quite a bit of filtering to find what you need from the command line as well using the /FI switch, such as a particular PID or if the process is running or not. Use the “tasklist /?” for the syntax.


OpenFiles.exe – This utility allows you to list what files are open. You have to turn file monitoring on in the kernel, similar to disk monitoring with the “diskperf -y” command. The command to turn on file monitoring is “openfiles /local on” and requires a reboot. The utility shows you what process has what files open, which can be pretty surprising sometimes.


QWinSta.exe – This utility will show you logged on users and their status, and can be used remotely as well. The information is similar to what you see when you look at terminal services management.


QProcess.exe – This is similar to task list, but shows you the processes for a specific user. It uses the current user by default.


EventTriggers.exe – This command allows you to create a poor mans event log alerting. It will run a command in response to an event, similar to full scale products such as MOM. For example, the command ‘eventtriggers /create /l security /eid 529 /tr “Execute On Failed Login” /tk c:scripthack.cmd /ru:administrator’ will run the command “hack.cmd” whenever a user fails to login. You can look at the existing triggers by running eventtriggers with no parameters, as well as delete or view them with the appropriate switch. See “eventtriggers /?” for help.


Logoff.exe – This tool will allow you to logoff a user remotely, including a console user. Being able to logoff the console user is new to the XP tool.


IP Security Monitor Snap-In – Sometimes, what is missing is more significant that what is there. A command that was in W2K but is not in XP is the IPSecMon command, which allowed you to monitor IPSec security agreements, stats, etc. In XP (and in .Net by the way), it has been replaced with an MMC snap-in called “IP Security Monitor”. Just load MMC and add the snap-in to monitor IPSec.


Thanks go out to Jeff Guillet from Convergent Computing for his help on this!

Trackbacks are disabled.