J003-Content-33-Quick-and-Dirty-Tips-for-Windows-SysAdmins_SQSometimes we like to write lengthy blog posts that go into great detail about some topic. Other times we want to get you useful information in as distilled a format as we can, as fast as we can. Today’s post is one of the latter, as we share 33 quick and dirty tips for Windows sysAdmins to try to help you buy back some time in your day. Ready? Begin!


  1. netsh int ip reset all will reset your NIC back to DHCP quickly, blanking out all static settings.
  2. net use will show you all open SMB connections on your machine.
  3. If you need to grab a quick network capture, but aren’t allowed to install Wireshark or another similar tool, open an admin command prompt and run netsh trace start capture=yes tracefile=c:\capture.etl to create a file you can open in Wireshark or Netmon later. Use netsh trace stop to end the capture.
  4. If you just need to know what is happening, but not capture a trace, use netstat as a poor man’s packet analyzer. netstat –ano 1 | findstr X will update once a second and highlight whatever you replace X with, like :443 or SYN_SENT or the destination ip.addr you are trying to confirm your machine is attempting to communicate with.
  5. netstat –e can give you a quick diagnosis of layer 2. Watch out for high or increasing numbers of errors.
  6. Grab the TCPING utility from http://www.elifulkerson.com/projects/tcping.php and use it to monitor not just when a server reboots, but when a service is back up. Try tcping –t –b 2 addr 3389 when you reboot a Windows server. It will start to use your default beep sound when the service starts responding to SYN requests, so you know you can RDP back into the box after a reboot.
  7. Use netstat –r to dump your IP routing table so you can see if everything goes to the default gateway, or somewhere unexpected.
  8. Download BIND for Windows from https://www.isc.org/downloads/# and use the Windows ports of DIG and HOST to do DNS queries.
  9. And if you like DIG and HOST, grab the whois port from https://technet.microsoft.com/en-us/sysinternals/bb897435 to do command line lookups of domain names and IP networks.

Active Directory

  1. netdom query fsmo will list all the Flexible Single Master Operations members in your domain, so you can find the PDC emulator, schema master, etc.
  2. repadmin /replsummary will give you a quick status on AD replication. It will also let you know if you cannot reach a domain controller from the machine on which you run the command.
  3. repadmin /syncall will trigger an AD replication so you don’t have to wait.
  4. net accounts will list the domain security policy.
  5. gpresult /v will dump all the Group Policy Object settings affecting you and the machine you’re on.
  6. whoami and whoami /groups will confirm your AD account and group memberships.
  7. set l will let you know what domain controller authenticated you, or if you are running with cached credentials.


  1. Use the Windows+Arrow Keys to move windows around, including both half- and quarter-monitor views.
  2. Windows+Tab to bring up a quick preview of all running applications.
  3. Windows+X brings up the Quick Access Menu.
  4. Windows+R brings up the Run command.
  5. Windows+P brings up projection options for when you connect to a second monitor or projector.
  6. Windows+number will launch whatever app is in that numeric position, from left to right, on your taskbar.
  7. CTRL+SHIFT+P launches an “In Private” session of Internet Explorer.
  8. Use the Problem Steps Recorder to automatically capture screenshots of a process or procedure. It’s great for documentation and training too. Windows+R, PSR, Enter!
  9. Run powercfg –h off to turn off hibernation, and buy back several GB of disk space by dropping the hiberfil.sys file that is just taking up space on your hard drive.
  10. Look up most error codes at the command prompt by downloading the Microsoft ERR tool and saving it in your path.
  11. All the Sysinternals command-line tools can be executed from the web using \\live.sysinternals.com\tools\toolname*. Check out http://live.sysinternals.com/ for all the tools that are there.


  1. Start to type any command and hit TAB to get autocomplete.
  2. If you are not sure of a command, run get-command *something* to get a list of appropriate commands.
  3. Use get-help command to get help on a command. –full gives you everything, -examples just lists some examples, and –online brings up the online help.
  4. PowerShell v4 and later has copy and paste already turned on, and can use the highlight, CTRL-C, CTRL-V just like any other Windows app. Finally!
  5. Use the start-transcript cmdlet to keep a record of everything you do. It gives you a good way to go back when you can’t remember how to do that thing, so you can see what you did.
  6. There are 155 aliases in PowerShell v5, making cmdlets from DOS and Linux available to you in PowerShell. Run alias to see all the ones that are built-in, and use the alias command to create your own.

These 33 quick and dirty tips for Windows sysAdmins are just the tip of the iceberg. Share your favorites below by leaving a comment and let’s see how long we can make this list!

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.