It's piece of cake to lose track of what'southward happening on a Windows server, particularly when something goes awry. There are hundreds of processes, scheduled tasks, rules, handles, and privileges going on at the same time. The more than yous know near the goings on of the computers you're responsible for—whether Windows, Linux, or any other operating system—the easier information technology is to fix if things go south.

Fortunately, you have help. In that location are many command-line utilities for Windows systems (desktop and server), too as small, official tools that help you get a grip on what'due south going on at all times. In this article, I innovate you lot to some you should know about. These may not surprise you if you're an experienced Windows admin just can serve as a checklist for your fix-it toolbox.

I share both costless tools and PowerShell or CMD control-line commands. Naturally, the options extend far beyond my list here.

When you lot don't want to or (feasibly) can't get local access to your server, turn to remote tools including WinRS/WinRM or PowerShell remoting, or stick to options such equally remote desktop solutions.

Run across what's running automatically

Microsoft's Autoruns has been on my listing of tools for more than fifteen years now. Every server admin should accept information technology handy. It gives you a complete overview of all processes that run at Windows startup (whether server or client) and all scheduled tasks, services, drivers, Winsock providers, DLLs, and more than.

Once a month, I go through the exhaustive listing of items and hunt for new entries (Why is it hither? Where is it coming from? Do I need it?). I as well look at entries marked in yellow or ruby (the items that try to launch a nonexistent file—usually a good source for troubleshooting).

In item, tertiary-party services and scheduled tasks get my full attention. I want my server to run equally cleanly as possible.

Microsoft's Autoruns

Autoruns

Big plus: The contempo versions let you to bank check whatever file for whatever class of malware, known and particularly unknown, using VirusTotal.

Monitor all processes live

1 of the virtually fascinating things to notice on your server, and a cracking way to troubleshoot problems or functioning issues, is Procedure Monitor, which displays a live view of all file, process, and registry activeness. In just 10 minutes, my Windows server recorded 8 one thousand thousand events.

Process Monitor

Process Monitor

Things tin get quite wild, every bit Process Monitor lists every unmarried event or process. Only with a little know-how, you tin filter the information. If you suspect that a sure procedure or service is thrashing your difficult bulldoze or crashing at a specific point, naturally you demand to discover out why. You tin isolate it by right-clicking and selecting Include <processname>. Look at what'southward happening (nether "Operation"), then check the "Results" and the "Details" for further diagnosis. That probable shows whatsoever is odd and why.

Network commands y'all need to know

Getting a grip on your network connections is piece of cake: Turn to the old familiar command line. Windows Server comes with a handful of commands to run in a command-line window that should help you get a sense of network connectivity.

First, fire upwardly the control prompt and type in netstat . Netstat (available in all versions of Windows) lists all active connections from your local IP address to the outside earth. Add together the -b parameter (netstat -b) to become a listing by .exe files and services then you know exactly what's causing the connection.

netstat

Netstat

So there's ipconfig /all—an all-time classic command-line control that gives you the condition of all network adapters.

At the command line, type in net statistics for a list of core functioning data, such equally network errors, hung sessions, bytes received, SMBs received/transmitted, write/read errors, etc. This includes all information since the concluding reboot—oh, and that also gives you the server'southward uptime!

Last but non least, at that place's PathPing. It combines Ping and Tracert and lets you trace and get statistics on a specific road. Type in pathping IPADDRESS for information on latency, loss packets, and more, afterward only a few seconds of tracing.

Export server awarding or system logs to CSV

Event Logs aren't the fastest way to check upwards on system or application errors. Using a elementary PowerShell command (Get-EventLog -Log "Application" or Get-EventLog -Log "System"), you can get a full list of all events in the most critical categories.

But log files oftentimes are huge, and information technology is not feasible to read them. Instead, export these logs into a CSV file on a regular basis. Using Excel to filter and search is far simpler than messing with Event Viewer.

Unsure how to get started with containers? Yes, we have a guide for that. Go Containers for Dummies.

Cheque Active Directory health

My primary tool to diagnose domain controllers is Microsoft'due south Domain Controller Diagnostic Tool. Run information technology from C:\Program Files (x86)\Resource Kit. To perform a comprehensive check on all Agile Directories, run dcdiag /e /v /c whereupon you become information on abnormal system behavior such as difficult disk errors and network problems. Adding /fix runs some bones (safe) DNS repairs. However, don't count on those or get your hopes up. In my experience, y'all cease up fixing nearly issues by manus!

WMIC: The be-all and end-all of status checks

Another useful Microsoft-provided congenital-in tool is the Windows Management Instrumentation Command-line utility. Running WMIC from a control line gives y'all dozens of tools to check upward on hardware and software server activity. I regularly use several of its tools:

  • DiskQuota: Lets y'all check whether users have reached their deejay space limit.
  • Group: Lists all user accounts and groups.
  • IRQ: Provides a full listing of server IRQs. This is corking for hardware troubleshooting, especially when you accept multiple network adapters.
  • Printer and printjob: Gives a detailed overview of active continued printers and outstanding print jobs.
  • Share: Provides an overview of all resources shared by your server.

Across status dashboards

The commands hither let you dive deeper into organisation status than you lot tin can with a Windows server overview condition dashboard. Often, they let you set things immediately. Information technology's a more hands-on and thorough approach.

(All images courtesy of the writer.)