In this article you will learn some best-practice suggestions for using service applications according to the IT security rule of least privilege.

In my previous article, we defined services and service accounts and also examined what options there are for selecting a service account for use with a particular service or application.

Here we take that fundamental knowledge and put it in more of a practical context. In real world multi-tier Web application scenarios, a Windows administrator can quickly become overwhelmed in keeping track of which service account he or she used with which application or service.

Consider the following example diagram:

A typical multi-tier Web application topology

(more…)

In this article you will learn the fundamentals of Windows service accounts. Specifically, we discover the options and best practices concerning the selection of a service account for a particular service application.

It is a common mistake for entry-level Windows systems administrators to associate a local or domain Administrator account with Windows services and applications. I hope that you can see how dangerous a practice this is. If a malicious user were to compromise a service account, then that malicious user accesses your domain up to and including all level of privilege of the associated service account.

It is my goal in this mini-series on Windows service accounts to teach you exactly what these accounts are, what options we have in using them, and what specific best practices Microsoft recommends for their use. Let’s get to work.

What is a Service?

A service is compiled code that is typically long-running and executes with no user interaction. By “long-running” we mean that many services are configured to start automatically with Windows. By “no user interaction” we mean that the service typically runs in the background with no visible front-end user interface.

(more…)

VisualCron is an advanced task scheduler for Windows that supports central management. Its power task scheduling features go far beyond the capabilities of the Windows Task Scheduler.

VisualCron raffles off three licenses of their central task scheduling software for Windows to 4sysops readers. The winner will receive a 5-Server license worth $717 USD. The two runners-up will each receive a 1-Server license worth $197 USD. The deadline of this contest is July 26, 2011. If you want to take part in this raffle, please send an email with the subject VisualCron to .

(more…)

AutoAdministrator allows you to remote execute programs, remote execute services, and remote shutdown and reboot computers.

In my last post, I discussed the AutoAdministrator’s functions that enable you to query remote computers. Today, I will cover the remote execution functions: programs (processes), services, and shutdown/reboot.

Note: 4sysops readers get a discount on AutoAdministrator of $20 USD until the end of 2010, which means that you pay only $49 USD instead of the regular price of $69 USD. indicating that you are a 4sysops reader.

Remote execute programs

Remote process execution is another feature that was not available when I reviewed AutoAdministrator a while back. It enables you to execute all kinds of programs against remote computers, which is quite powerful since it allows you to leverage tools such as psexec and plink.

(more…)

In my last post, I outlined four ways to stop a shutdown or reboot process. These tricks are the last resort to prevent Windows from shutting down. However, Windows offers a few configuration options that can help to minimize the number of required reboots. Today, I will cover the restarts that are caused by third-party applications. In my next post, I will examine automatic restarts initiated by Windows Update.

Deploy updates during off-hours

The main reason why third-party applications may initiate restarts is because an update has to replace open files. If users are currently working with an application while you deploy updates, the likelihood is high that you will interrupt their work. Hence, I recommend using a software deployment solution that supports scheduled software updates and WAKE-ON-LAN so you can boot-up computers before the deployment process starts. (more…)

The number of reasons for Windows reboots has decreased considerably over the years. But, sometimes, it seems odd to me that operating systems still have to reboot at all. I think, the rise of tablets will force system developers to rethink this weakness. Until then, we have to shut down and reboot our computers at least every now and then.

The problem is that “now” is usually the wrong time from the user’s perspective, and sometimes Windows insists that “then” is too late. There are many reasons why Windows can initiate a restart without user consent, including during the processing of automatic Windows updates or when an updated application just wants to be sure that everything will work properly. Or perhaps you just initiated the shutdown at the moment your boss calls to ask for some important data and you want to stop it.

I know of four ways to stop or prevent shutdowns and reboots:

(more…)

System Explorer is a powerful freeware utility that allows you to display and manage quite a few system components. There is a portable and an installable edition. I think, this tool belongs in every admin’s toolbox.

If you have a quick look at this tool’s Windows Explorer-like user interface, you will get a first impression of its capabilities. I will only discuss those features that seem to be most interesting to me.

(more…)

Rate this tool: (7 votes, average: 4.43 out of 5)

 Loading ...

Submit a free admin tool | Free admin tools index | Browse free admin tools

The name of this Open Source task manager doesn’t really fit. It is not just another process monitor. Perhaps THE Process Monitor would be a better name. I can already see your eyebrows rising. Better than Sysinternals Process Explorer? Well, yes. Better! Much better!

First to consider is its modern user interface, complete with ribbon and tabs. This UI doesn’t just look better; it is also more convenient than Process Explorer’s old style interface. But, of course, some fancy icons are not enough to remove the king from the throne.

(more…)

Rate this tool: (3 votes, average: 3.67 out of 5)

 Loading ...

Submit a free admin tool | Free admin tools index | Browse free admin tools

There are quite a few ways to elevate a program (run with administrator rights) under Vista and Windows 7. The sidebar widget Elevation Gadget is another option that can be helpful in some situations. You can place it on your desktop and drag applications or scripts on it that you want to run in elevated mode.

It is also possible to run multiple programs with admin privileges this way. You just have to select the corresponding icons and move them onto the Elevation Gadget. You can also type commands inside the widget to launch programs. The tool’s history buffer allows you to start previously launched programs.

(more…)

Rate this tool: (2 votes, average: 1.50 out of 5)

 Loading ...

Submit a free admin tool | Free admin tools index | Browse free admin tools

Free Extended Task Manager adds a few useful features to the Windows Task Manager. The tool does not have as many functions as Process Explorer or Process Hacker, but it could be particularly useful if you are having performance problems and want to quickly find the culprit.

If your computer behaves sluggishly, then there are usually three possible causes: An application occupies too many CPU resources, needs too much RAM, or keeps your hard disk busy. Free Extended Task Manager tool adds a third graph to the Performance tab that displays the disk input/output activity. This way, you’ll see all three important parameters (CPU usage, RAM usage, Disk I/O) at a glance.

(more…)

Rate this tool: (6 votes, average: 4.17 out of 5)

 Loading ...

Submit a free admin tool | Free admin tools index | Browse free admin tools

ServiWin is a freeware tool that allows you to manage Windows services and drivers. The utility has a few useful features that the corresponding Windows tools lack. Since ServiWin is a portable application, you can easily launch it from your flash drive when you are working on a user’s computer.

The tool has two different displays, one for the drivers and one for the services. The operations you can perform are similar to those for Windows tools. For example, you can start or stop services or change their start type. ServiWin also supports starting and stopping of drivers, but this won’t work with most system drivers. The main benefit of ServiWin is that you can gather information about services and drivers more easily than with the Windows tools. This is the list of additional ServiWin features:

(more…)

Rate this tool: (2 votes, average: 4.00 out of 5)

 Loading ...

Submit a free admin tool | Free admin tools index | Browse free admin tools

In my last post I described how you can configure jobs with VisualCron. Today, I will introduce the tool’s user interface and some of its special features.

You can install the frontend (the documentation calls it the client) and the backend (server) separately. The frontend can be used to manage jobs remotely for one or multiple servers. Of course, you can also install the client and the server on the same machine.

VisualCron’s product name fits very well because its graphical user interface makes it easy for you to track all of your jobs. The user interface resembles the ribbon interface used in some Office 2007 applications. Microsoft introduced the ribbon in Office because the features had become too numerous for the menus and toolbars of the old interface style to handle without being cumbersome. I suppose this was also the reason why VisualCron chose a ribbon-style interface type.

(more…)

In the first post of this series I outlined some of VisualCron’s general advantages over the Windows Task Scheduler. When you read today’s post, you will notice that the tool has quite a few additional interesting features.

Before we dive into the details, let us have a look at how VisualCron works. The diagram below shows how a job has to be configured with VisualCron. For most jobs you have to configure one or more tasks (the actions you want to perform), triggers (defined circumstances that will initiate the task), and optional conditions (states that can prevent a task from being launched even if a trigger is present). As you can see in the diagram, VisualCron supports many more task types than the Windows Task Scheduler supports. Once the task has been launched, VisualCron can notify administrators by several means.

(more…)

VisualCron is raffling three licenses for 4sysops readers. The winner will receive a 5-Server license worth 717 US dollars and the two runners-up will each receive a 1-Server license worth 197 US dollars. More information about the contest can be found at the end of the article.

VisualCron is the most sophisticated task scheduling tool I have ever tried. I was already quite impressed with the Task Scheduler in Vista and Server 2008, but VisualCron comes with far more advanced features. The ability to manage task scheduling on multiple machines from a central location, in particular, makes the tool an interesting alternative for large organizations. VisualCron targets task scheduling for server environments, but you can also use the tool on desktops.

(more…)

WinRAP is a nice little freeware tool that allows you to hide applications from view on your desktop while letting them to continue running invisibly in the background. There are a few cases where such a tool may prove to be useful. The first thing that probably comes to mind is the hiding of programs that are unrelated to your work from your boss and colleagues. However, there are other uses that could also make this utility valuable for your work.

For instance, if you have started an admin tool on a user’s desktop and want to leave the place for a while. You can then let the tool finish its work while the user continues working with the computer. This way, you don’t have to worry that the user will interfere with your work. Another way to use the tool is to reduce the number of icons in your taskbar if it is cluttered with too many apps.

WinRAP is a tiny standalone tool which doesn’t have to be installed. It displays all running applications in the upper pane. You can hide each of the applications with a mouse click which moves the app’s name to the lower pane. The application’s interface will then disappear from the desktop. Of course, you can also unhide an application, if you want to access its interface.

(more…)

Rate this tool: (4 votes, average: 3.25 out of 5)

 Loading ...

Submit a free admin tool | Free admin tools index | Browse free admin tools