Useful security tools/utilities for System administrators

 I will update this page regularly for new cool tools. If you have a cool utility  you want me to review, email me. I have divided the security utilties in the following categories:

 Forensic Tools

InControl4 – Run this before installing ANYTHING questionable. Takes a snapshot of the entire registry, drive contents. Tells you nearly every change a piece of software makes to your system. (823K)

Forensic Toolkit for NT – A collection of VERY useful NT command line utilities from NT OBJECTives Inc. that allow you examine the files on a disk drive for unauthorized activity. Click here to view the “readme.txt”.

NTLast Version 1.6 – Another useful one from NT OBJECTives that searches the Event Log for Interactive/Remote/Failed logon stats. It distinguishes between remote/interactive logons and matches logoff times with logon times.

NTO “Seek and Destroy” Tools – Four new tools from NTObjectives, that include:
NTOLog – Powerful, network wide backup/clear utility for NT logs
LServers – NetBIOS name dumper
NPList – NT network process dumper
NTODrv – NT network driver/service dumper

 Security Tools

LANguard Network Scanner – LANguard network scanner is a freeware security scanner to audit your network security. It scans entire networks and provides NETBIOS information for each computer such as hostname, shares, logged on user name. It does OS detection, tests password strength, detects registry issues and much more. Reports are outputted in HTML.

DelGuest – From Arne Vidstrom of DelGuest deletes the built-in Guest account in Windows NT. This account is supposed to be impossible to delete, and it is impossible to delete through the ordinary user interface, but with DelGuest you can do it. More information can be found in the DelGuest FAQ

Sechole3 – Get admin access on Windows NT with only read/execute on the local box or console. NOTE: Doesn’t work with Windows SP4 or better. (56K)

NTO’s PacketX – Native Windows NT firewall testing tool that allows for complete TCP/IP packet creation. Click here for more info.

WinZapper – Did you ever need a way to clear only selected events from the security log under Windows NT/2000? This little utility from Arne Vidstrom lets you do just that. (28K) More Info..

Autoclave Disk Wiping Program – Disk wiping/sterilization program by Josh Larios. Quick, painless and will wipe any IDE drive running on an Intel based system. Use the included rawrite (or batch file) to write the image to a bootable floppy. Visit his webpage for updates and more information.

 Admin Tools

HotFix Control – Tells you what hotfixes and service pack you have applied, neat utility. (163K)

User2SID/SID2User – Look up the SID of any domain account. Want to know what SID belongs to what user account? (50k)

NT Admin Boot Disk – Linux Boot Diskette for NTFS, resets the Administrator Password. Use rawrite.exe (included) to make the floppy from the .bin file  NOTE: May not work with SYSKEY. (1.4M)  NEW! Updated .bin file located here:

XTeq’s X-Setup 5.7 – Called “The Mother of All Windows Tweak Programs”, this program lends a handy way to personalize your system. Edit boot options, stop programs from automatically loading with Windows, and remove items from the uninstall list. It also contains some handy security settings and administrative options, normally done by editing the registry. Visit their site for more details and add-ons.

NetLab For NT/95 – An excellent combination program with Finger, Trace, Quote, WhoIs, Port scanner, other neat goodies.(467K)

Resplendent Resolver For NT/2000 – Don’t you just hate it when you try to install or run a program and it whines about “Requires Windows NT SP3”, even though you’re running SP5 or Windows 2000? I did too, Then I tried out this little gem from from Resplendence. More Info…

Open File ManagerFrom St. Bernard Software. Did you ever have a backup fails because a file is in use? (I wish I knew about this little gem back in the days of cc:mail 🙂 Allows your existing backup software to successfully capture files that are open and in use on Windows NT/2000 and NetWare platforms.

 Monitoring Tools

PrcView Process viewer – This one is a “Must Have” utility written by Igor Nys of Computer Technology Inc. View all active processes on your NT or95/98 box as well as their .dll dependencies. Do you know that you’ve been “NetBussed” but you don’t know the name of the .exe? Click on “View/Module Usage” for a list of the all modules in the system alphabetically sorted, highlight the “keyhook.dll” and PrcView will show you the module(s) that use this dll. Bingo! You’ve found your trojan. (77K)

GFI LANguard Security Event Log Monitor – Must have tool to centrally monitor your security logs. This program will collect the security logs of all your machines, analyze them and alert you to high security events happening. Also allows for reporting on security events happening on your network. Cool stuff!

Inzider – Another one from Arne at This is a very useful tool which lists the current processes in your Windows system and the ports each one listen on. It is written to work on Windows NT and Windows 9x, and I know of no other program which does what inzider does. There have been some stability problems on Windows 9x, which I thought were solved but were still left although not as frequent. In the new version (1.2) I have done a few changes to improve both stability and reliability. I guess there is still much left to wish for, but over all I think inzider is a success, and it’s quite popular despite the problems. On Windows NT, inzider is still unable to check processes which are started as services. Yet, it’s very useful – for example, check out this page about inzider vs. bo2k (Back Orifice 2000). Keep your eyes open in the future, there will most likely come new improved versions. Here is a handy link to the FAQ.

NetBuster – This version removes all trojan versions of Netbus. Also will simulate the server portion of Netbus allowing you to “put the fear” into whomever is trying to Netbus you.(546K)

LANguard File Integrity Checker – LANguard File Integrity Checker is a free utility that checks whether files have been changed, added or deleted on a Windows 2000/NT system. If this happens it will alert the administrator by email.

Netbus Pro 2.10 – (Final Release, not the Beta) The first of the Non-Trojan Netbus. This version can actually be considered a legitimate program this time around. ( “Script Kiddies”, Don’t even waste you time downloading it 🙂 (1.8 M)

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top