Windows NT Resource Kit Utilities

Utility Description
Addusers.exe Dumps and imports user and group accounts in an Windows
NT user account data base to a text file. Passwords are not included. See Q137848.
See problem report Q141791
Autolog.exe Graphical utility to automate the registry settings for
Browmon.exe Graphical browser monitoring utility.
Browstat.exe A more powerful command-line browser monitoring and
querying tool.
Compreg.exe Command-line registry comparison utility that allows you
to compare any two local and/or remote Registry keys on NT or Win95 systems.
Verbose mode prints both differences and matches.
Delprof.exe Deletes user profiles.
DelSrv.exe Command-line utility that unregisters a service with the
service control manager. Deletes specified service from Service hive and changes
ControlSet001 and CurrentControlSet.
DH.exe Displays heap usage in a user mode process or pool usage
in kernel mode memory. See Q168609
Dommon.exe Graphical domain monitoring tool. Displays secure
channels between Windows NT computers that are members of a domain, and between
domain controllers that are trusting other domains. This utility shows the same
information as the command-line utility Nlmon.exe.
DotCrash.exe Utility that lets you debug computers running Windows NT
by creating a user-mode memory dump of offending processes. DOTCRASH is
especially useful in production environments where time limitations make it
difficult for you to take a computer offline for debugging purposes. For
example, DOTCRASH can help you debug the following problems: memory leaks; an
application that stops responding at 0 percent (dead lock) CPU usage; an
application that stops responding at 100 percent (busy loop) CPU usage.
Dskprobe.exe See Q166751
Dumpchk.exe Command-line utility used to verify that a memory dump
file has been created correctly. Dumpchk is located on the Windows NT compact
disc at \Support\Debug\\Dumpchk.exe. See Q156280
Dumpel.exe Dumps an event log to a file. Q129266
Findgrp.exe Finds all local and global group memberships for a user
in both an accounts domain and a resource domain.
FixACLS.exe Resets the NTFS file and folder permissions on system
files for Windows NT Server or Windows NT Workstation to their default values.
See Q167320
FixACLS.exe Enable domain controllers in NT account domain to
authenicate logon attempts by FPNW, File and Print Services for NetWare, users
from NetWare client computers. See Q145594
FTedit.exe Utility designed to aid in the recovery of software RAID
sets (Fault Tolerant) under Windows NT. See Q131658,
Getsid.exe Dumps the users SID (includes the RID) for users or
Ifmember.exe Lists the groups a user is a member of.
Logevent.exe Command-line utility, can be used to log an event ID
provided by the user into the Application event log. This allows the user to log
errors and informational data from batch files, login scripts, and Performance
Monitor. The application event log can then be viewed and manipulated with the
standard tools used for dealing with event logs. See Q131008
Logoff.exe Utility (available only with NT 4.0 Server Resource Kit)
allows the user to logoff from the command prompt.
Ltest.exe Very powerful command-line domain monitoring utility.
Does much more than Nlmon.exe or Dommon.exe.
Netdom.exe Powerful command-line utility can be used to join a
domain, manage computer accounts for members and BDCs, reset secure channels,
establish trust relationships, and manage resource domain computer accounts. See
Netsvc.exe Command-line utility to query the status of a remote
server’s service; start, stop and pause a service; and list insalled service.
See Q173529,
Netwatch.exe Graphical utility shows shares and connected users for
one or more servers in a single window.
Nlmon.exe Command-line domain monitoring tool. Displays secure
channels between Windows NT computers that are members of a domain, and between
domain controllers that are trusting other domains. Shows the same information
as the graphical utility Dommon.exe
Nltest.exe Command-line that can be used to test trust relationships
and the state of domain controller replication in a Windows NT domain. Can be
used to re-initialize. See Q158148,
OH.exe Command-line tool shows the handles of all open windows.
Alternatively, you can constrain the OH display to show only information
relating to a particular process, object type, or object name. This feature is
useful when a sharing violation occurs because you can find the process that has
a file open at the time of violation. See Q172710.
Pathman.exe Command-line utility to modify the system and user path
environment statements.
Permcopy.exe Copies permissions from one share to another.
Perms.exe Displays a user’s permissions to files and directories on
an NTFS volume. See Q137848.
Passprop.exe Provides functionality not available in User Manager.
Allows policies to force complex passwords that contain a mix of upper and
lowercase letters and numbers or symbols, and the ability to lock out an
administrator’s account over the network, but still allowing an administrator to
log on interactively on domain controllers.
Poolmon.exe Utility located on the Windows NT CD-ROM can be used to
track memory usage in both paged and nonpaged pools of memory. See Q164933,
Reg.exe Command-line registry manipulation utility for local or
remote registries. Functions in REG.Exe:

  • ADD add a sub-hive or data key
  • BACKUP save registry object to a file
  • COPY registry object to a new name. Only HKEY_LOCAL_MACHINE and
    HKEY_USERS can be specified when copying objects to a remote registry.
  • DELETE registry objects local or remote.
  • LOAD copy registry object from saved file to registry.
  • QUERY search the registry for a specific data key and display its
  • RESTORE registry objects from the file specified.
  • SAVE used to save the registry object to the file.
  • UNLOAD (delete) single level sub-hive.
  • UPDATE an existing object
See problem report Q180286
Regback.exe Regback allows one to back up registry hive while the
system is running and the hives are opened. SetBackupPrivilege is required
(granted to Backup Operators).
Regchg.exe Command-line utility to Change or add registry values on
the local computer. You cannot add keys. Regchg.exe operates on keys in the
HKEY_LOCAL_MACHINE hive only. See Q171591
RegDel.exe Command-line utility to delete keys from remote or local
Regdir.exe Reports the contents of the Registry and its keys in a
manner similiar to that of the DIR command.
Regdmp.exe Similiar to Savekey.exe but it is not for dumping
contents. Regdmp is more for reporting purposes; it is intended for screen
reporting but can easily be redirected to an output file. If Regdmp detects any
REG_SZ or REG_EXPAND_SZ that is missing the trailing null character, it will
prefix the value string with the text “MISSING TRAILING NULL CHARACTER” Common
programming error.
RegEntry A powerful help file that lists NT registry hives, keys
and values. Lots of good information in help file.
Regfind.exe Windows NT 4.0 Resource Kit command-line utility lets you
search and replace data values in the registry. Takes functions found in
Regedit.exe search engine and uses them in a command-line form. See Q146303
RegIni.exe a character-based batch file utility that you can use to
add keys to the Windows NT Registry by specifying a registry script. See Q142265
Regkey.exe Graphical utility to modify the registry to change
settings for the shutdown button on the logon screen, to display the last logged
on user, whether to parse the Autoexec.bat file for path and environment
variables, to specify the number of profiles cached, to specify the default
wallpaper, and whether to generate long file names on the FAT file system.
Regread.exe Command-line utility reads the registry of a local or a
remote system, parses out values, and outputs them to the screen. Regread
operates on keys in the HKEY_LOCAL_MACHINE hive only. Q171591.
RegRead is obsolete and is no longer distributed with NT Resource Kits. Its
functionality replaced by REG.EXE.
Regrest.exe Utility to recover the registry from a backup. Recovery
is done hive by hive (just like Regback backs up hives). Works by doing
RegReplaceKey API calls. The old hive is stored in a .SAV file whereas the new
file is saved into the \%systemroot%\System32\Config directory. No changes take
effect until reboot.
RegSave.exe Saves a sub-hive HKEY_LOCAL_MACHINE to a file. It was
distributed for a while as SaveKey.exe but is now obsolete and is not
distributed as part of the NT Resource Kit. Functionality replaced by
Regsec.exe Command-line utility that can produce very undesirable
affects. Primarily, it is a simple way to make a workstation more secure so only
Administrators who log on to the workstation have expected behavior. All
non-administrators will have essentially an unusable workstation. See Q171591,
RegSec is obsolete and no longer distributed as part of NT Resource Kit.
RestKey.exe restores a key saved by RegSave. Obsolete, not
distributed as part of NT Resource Kit. Functionality replaced by Reg.Exe.
Rmtshare.exe Remotely view and create shares.
Rregchg.exe Command-line utility to Change or add registry values on
remote computers. You cannot add keys. Rregchg.exe operates on keys in the
HKEY_LOCAL_MACHINE hive only. See Q163327.
Obsolete, functionality replaced by Reg.Exe.
Savekey.exe Saves a subkey of the HKEY_LOCAL_MACHINE registry key to
a file. The subkey (hive) file can be restored using Regedit.exe or Regedt32.
Sc.exe It is possible to use Sc.exe and Netsvc.exe to switch the
start value of a service, and to remotely start and stop a service. These
resource kit utilities provide the ability to accomplish the registry change and
ensure that the change is registered with the Services Control Manager. The
Services Control Manager database is updated dynamically when using these
utilities, allowing you to change the start values and stop and restart services
remotely. Otherwise, the remote modification to the registry will require you to
restart the remote computer or to make the change in the Services tool in
Control Panel at the remote computer. See Q166819
Sclist.exe List, stop, or start services on remote servers.
Scopy.exe Copies files between NTFS file systems and retains all
file and directory permissions. See Q174273
Scanreg.exe Command-line utility that functions as a Registry grep
that enables one to search for any string in key names, value names, and value
data in local or remote Registry keys in NT and Win95.
SecAdd.exe Command-line utility that removes the Everyone group from
a specified HKEY_LOCAL_MACHINE registry key. SecAdd can be used to add read
access to a registry key.
Showacls.exe Displays NTFS permissions for files, folders, and
directory trees.
Showgrps.exe Shows the groups that a user is a member of.
Shutdown.exe Command-line utility to remotely shut down and reboot
Windows NT computers.
Shutgui.exe Graphical utility to remotely shutdown and reboot Windows
NT computers.
SNMPUtil.exe See Q170326
Soon.exe Simplifies AT scheduler commands to form:
\\ntmachine somescript.bat
Srvinfo.exe Utility that lists lots of information for local and
remote Windows NT computers. To get all the information, you must be an
administer of the remote machine. Some of the information listed includes
Windows NT type, build number, domain name, Primary Domain Controller (PDC), IP
address, drive space, and services running.
Timeserv.exe (available only with NT 4.0 Server Resource Kit) keeps
the local system clock synchronized with an external time service. utility. See
problem report Q178878.
See Q131715.
Usrstat.exe Displays user name, full name, and last logon date and
time for each user account across all domain controllers.
Usrtogrp.exe Adds users to local and global groups from a text file.
UPTOMP.exe Uni to Multiprocessor support upgrade utility. See
problem reports Q126608,
See manual upgrade Q156358.
Whoami.exe Lists the user account who spawned the CMD process.
Winat.exe Graphical utility to administer and schedule processes
using the Scheduler service.
WinsCL.exe Command-line utility removes corrupt Windows Internet
Name Service (WINS) database information. See Q169216.
WinsDMP.exe Command-line utility dumps Windows Internet Name Service
(WINS) database information. See Q142302,

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top