Windows NT Resource Kit Utilities
|Addusers.exe||Dumps and imports user and group accounts in an Windows|
NT user account data base to a text file. Passwords are not included. See Q137848.
See problem report Q141791
|Autolog.exe||Graphical utility to automate the registry settings for|
|Browmon.exe||Graphical browser monitoring utility.|
|Browstat.exe||A more powerful command-line browser monitoring and|
|Compreg.exe||Command-line registry comparison utility that allows you|
to compare any two local and/or remote Registry keys on NT or Win95 systems.
Verbose mode prints both differences and matches.
|Delprof.exe||Deletes user profiles.|
|DelSrv.exe||Command-line utility that unregisters a service with the|
service control manager. Deletes specified service from Service hive and changes
ControlSet001 and CurrentControlSet.
|DH.exe||Displays heap usage in a user mode process or pool usage|
in kernel mode memory. See Q168609
|Dommon.exe||Graphical domain monitoring tool. Displays secure|
channels between Windows NT computers that are members of a domain, and between
domain controllers that are trusting other domains. This utility shows the same
information as the command-line utility Nlmon.exe.
|DotCrash.exe||Utility that lets you debug computers running Windows NT|
by creating a user-mode memory dump of offending processes. DOTCRASH is
especially useful in production environments where time limitations make it
difficult for you to take a computer offline for debugging purposes. For
example, DOTCRASH can help you debug the following problems: memory leaks; an
application that stops responding at 0 percent (dead lock) CPU usage; an
application that stops responding at 100 percent (busy loop) CPU usage.
|Dumpchk.exe||Command-line utility used to verify that a memory dump|
file has been created correctly. Dumpchk is located on the Windows NT compact
disc at \Support\Debug\
|Dumpel.exe||Dumps an event log to a file. Q129266|
|Findgrp.exe||Finds all local and global group memberships for a user|
in both an accounts domain and a resource domain.
|FixACLS.exe||Resets the NTFS file and folder permissions on system|
files for Windows NT Server or Windows NT Workstation to their default values.
|FixACLS.exe||Enable domain controllers in NT account domain to|
authenicate logon attempts by FPNW, File and Print Services for NetWare, users
from NetWare client computers. See Q145594
|FTedit.exe||Utility designed to aid in the recovery of software RAID|
sets (Fault Tolerant) under Windows NT. See Q131658,
|Getsid.exe||Dumps the users SID (includes the RID) for users or|
|Ifmember.exe||Lists the groups a user is a member of.|
|Logevent.exe||Command-line utility, can be used to log an event ID|
provided by the user into the Application event log. This allows the user to log
errors and informational data from batch files, login scripts, and Performance
Monitor. The application event log can then be viewed and manipulated with the
standard tools used for dealing with event logs. See Q131008
|Logoff.exe||Utility (available only with NT 4.0 Server Resource Kit)|
allows the user to logoff from the command prompt.
|Ltest.exe||Very powerful command-line domain monitoring utility.|
Does much more than Nlmon.exe or Dommon.exe.
|Netdom.exe||Powerful command-line utility can be used to join a|
domain, manage computer accounts for members and BDCs, reset secure channels,
establish trust relationships, and manage resource domain computer accounts. See
|Netsvc.exe||Command-line utility to query the status of a remote
server's service; start, stop and pause a service; and list insalled service.
|Netwatch.exe||Graphical utility shows shares and connected users for|
one or more servers in a single window.
|Nlmon.exe||Command-line domain monitoring tool. Displays secure|
channels between Windows NT computers that are members of a domain, and between
domain controllers that are trusting other domains. Shows the same information
as the graphical utility Dommon.exe
|Nltest.exe||Command-line that can be used to test trust relationships|
and the state of domain controller replication in a Windows NT domain. Can be
used to re-initialize. See Q158148,
|OH.exe||Command-line tool shows the handles of all open windows.|
Alternatively, you can constrain the OH display to show only information
relating to a particular process, object type, or object name. This feature is
useful when a sharing violation occurs because you can find the process that has
a file open at the time of violation. See Q172710.
|Pathman.exe||Command-line utility to modify the system and user path|
|Permcopy.exe||Copies permissions from one share to another.|
|Perms.exe||Displays a user's permissions to files and directories on|
an NTFS volume. See Q137848.
|Passprop.exe||Provides functionality not available in User Manager.|
Allows policies to force complex passwords that contain a mix of upper and
lowercase letters and numbers or symbols, and the ability to lock out an
administrator's account over the network, but still allowing an administrator to
log on interactively on domain controllers.
|Poolmon.exe||Utility located on the Windows NT CD-ROM can be used to|
track memory usage in both paged and nonpaged pools of memory. See Q164933,
|Reg.exe||Command-line registry manipulation utility for local or|
remote registries. Functions in REG.Exe:
|Regback.exe||Regback allows one to back up registry hive while the|
system is running and the hives are opened. SetBackupPrivilege is required
(granted to Backup Operators).
|Regchg.exe||Command-line utility to Change or add registry values on|
the local computer. You cannot add keys. Regchg.exe operates on keys in the
HKEY_LOCAL_MACHINE hive only. See Q171591
|RegDel.exe||Command-line utility to delete keys from remote or local|
|Regdir.exe||Reports the contents of the Registry and its keys in a|
manner similiar to that of the DIR command.
|Regdmp.exe||Similiar to Savekey.exe but it is not for dumping|
contents. Regdmp is more for reporting purposes; it is intended for screen
reporting but can easily be redirected to an output file. If Regdmp detects any
REG_SZ or REG_EXPAND_SZ that is missing the trailing null character, it will
prefix the value string with the text "MISSING TRAILING NULL CHARACTER" Common
|RegEntry||A powerful help file that lists NT registry hives, keys|
and values. Lots of good information in help file.
|Regfind.exe||Windows NT 4.0 Resource Kit command-line utility lets you|
search and replace data values in the registry. Takes functions found in
Regedit.exe search engine and uses them in a command-line form. See Q146303
|RegIni.exe||a character-based batch file utility that you can use to|
add keys to the Windows NT Registry by specifying a registry script. See Q142265
|Regkey.exe||Graphical utility to modify the registry to change|
settings for the shutdown button on the logon screen, to display the last logged
on user, whether to parse the Autoexec.bat file for path and environment
variables, to specify the number of profiles cached, to specify the default
wallpaper, and whether to generate long file names on the FAT file system.
|Regread.exe||Command-line utility reads the registry of a local or a|
remote system, parses out values, and outputs them to the screen. Regread
operates on keys in the HKEY_LOCAL_MACHINE hive only. Q171591.
RegRead is obsolete and is no longer distributed with NT Resource Kits. Its
functionality replaced by REG.EXE.
|Regrest.exe||Utility to recover the registry from a backup. Recovery|
is done hive by hive (just like Regback backs up hives). Works by doing
RegReplaceKey API calls. The old hive is stored in a .SAV file whereas the new
file is saved into the \%systemroot%\System32\Config directory. No changes take
effect until reboot.
|RegSave.exe||Saves a sub-hive HKEY_LOCAL_MACHINE to a file. It was|
distributed for a while as SaveKey.exe but is now obsolete and is not
distributed as part of the NT Resource Kit. Functionality replaced by
|Regsec.exe||Command-line utility that can produce very undesirable|
affects. Primarily, it is a simple way to make a workstation more secure so only
Administrators who log on to the workstation have expected behavior. All
non-administrators will have essentially an unusable workstation. See Q171591,
RegSec is obsolete and no longer distributed as part of NT Resource Kit.
|RestKey.exe||restores a key saved by RegSave. Obsolete, not|
distributed as part of NT Resource Kit. Functionality replaced by Reg.Exe.
|Rmtshare.exe||Remotely view and create shares.|
|Rregchg.exe||Command-line utility to Change or add registry values on|
remote computers. You cannot add keys. Rregchg.exe operates on keys in the
HKEY_LOCAL_MACHINE hive only. See Q163327.
Obsolete, functionality replaced by Reg.Exe.
|Savekey.exe||Saves a subkey of the HKEY_LOCAL_MACHINE registry key to|
a file. The subkey (hive) file can be restored using Regedit.exe or Regedt32.
|Sc.exe||It is possible to use Sc.exe and Netsvc.exe to switch the|
start value of a service, and to remotely start and stop a service. These
resource kit utilities provide the ability to accomplish the registry change and
ensure that the change is registered with the Services Control Manager. The
Services Control Manager database is updated dynamically when using these
utilities, allowing you to change the start values and stop and restart services
remotely. Otherwise, the remote modification to the registry will require you to
restart the remote computer or to make the change in the Services tool in
Control Panel at the remote computer. See Q166819
|Sclist.exe||List, stop, or start services on remote servers.|
|Scopy.exe||Copies files between NTFS file systems and retains all|
file and directory permissions. See Q174273
|Scanreg.exe||Command-line utility that functions as a Registry grep|
that enables one to search for any string in key names, value names, and value
data in local or remote Registry keys in NT and Win95.
|SecAdd.exe||Command-line utility that removes the Everyone group from|
a specified HKEY_LOCAL_MACHINE registry key. SecAdd can be used to add read
access to a registry key.
|Showacls.exe||Displays NTFS permissions for files, folders, and|
|Showgrps.exe||Shows the groups that a user is a member of.|
|Shutdown.exe||Command-line utility to remotely shut down and reboot|
Windows NT computers.
|Shutgui.exe||Graphical utility to remotely shutdown and reboot Windows|
|Soon.exe||Simplifies AT scheduler commands to form:|
|Srvinfo.exe||Utility that lists lots of information for local and|
remote Windows NT computers. To get all the information, you must be an
administer of the remote machine. Some of the information listed includes
Windows NT type, build number, domain name, Primary Domain Controller (PDC), IP
address, drive space, and services running.
|Timeserv.exe||(available only with NT 4.0 Server Resource Kit) keeps|
the local system clock synchronized with an external time service. utility. See
problem report Q178878.
|Usrstat.exe||Displays user name, full name, and last logon date and|
time for each user account across all domain controllers.
|Usrtogrp.exe||Adds users to local and global groups from a text file.|
|UPTOMP.exe||Uni to Multiprocessor support upgrade utility. See|
problem reports Q126608,
See manual upgrade Q156358.
|Whoami.exe||Lists the user account who spawned the CMD process.|
|Winat.exe||Graphical utility to administer and schedule processes|
using the Scheduler service.
|WinsCL.exe||Command-line utility removes corrupt Windows Internet|
Name Service (WINS) database information. See Q169216.
|WinsDMP.exe||Command-line utility dumps Windows Internet Name Service|
(WINS) database information. See Q142302,