With a nod to Vivek Gite and his popular 20 Linux System Monitoring Tools Every SysAdmin Should Know article, we present “20 Top Windows SysAdmin Tools You Should Know”.

Many of the programs listed below are included with Windows and provide all kinds of information about what is happening on the computer. Some you’ve probably heard of, and hopefully a few will be new to you.

1. Task Manager – CPU and memory usage

Everyone that deals with Windows in a system administrator capacity has to know about the most common of SysAdmin Tools, Task Manager. The nice thing is it keeps getting better with each new version of Windows.

The screenshots below show Task Manager from Windows 2008 R2. To make sure you see everything, click the button (a check box in older versions) in the lower left corner.

task manager processes

The Processes tab is probably the most useful. Here you can see the list of running processes, how much memory and CPU each process is using, the user account the process is running under and more.

In addition, you can click View -> Select Columns… to show even more information, such as the Session ID a process is in, the full path to the executable, how much virtual memory the process has allocated, and more. One stop system administrator goodness 🙂

But wait, there’s more!

The Performance tab gives some nice charts of CPU utilization. You can also see total memory, kernel memory, etc.

task manager performance

A low amount of Free memory is not a bad thing — it often means Windows is using your RAM to cache parts of the hard disk, thus speeding up many operations. If the RAM is needed, the caches will give it back.

One of the best kept secrets, the Resource Monitor, is also accessible from here.

2. Resource monitor – high level disk I/O tracking

Have you ever been using a computer or server and noticed it get really sluggish? Sometimes you can hear the disk thrashing and know that some process is busier than you want it to be. If you’re lucky, you can check Task Manager and sort by CPU to see which process is using a lot of CPU. But in many cases, the offending process is doing very little with CPU because it’s so busy thrashing the disk. Another fairly common piece of Windows SysAdmin Tools, the Resource Monitor, lets you find the culprit.

windows resource monitor

Start the Resource Monitor and click the Disk tab. Expand the “Processes with Disk Activity” drop down. Sort the list by the “Total (B/sec)” column to quickly see which process is so busy. To further understand what is happening, you can expand the “Disk Activity” drop down and sort that list by “Total (B/sec)”. Looking at the file names will sometimes give a hint about whether the process is doing a backup, writing to a log file, or some other activity.

3. Performance Monitor (aka Perfmon)

Performance Monitor is a real gem on Windows, and many IT folks would benefit by becoming more comfortable with it. The operating system publishes many useful stats here (active database connections, active HTTP connections, CPU usage, time per disk read, network usage, process memory, etc). In addition, other application providers can also include stats, and most (all?) of Microsoft’s major apps do, like IIS, MS SQL Server and Exchange.

When you first start perfmon.exe or perfmon.msc (they’re the same), it’s not much to look at. Make sure to click the “Performance Monitor” node, and then the green plus symbol to add counters to watch.

Windows Performance Monitor SysAdmin Tool

There are sooo many counters that can be monitored that this article can’t even begin to cover them. One thing that will help though – when you’re looking at the list of counters, check the “Show description” box at the bottom left corner – this helps you understand what the selected counter does.

Also note that Perfmon can connect to other computers on your network and display their counter values.

(Side note, there is a compiled list of typical counters to monitor for Microsoft Exchange at:
/help/latestSMHelp.aspx?page=howto_monitor_exchange.aspx )

4. Services

The Services applet (services.msc — it’s the gear looking thingy in Administrator Tools) is where you can control the service processes that are running on Windows. Of particular interest to IT admins is the service’s start up type (usually automatic or manual) and the Log On As account.

windows services applet

‘Recovery’ is a cool under-used feature. Right click a service and go to Properties. Here you can tell Windows what it should do if the service stops unexpectedly (crashes). Restarting the service is often a good option.

Service Crash Recovery

5. Event Log Viewer – system logs, errors and events

One SysAdmin Tool no one should overlook is the Windows Event Log Viewer. It shows a wealth of information about problems that might be happening on a server, including hardware errors, server restarts and more. The Application and System logs are typically where you’ll find what you’re looking for, but there are more logs than that on modern Windows. If you have a blue screen, a server hang, or an application misbehaving, look in the Event Log first.

Event Log Viewer

6. PsExec – start apps on remote computers

PsExec is not an app that comes with Windows, but it’s a free sysadmin tool/utility from Microsoft (originally from Sysinternals) that lets you start apps on a remote computer.

SysAdmin Tool - Microsoft PsExec

In the simple example above, PsExec was started locally, to run ipconfig on a remote computer (‘archive’) to find out what gateway it is using. PsExec can be very handy in many situations. If you need a redistributable PsExec, take a look at PAExec.

7. Process Monitor – low level file I/O and registry spying

Another beauty from Microsoft’s sysadmin tools (Sysinternals) is Process Monitor. From the web page: Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.”

Process Monitor

The power is in the filtering – you can have it show you only registry access to a particular key, or file I/O operations taking place in a specific folder, or from a specific program. It’s a great help when something ought to work but doesn’t because you can (for example) see where a file or registry read is failing.

8. Task Scheduler

Unix has its cron, and Windows has Task Scheduler. (Well, Windows also has ‘at’, but that’s another story). Task Scheduler can be found in Administrator Tools, or started via taskschd.msc.

Task Scheduler

From the screenshot, you can see that various companies (Google and Adobe for example) will create scheduled tasks so their applications are launched periodically for some background processing. Windows itself has many tasks it uses. And of course, you can easily create your own. One simple example is to compress and/or move log files. Or run a periodic database cleanup script. Or to check for updates. Or ….

9. netstat – view network connections

Being familiar with netstat signals you’re no mere hobbyist, but a serious IT professional. Netstat shows the status of current network connections – run it without any command line arguments and that’s what you’ll see.

To see connections along with the process that created them, run netstat –b. To see current connections as well as ports that are listening for incoming connections, run netstat –ab as shown below:

Windows Windows SysAdmin Tool Netstat

Note that the process involved with the port is shown below the port information. So mysqld is listening on port 3306, not 3389.

10. Wireshark – view network packets

If you ever need to see network packets entering and leaving a computer, look no further than Wireshark. This is a fantastic free SysAdmin tool that will capture every packet, and even better, break each one down into its appropriate protocol headers and content. Below I’ve clicked a packet for an HTTP 302 redirect message coming in from a web server.

Wireshark View Network Packets

The documentation is great, and once you get the hang of it, you can spy on all of the applications on your computer, see what servers they are talking too, and what information is being sent and received.

Top 11-20 Windows SysAdmin Tools, continue reading here


Share →

36 Responses to 20 Top Windows SysAdmin Tools You Should Know

  1. Popescu Dan says:

    Hello there,

    Interesting article, I would add a couple of things there which I think will help a sysadmin a lot:

    nslookup – used for searching for dns records, one of the best tools out there.

    I also preffer process explorer for monitoring processes instances.

    A more user-frendly tool for looking at the active TCP connections is TCPview

    As an alternative to mstsc, I use mRemoteNG. This is a free tool in which you can group multiple remote connections instances. I would recommend it to anyone

    Windows System Control Center is another software in which you have a central administration console containing a lot of useful tools

    Powershell is probably the most powerful utility that you can use in Windows. A lot of the modern scripting is done using Powershell and I've been in contact with it for quite a while now and I can say that is really great

    FstCopy or Robocopy for copying files

    These are the tools that came to me for now, 

    Best regards,


  2. Hi Dan,

    Some great additional information 🙂

    Thanks for the comment!

  3. Birajendu says:

    Hi Dan,


    I think Microsoft Network Monitor proves to be a better tool in windows than WireShark. NetMon gives per process traffic listing. That may be helpfull in some instances…



  4. Great article for sure. Dan, you are a legend 😀

  5. Russtavo says:

    An excellent article. Along with the Sysinternals suite, I would also recommend utilities developed by Nir Sofer at http://www.nirsoft.net. They have proved invaluable over the years.

  6. […] Network Wrangler- IT Tech Blog | 20 Windows Tools Every SysAdmin Should Know […]

  7. Oliver says:

    ad 16: For REALLY large text files, see stackoverflow.com/questions/159521/text-editor-to-open-big-giant-huge-large-text-files this thread on stackoverflow for some suggestions.

    ad 17: For RDP connection managment I really, really recommend Terminals! Don’t even start using RDP without that tool 😉 A new version is coming out, soon, too.

  8. Kossem says:

    Thanks for this summary of admin tools, though quite known, and heavily used.

    More free utilities I install wherever I work:

    Teracopy, which let's you move and copy files super fast and easy with all the necessary added features, plus seamless completion after interruption(s) (http://codesector.com/teracopy),

    T-clock, to replace the whimpy Windows time in the status bar stoicjoker.com/TClock/

    Ditto, multi copy/paste clipboard, after trying a bunch out there (http://ditto-cp.sourceforge.net/),

    WinMerge, free compare and merge utility (http://winmerge.org/),

    not to mention 7-zip (www.7zip.org).



  9. Yael says:

    Nice article. It is interesting to see that many tools are from Microsoft. That means that we don't know they exist or don't know how to use them :p.

    I agree with Dan about robocopy. This implemented with the the scheduled tasks to perform backups is great. It is a little bit hard to write a good bat script to do backups (matter of write and test). Is there a good tool that check if what you are writting would "compile/work"?


  10. aberkled says:




    I loled, nice try, 3/10. Almost had me there for a second.

  11. GrayHat says:

    Interesting list, even if not totally new (at least not for me and probably not for some readers) but then… if you go for 3rd party tools (like you did) then, why don't use "process explorer" instead of the vanilla "task manager" ? Heck, it can even replace the taskmgr ! Also, and since we're at it, the bsod may be analyzed "offline" by using a critter called "bluescreenview" which just eases the task of analyzing a "crash dump" (ok, you may have a box ready for that, or you may instrument your machine to run debugging… but in many cases that simple tool will just do the job… and without having to upload your crash dump "somewhere else" – all in all, admins are somewhat paranoid :D) oh and then, set aside the fact that the "nirsoft" site offers quite a bunch of goodies (other than that bluescreenview above) I think that you may also consider stuff like "PuTTY" (which is something you'll want to have in case you have to manage 'nix boxes or to telnet/ssh into some router or other device) and then… ok, there's some more, but I'll stop here 🙂


  12. Sekhar R says:

    Hello there, nice article. Thanks for posting it.

    Recently came across this command called PATHPING combines the features of both Ping and Tracert.


  13. DT says:

    Dnslint – This is from MS.  It is used to Verify domain name registration and DNS records.  It helps you debug your DNS problems in Windows Server.

    SyncToy – From MS PowerToys.  Such a simple and handy concept that allows you to back up only the files that were changed.  It's not heavy duty for a real system backup but it is very useful when you want to keep certain directories in sync across a few servers.  I use it to sync MyDocuments to a USB drive before I go home for the day.

    MyDefrag – Windows defrag is not as good as it could be so I use this one.  This one is from http://www.mydefrag.com/.  I have used it for years and years.  One of the best free products on the Internet ever.

    7Zip – Better than the standard folder compression that Winows comes with.

    Hfs – HTTP File Server from rejetto.com – It's a tiny (single executable file) web server that allows you to pull or push files to a machine via http.  Port 80 can be changed to something else.  Handy when the machine you are trying to get files to or from is behind a firewall and can only get files via http.  It even has basic permissions so while you are running it someone would have to log in to use it.

    Driver Magician – Great program that copies all of your configured drivers into a single location.  These drivers include .inf and whatever else they need so that in the future you can easily load them back into a new build.

    Unix – Yeah, I know this is cheeky but I keep a bunch of unix utils on my windows machines.  It's easier for me to open a cmd window and run stuff like awk, head, tail, wc, sed, grep etc.

  14. Random says:


  15. Admin says:

    Thank you all for the great comments and adding additional tools!

    Sharing information like this is exactly what we had hoped for.

  16. 1 – msconfig – espec. tab STARTUP tab to disable startup programs

    2 – wholockme to check locked files and to enable access to them

    3 – Microsoft Policy Editor to edit 1000s of commands and options dis/enabled  for Microsoft both system and applications

    4 – ruler for onscreen measurements: http://www.spadixbd.com/freetools/jruler.htm


  17. 1215drew says:

    Well the one that I always find myself using would be the Offline Windows Password & Registry Editor (A bash shell with chntpw and some ntfs-3g drivers) has come in hand more times than I can count when users forget their passwords.

  18. Thanks, I love articles like this and my favorite…. TSTool3 !!!!

    Google for – TSTool3 TechNet


  19. Yuri says:

    Process Hacker. For process monitoring and related tasks it's more powerful and convenient than Process Monitor.

  20. John says:

    Pretty Lame. Top 9 are all MS utilities that anyone who alls themselves a sys admin should already know about. I had to read down to #18 for find an interesting one. I can't believe Codeproject linked to this.

  21. Timothy says:

    RD Tabs, for when you need to connect to more than one Remote Desktop at a time.  http://www.avianwaves.com/Tech/Tools/RDTabs/

  22. ips says:

    This  things are very cool, but as those things are not so sure.

    First thing that is netstat, nmap, ping, pathping, and so on are not so sure.

    For example netstat dont show all things, like if you are begginer it will protect you from some things, but in some other things it will give you a wrong way of being secure, it looks like you know what you are you doing but you are just big gaping hole, with invitation, yes there is the dude program, and some others but it is just not enough..

    And look that task manager, it will show you manny things but not all running tasks, and you could have things injected in your dll, directX and so on…

    What have you done like that…

    Hijack this is good, but it dos not provide you a good tihngs to fight back….

  23. jskald says:

    Well then, when you learn more about the ways of MS you get it that the Task manager is just another lolipop. This lolipop is derivated from lol.

    There are invisible tasks, I even went so far and made some Delphy thing, then I created file watcher and so on. But You are at the bottom of the food chain, and that's it.

    When it comes to SysAdmin most of this things are useless, you should use nmap at least, and there the story starts…


  24. jaap vonk says:

    Nice, my 2 extra pennies: ProcessExplorer and Autoruns

  25. Jaap Vonk says:

    Nice, my 2 extra pennies: ProcessExplorer and Autoruns both from Sysinternals

  26. piyush says:


    thanks for the awesome article. it really helps me.

    i would like to know if there is a way via batch script to know the cpu usage under performance tab.



  27. PA Server Monitor can show CPU usage without needing batch files. I'm not quite sure I fully understand the question, but hope that helps!

  28. Spencer says:

    I'd add one more tool to the list: DeadManssnitch.com for periodic process monitoring. 

  29. Phil says:

    Thanks to Oliver for the pointer to Terminals, RDC Manager has been limiting for some time.

    My nomination for #20 would be Windirstat http://windirstat.info/ for when that server has runout of space and you're trying to work out where it all went

  30. sandeep says:

    really Nice article, its very usefull for the system admin freshers like me. .

  31. […] or Virtual Private Network has become one of the core components in large enterprises and as a System Administrator you will most certainly stumble upon this technology. There are multiple VPN equipment Vendors, […]

  32. […] Once the install operation is completed, open the Network Load Balancing Manager console from Administrative Tools. […]

  33. Didier says:

    I have recently found a very useful free sysadmin tool called “MobaXterm” (mobaxterm.mobatek.net). It is a terminal bash console for windows which allows ssh, public keys, X11-forwarding, multi-tabs, mosh and many Linux commands in Windows environment.
    It has replaced PuTTY, Exceed, ReflectionX, mRemoteNG, Mstsc and WinSCP in my everyday work!

  34. Dennis says:

    One tool not to mis is GET-PC!, free, and makes managament so easy and quick.

    Features a remote task manager, and remote execution tools, reboot manager etc…

  35. […] you read that correctly. Seen by many as the cushiest of IT office jobs (with pay packet to match), SysAdmin Network Tools professionals often moan about having to keep odd hours, and perform tasks outside their official […]