These are a few of my favorite things... (Part 4)

  • Article

Just some more tricks/tools I use frequently...

Scale-to-Fit in Perfmon

If you deal a lot with perfmon you know you can have a ton of different counters in one line graph or in one bar graph and that the scale is usually 0-100 which really isn't applicable in some cases.  Now you can just alt click the graph and select "Scale selected counter" which will then fit them all in one graph.  As an aside, you can also just drag in perfmon collections (.html, .blg, .csv, or .tsv)into the MMC now and have the data displayed.

Handle.exe

Need to know what process/user is holding a file open on your server?  Use Handle:

C:\>handle -u S:\Public\UserA\DCChkWeb\dcchk_default_new.htm

dcChk.exe pid: 7440 BRADDOM\userb S:\Public\UserA\DCChkWeb\dcchk_default_new.htm

Need to know what type of handles a particular process has open?  Use Handle:

C:\Users\UserB\Desktop>handle.exe -p 620 -s

Handle type summary:
: 52
Desktop : 1
Directory : 2
Event : 6229
File : 3210
IoCompletion : 17
Key : 150
KeyedEvent : 2
Mutant : 10
Process : 58
Process : 94
Section : 12
Semaphore : 6169
Thread : 630
Timer : 8
Token : 4927
TpWorkerFactory : 2
WindowStation : 2
Total handles: 21575

Tlist.exe

Great tool to dump all the processes running on your system. 

Two main arguments I use with Tlist:

"-v" to dump the verbose output which will show the arguments that were passed to the process:

2 32 5116 AcroRd32.exe Title: sw
Command Line: "C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" /o /eo /l

"-s" to dump what services run in each process.  As you probably know a lot of services are just called with "svchost -netsvcs" so how do you knwo which one WINMGMT lives in?  Use -s.

C:\localbin>tlist -s
0 System Process
4 System
460 smss.exe
548 csrss.exe
580 wininit.exe
632 services.exe
652 lsass.exe Svcs: KeyIso,Netlogon,ProtectedStorage,SamSs
660 lsm.exe
808 svchost.exe Svcs: DcomLaunch,PlugPlay
916 svchost.exe Svcs: RpcSs
988 svchost.exe Svcs: WinDefend
408 svchost.exe Svcs: AudioSrv,Dhcp,Eventlog,lmhosts,p2pimsvc,wscsvc
512 svchost.exe Svcs: AudioEndpointBuilder,CscService,EMDMgmt,Netman,PcaSvc,SysMain,TrkWks,UmRdpService,UxSms,WdiSystemHost,WPDBusEnum,wudfsvc
540 svchost.exe Svcs: AeLookupSvc,BITS,CertPropSvc,gpsvc,hkmsvc,IKEEXT,iphlpsvc,LanmanServer,MMCSS,ProfSvc,RasMan,Schedule,seclogon,SENS,SessionEnv,ShellHWDetection,Themes,Winmgmt,wuauserv
796 audiodg.exe

<SNIP>

SPLInfo.exe

SplInfo is a command-line tool that collects information from the print spooler and displays it.

C:\Localbin>splinfo \\prn-machine

Number Remote Printers 490 on \\prn-machine

Windows Version 6.0 Build 6001 (Service Pack 1, v.275) FREE

Number of Processors 4 PROCESSOR_INTEL Level 6

Total Jobs Spooled 3,650

Total Bytes Printed 7,243,275,903

Total GDI Pages Printed 11,690

Average Bytes/Job 1,984,459

Average Pages/Job 3

Average Bytes/Page 619,612

Browse List Requested 0

Browse Printer Added 0

Queues with Jobs 20

# Queues with # Jobs:

       1 114

       1 10

       1 6

       1 5

       1 4

Spooler Up Time 1 Day 21:46:46

Server Up Time 22 Days 05:48:32

 

Technorati tags: Vista, Longhorn, Windows 2008