ToolboxNew Products for IT Pros

Greg Steen

More Powerful Scripting

PowerShell Analyzer

There is a lot of buzz about Windows PowerShell™, and with good reason. If you haven't had a chance to play with this next generation scripting language, you really should check it out. And those of you who have upgraded to Microsoft® Exchange 2007 will quickly realize that the new Exchange Management Shell is built upon Windows PowerShell, allowing you to do everything the Exchange Management Console can but from the command line, which is great for automating repetitive tasks. Unfortunately, there can be a bit of a learning curve to get the syntax and semantics down. And here is where PowerShell Analyzer, from ShellTools, comes into play.

The application is basically an IDE for writing and debugging Windows PowerShell scripts. But unlike with a traditional write-compile-test cycle, the application keeps the spirit of the admin at the keyboard, giving you real-time interactivity with a Windows PowerShell runspace. PowerShell Analyzer allows you to either enter commands line-by-line or build, edit, and run Windows PowerShell scripts in an editor in the lower part of the UI. Both options give you basic code completion, which is a great help for guiding you on the many parameters of the cmdlets. (In case you're new to Windows PowerShell, cmdlets are abstract, task-oriented, parameterized commands.)

For even more help, PowerShell Analyzer provides a quick-access tab that shows you detailed descriptions, syntax, parameter explanations, and examples for each of the cmdlets. In addition, there are references for the Windows PowerShell Providers, the available built-in help files, and the cmdlet short aliases.

When you run commands from Windows PowerShell, you are actually returned Microsoft .NET Framework objects rather than just the apparent text results on the screen. PowerShell Analyzer allows you to capture the properties of the returned results and pass them to a number of "visualizers." These visualizers allow you to interact with the objects—such as offering a tree-like exploration of XML data or a sortable and groupable hierarchal table view of the data—as well as generate a number of different charts to visually represent the returned dataset. Of course, not all these options are available for every command or script you run, but, when applicable, they do give you a nice set of representations of your data that you can then save or export for reuse.

PowerShell Analyzer also allows you to work with multiple runspaces simultaneously, letting you easily switch between tasks. And the editor window gives you code-outlining and customizable code-highlighting styles to help make your scripts more readable.

All in all, if you are going to be working with Windows PowerShell, a tool like PowerShell Analyzer will make creating, editing, and debugging your scripts, and visualizing your data much easier.

Price: $129 (direct) for a single license.

Figure powershell

Figure powershell  (Click the image for a larger view)

Defrag Disks

Auslogics Disk Defrag

The more you use your hard drive, the more fragmented the files on that disk will become. Creating and deleting files, installing and removing applications, and even generating temporary disk caches and files all contribute to fragmentation. And the rate of fragmentation can increase dramatically when the free space on the drive is limited, as new files will be spread across the available "holes" in a mostly filled space. All this fragmentation will lead to slower system performance.

Everyone knows, of course, that current versions of Windows® include built-in defragmentation tools. But if you are looking for a dedicated option or if you have recently upgraded to Windows Vista® and miss the control and UI presentation offered by earlier versions of the defragmentation tool, there's a very interesting alternative you might want to try: Disk Defrag, from Auslogics.

Disk Defrag works with Windows XP, Windows 2000, Windows Server® 2003, and Windows Vista. And, as you would likely expect, it can defragment FAT16, FAT32, and NTFS volumes. The application is lightweight and installation takes just a few quick clicks.

Running the application is just as easy. All you have to do is simply pick the drive you wish to defragment, click Next, and watch it go. Once it has completed running, Disk Defrag gives you a quick overview of the results, showing the total number of files, directories, fragmented files, defragmented files, and skipped files, as well as the percentage decrease in fragmentation. If you like, you can also click Disk Defrag's Display Report button to have the application generate an HTML version of the defragmentation report. This report gives you some additional useful information regarding your disk, such as a list of skipped files with their location, the number of fragments, the time elapsed for the run, and the cluster information for your disk.

Price: Free.

Disk Defrag is easy to install and use

Disk Defrag is easy to install and use  (Click the image for a larger view)

Transfer Files


There's nothing like a good SFTP client to make your job easier—this is especially true when the client is solidly written and free, which is the case with the FileZilla client. FileZilla is an open-source project, hosted on, that was started by Tim Kosse and a couple of his cohorts back in 2001 for a computer science class project. FileZilla runs on all flavors of Windows from Windows NT®4.0 to Windows Vista. The project has grown substantially over the past six years, but Kosse is still the project leader for the app.

In addition to standard FTP connections, the client supports connections via SFTP with Secure Shell version 2 (SSH2), FTP over TLS, and FTP over SSL with implicit and explicit encryption, so you'll be able to connect to a variety of servers. FileZilla can accommodate local firewalls by letting you limit the local ports used as well as set a specific IP binding for non-passive transfers for both IPv4 and IPv6. The client also supports a number of proxy configurations, including SOCKS4/5, HTTP1.1, and FTP proxies.

In terms of server authentication for your FTP connections, FileZilla supports anonymous, normal user name/password, and account-based configurations. Also, you can enable Kerberos Generic Security Services (GSS) support (which requires you to have Kerberos for Windows installed on your system) and create a list of servers that are GSS-enabled. Of course, you'll need a valid Kerberos v5 ticket before GSS will work for you. You can also enable support for your Ident server for connecting to servers that require it as a means of identifying your client.

FileZilla easily manages a large collection of FTP sites and allows you to organize your connections into a tree-like structure. For each connection that you set up, you can also set default local and remote directories, specify the port to which you should connect, choose to bypass your configured proxy, explicitly choose active or passive transfer modes, and even set a server time zone offset. In addition to the saved connections, FileZilla also has a Quickconnect feature for those one time transfers so you can just type the address, user name, password, and port, and then click a button to connect. Once you have all your settings and connections configured, you can export them to XML for backup or reuse on other systems.

The UI of the application, which is similar to the Windows Explorer interface, allows you to easily drag and drop files between the local and remote systems. For file transfers, you can specify a default file overwrite setting in addition to the option to limit your download and upload speeds based on a predefined set of rules or by a constant kBs speed limit. By default, FileZilla is configured to use MODE Z compressed file transfers on servers that support it, but you can adjust the compression level or turn the feature off. The client also has a transfer queue feature that lets you queue up a set of files to transfer and then import and export that transfer list for reuse. This is great for repetitive system administration tasks.

Price: Free.

Edit Executables

PE Explorer

For those of you who really like to get into the nitty-gritty of your applications, you might want to check out PE Explorer from HeavenTools. This application lets you delve into the internals of your Portable Executable (PE) files, which are used for executable binaries for Windows applications. Simply put, PE Explorer provides a UI for exploring and editing the contents of these executables. PE Explorer can open a variety of file types ranging from the common, such as EXEs and DLLs, to the less familiar types, such as DPL and CPL files.

When you first choose to explore an executable, PE Explorer shows you information about the headers of the file, such as the number of code sections, the size of the image, the application subsystem, and the stack size information. Another view offers you an overview of the section headers in the executable—double-clicking a section header brings up a window gives you the ability to explore the contents of each section.

Definitely not for the faint of heart, the application lets you extract, recalculate, and delete sections of your loaded PE. A great tool for detecting viruses, malware, and other executable nasties, you can use the application's Digital Signature Viewer to review and validate the Microsoft Authenticode digital signature, if present, in the loaded executable file. This is a powerful way to verify the publisher and the integrity of the executable.

PE Explorer also contains a built-in quick disassemble, which lets you look at the assembly code of your executable. And it supports the common Intel x86 instruction sets along with extensions such as MMX, 3D Now!, and SSE/2/3. The disassembler also extracts ASCII text strings from the data portion of your PE.

Another feature is the Dependency Scanner, which scans all the modules that your PE file links to statically and those that are delay-loaded, and it then displays them in a hierarchal tree structure, showing where the PE reaches to.

One of the more fun parts of PE Explorer, in my opinion, is the Resource Editor. This feature allows you to view, extract, replace, edit, and delete the resources of a specified executable. The UI shows you a directory-like structure of the embedded resources, such as images, sounds, dialogs, menus, XML data, HTML data, and toolbars. Not all of those resources support direct editing, but for most you can replace and edit them. This would allow you, for instance, to add your own custom branding to an app, change dialog messages, customize toolbar actions, and so on without having access to the actual source code. PE Explorer is a very handy tool for those who want to dive into executables. But if Resource Editor is the only feature you really want, take a look at the company's much cheaper Resource Tuner application.

Price: $129 (direct) for a personal license; $199 (direct) for a business license.

Figure peexplorer

Figure peexplorer  (Click the image for a larger view)

Book Review

Endpoint Security

Adding a rock-solid traditional network perimeter to your internal infrastructure is an important step in protecting your assets. But this isn't a silver bullet. With the increased mobility and connectivity of today's hardware and software, there is no real perimeter on your corporate infrastructure—instead, your infrastructure extends to those remote endpoints. In fact, while you guard yourself against attack from outside your environment, it is more likely that an attack will be launched accidentally by a user who brings his laptop in from home and hops on your uncontrolled corporate network.

If you're looking to get up to speed on network access control and secure the endpoints of your infrastructure, you might want to check out Mark Kadrich's book, Endpoint Security (Addison-Wesley Professional, 2007). The book starts by defining what exactly endpoints are and then gives you a taste of the many different variations that exist—Windows clients, Linux clients, embedded devices, mobile phones, and PDAs. Kadrich sees the network as a "control problem." Rejecting the typical representation of a complex network with some organic analogy, he instead describes it as something that can be delineated and visualized in a useful, manageable manner.

The book delves into the basics of Network Access Control (NAC) and establishing a base level of trust. This discussion includes how to put together a secure baseline for your endpoint systems by securing and controlling your source software and build environment. An overview of tools that can help keep endpoints secure and reliable covers the familiar, such as using a firewall and antivirus software, and points to the need for proactive patch management, and, finally, more advanced tools, such as intrusion detection and prevention systems, host integrity checkers, and encryption.

The second half of the book explores the details of securing the operating systems of various client types, including Microsoft Windows, Apple OS X, and Linux. Each of these chapters gives you an overview of how to perform an Initial Health Check for your endpoint system. And there are chapters dedicated to PDAs, Smartphones, and embedded devices that discuss how these devices have become a serious threat to your infrastructure and how to secure various types of communication on them.

Finally, Kadrich looks at four case studies and identifies in each how the endpoints were compromised and how failure could have been mitigated. Overall, Endpoint Security is loaded with useful information for the security professional, offering a vendor-agnostic view of securing your network from the vantage of an endpoint perimeter.

Price: $54.99 list.


Greg Steen is a technology professional, entrepreneur, and enthusiast on the hunt for new tools and references to help make operations and development easier for IT professionals. Have a suggestion? Let him know at

© 2008 Microsoft Corporation and CMP Media, LLC. All rights reserved; reproduction in part or in whole without permission is prohibited.