Windows NT Resource Kit Utilities

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Utility Description
Addusers.exe Dumps and imports user and group accounts in an Windows NT user account data base to a text file. Passwords are not included. See Q137848. See problem report Q141791
Autolog.exe Graphical utility to automate the registry settings for Auto-logon.
Browmon.exe Graphical browser monitoring utility.
Browstat.exe A more powerful command-line browser monitoring and querying tool.
Compreg.exe Command-line registry comparison utility that allows you to compare any two local and/or remote Registry keys on NT or Win95 systems. Verbose mode prints both differences and matches.
Delprof.exe Deletes user profiles.
DelSrv.exe Command-line utility that unregisters a service with the service control manager. Deletes specified service from Service hive and changes ControlSet001 and CurrentControlSet.
DH.exe Displays heap usage in a user mode process or pool usage in kernel mode memory. See Q168609
Dommon.exe Graphical domain monitoring tool. Displays secure channels between Windows NT computers that are members of a domain, and between domain controllers that are trusting other domains. This utility shows the same information as the command-line utility Nlmon.exe.
DotCrash.exe Utility that lets you debug computers running Windows NT by creating a user-mode memory dump of offending processes. DOTCRASH is especially useful in production environments where time limitations make it difficult for you to take a computer offline for debugging purposes. For example, DOTCRASH can help you debug the following problems: memory leaks; an application that stops responding at 0 percent (dead lock) CPU usage; an application that stops responding at 100 percent (busy loop) CPU usage.
Dskprobe.exe See Q166751
Dumpchk.exe Command-line utility used to verify that a memory dump file has been created correctly. Dumpchk is located on the Windows NT compact disc at \Support\Debug\\Dumpchk.exe. See Q156280
Dumpel.exe Dumps an event log to a file. Q129266
Findgrp.exe Finds all local and global group memberships for a user in both an accounts domain and a resource domain.
FixACLS.exe Resets the NTFS file and folder permissions on system files for Windows NT Server or Windows NT Workstation to their default values. See Q167320
FixACLS.exe Enable domain controllers in NT account domain to authenicate logon attempts by FPNW, File and Print Services for NetWare, users from NetWare client computers. See Q145594
FTedit.exe Utility designed to aid in the recovery of software RAID sets (Fault Tolerant) under Windows NT. See Q131658, Q149927
Getsid.exe Dumps the users SID (includes the RID) for users or groups.
Ifmember.exe Lists the groups a user is a member of.
Logevent.exe Command-line utility, can be used to log an event ID provided by the user into the Application event log. This allows the user to log errors and informational data from batch files, login scripts, and Performance Monitor. The application event log can then be viewed and manipulated with the standard tools used for dealing with event logs. See Q131008 .
Logoff.exe Utility (available only with NT 4.0 Server Resource Kit) allows the user to logoff from the command prompt.
Ltest.exe Very powerful command-line domain monitoring utility. Does much more than Nlmon.exe or Dommon.exe.
Netdom.exe Powerful command-line utility can be used to join a domain, manage computer accounts for members and BDCs, reset secure channels, establish trust relationships, and manage resource domain computer accounts. See Q173529, Q175024, Q178009, Q178635.
Netsvc.exe Command-line utility to query the status of a remote server's service; start, stop and pause a service; and list insalled service. See Q173529, Q166819
Netwatch.exe Graphical utility shows shares and connected users for one or more servers in a single window.
Nlmon.exe Command-line domain monitoring tool. Displays secure channels between Windows NT computers that are members of a domain, and between domain controllers that are trusting other domains. Shows the same information as the graphical utility Dommon.exe
Nltest.exe Command-line that can be used to test trust relationships and the state of domain controller replication in a Windows NT domain. Can be used to re-initialize. See Q158148, Q156684.
OH.exe Command-line tool shows the handles of all open windows. Alternatively, you can constrain the OH display to show only information relating to a particular process, object type, or object name. This feature is useful when a sharing violation occurs because you can find the process that has a file open at the time of violation. See Q172710.
Pathman.exe Command-line utility to modify the system and user path environment statements.
Permcopy.exe Copies permissions from one share to another.
Perms.exe Displays a user's permissions to files and directories on an NTFS volume. See Q137848.
Passprop.exe Provides functionality not available in User Manager. Allows policies to force complex passwords that contain a mix of upper and lowercase letters and numbers or symbols, and the ability to lock out an administrator's account over the network, but still allowing an administrator to log on interactively on domain controllers.
Poolmon.exe Utility located on the Windows NT CD-ROM can be used to track memory usage in both paged and nonpaged pools of memory. See Q164933, Q177415.
Reg.exe Command-line registry manipulation utility for local or remote registries. Functions in REG.Exe:
  • ADD add a sub-hive or data key
  • BACKUP save registry object to a file
  • COPY registry object to a new name. Only HKEY_LOCAL_MACHINE and HKEY_USERS can be specified when copying objects to a remote registry.
  • DELETE registry objects local or remote.
  • LOAD copy registry object from saved file to registry.
  • QUERY search the registry for a specific data key and display its contents.
  • RESTORE registry objects from the file specified.
  • SAVE used to save the registry object to the file.
  • UNLOAD (delete) single level sub-hive.
  • UPDATE an existing object
See problem report Q180286
Regback.exe Regback allows one to back up registry hive while the system is running and the hives are opened. SetBackupPrivilege is required (granted to Backup Operators).
Regchg.exe Command-line utility to Change or add registry values on the local computer. You cannot add keys. Regchg.exe operates on keys in the HKEY_LOCAL_MACHINE hive only. See Q171591
RegDel.exe Command-line utility to delete keys from remote or local registry.
Regdir.exe Reports the contents of the Registry and its keys in a manner similiar to that of the DIR command.
Regdmp.exe Similiar to Savekey.exe but it is not for dumping contents. Regdmp is more for reporting purposes; it is intended for screen reporting but can easily be redirected to an output file. If Regdmp detects any REG_SZ or REG_EXPAND_SZ that is missing the trailing null character, it will prefix the value string with the text "MISSING TRAILING NULL CHARACTER" Common programming error.
RegEntry A powerful help file that lists NT registry hives, keys and values. Lots of good information in help file.
Regfind.exe Windows NT 4.0 Resource Kit command-line utility lets you search and replace data values in the registry. Takes functions found in Regedit.exe search engine and uses them in a command-line form. See Q146303
RegIni.exe a character-based batch file utility that you can use to add keys to the Windows NT Registry by specifying a registry script. See Q142265
Regkey.exe Graphical utility to modify the registry to change settings for the shutdown button on the logon screen, to display the last logged on user, whether to parse the Autoexec.bat file for path and environment variables, to specify the number of profiles cached, to specify the default wallpaper, and whether to generate long file names on the FAT file system.
Regread.exe Command-line utility reads the registry of a local or a remote system, parses out values, and outputs them to the screen. Regread operates on keys in the HKEY_LOCAL_MACHINE hive only. Q171591. RegRead is obsolete and is no longer distributed with NT Resource Kits. Its functionality replaced by REG.EXE.
Regrest.exe Utility to recover the registry from a backup. Recovery is done hive by hive (just like Regback backs up hives). Works by doing RegReplaceKey API calls. The old hive is stored in a .SAV file whereas the new file is saved into the \%systemroot%\System32\Config directory. No changes take effect until reboot.
RegSave.exe Saves a sub-hive HKEY_LOCAL_MACHINE to a file. It was distributed for a while as SaveKey.exe but is now obsolete and is not distributed as part of the NT Resource Kit. Functionality replaced by Reg.Exe.
Regsec.exe Command-line utility that can produce very undesirable affects. Primarily, it is a simple way to make a workstation more secure so only Administrators who log on to the workstation have expected behavior. All non-administrators will have essentially an unusable workstation. See Q171591, Q160511. RegSec is obsolete and no longer distributed as part of NT Resource Kit.
RestKey.exe restores a key saved by RegSave. Obsolete, not distributed as part of NT Resource Kit. Functionality replaced by Reg.Exe.
Rmtshare.exe Remotely view and create shares.
Rregchg.exe Command-line utility to Change or add registry values on remote computers. You cannot add keys. Rregchg.exe operates on keys in the HKEY_LOCAL_MACHINE hive only. See Q163327. Obsolete, functionality replaced by Reg.Exe.
Savekey.exe Saves a subkey of the HKEY_LOCAL_MACHINE registry key to a file. The subkey (hive) file can be restored using Regedit.exe or Regedt32.
Sc.exe It is possible to use Sc.exe and Netsvc.exe to switch the start value of a service, and to remotely start and stop a service. These resource kit utilities provide the ability to accomplish the registry change and ensure that the change is registered with the Services Control Manager. The Services Control Manager database is updated dynamically when using these utilities, allowing you to change the start values and stop and restart services remotely. Otherwise, the remote modification to the registry will require you to restart the remote computer or to make the change in the Services tool in Control Panel at the remote computer. See Q166819
Sclist.exe List, stop, or start services on remote servers.
Scopy.exe Copies files between NTFS file systems and retains all file and directory permissions. See Q174273
Scanreg.exe Command-line utility that functions as a Registry grep that enables one to search for any string in key names, value names, and value data in local or remote Registry keys in NT and Win95.
SecAdd.exe Command-line utility that removes the Everyone group from a specified HKEY_LOCAL_MACHINE registry key. SecAdd can be used to add read access to a registry key.
Showacls.exe Displays NTFS permissions for files, folders, and directory trees.
Showgrps.exe Shows the groups that a user is a member of.
Shutdown.exe Command-line utility to remotely shut down and reboot Windows NT computers.
Shutgui.exe Graphical utility to remotely shutdown and reboot Windows NT computers.
SNMPUtil.exe See Q170326
Soon.exe Simplifies AT scheduler commands to form:
soon \\ntmachine somescript.bat
Srvinfo.exe Utility that lists lots of information for local and remote Windows NT computers. To get all the information, you must be an administer of the remote machine. Some of the information listed includes Windows NT type, build number, domain name, Primary Domain Controller (PDC), IP address, drive space, and services running.
Timeserv.exe (available only with NT 4.0 Server Resource Kit) keeps the local system clock synchronized with an external time service. utility. See problem report Q178878. See Q131715.
Usrstat.exe Displays user name, full name, and last logon date and time for each user account across all domain controllers.
Usrtogrp.exe Adds users to local and global groups from a text file.
UPTOMP.exe Uni to Multiprocessor support upgrade utility. See problem reports Q126608, Q142660, Q148245, Q156612, See manual upgrade Q156358.
Whoami.exe Lists the user account who spawned the CMD process.
Winat.exe Graphical utility to administer and schedule processes using the Scheduler service.
WinsCL.exe Command-line utility removes corrupt Windows Internet Name Service (WINS) database information. See Q169216.
WinsDMP.exe Command-line utility dumps Windows Internet Name Service (WINS) database information. See Q142302, Q169216.

See Also

Featured Links