Useful utilities for system administrators. Network management. System Administrator Rules

The system administrator is constantly fighting for free disk space. This applies to both user systems and servers. Sometimes you can quickly determine which files are occupying the disk, but in a rush (force majeure situation) or when the problem is not obvious, a free program will come to the rescue - WinDirStat.

With its help, you can quickly determine the size of directories, files, their structure and location on disk. There are several display modes, among them the familiar "Explorer", as well as a graphical image of the occupied disk space.

Analyzing network packets and troubleshooting network infrastructure is a tedious task that requires preparation. The free Wireshark tool makes learning and traffic analysis easier thanks to its many features. One glance at this software will arouse interest and desire to install this utility for further acquaintance. On the pages of the project site there will certainly appear materials dedicated to the program Wireshark- keep for updates.

Who doesn't know PuTTY? Perhaps this is one of the few programs that is used by all IT specialists. For those who are not yet familiar with it - here is a brief description. PuTTY is a terminal emulator. If you need to do serial connection (COM), Telnet, SSH, TCP, Rlogin is the program for you.

AMANDA Network Backup is a data backup system that uses a base (central) server and clients for different operating systems: Windows, Linux, Solaris, Mac OS X. At the same time, recording to disks, tapes and cloud storage is available. The principle of operation is well illustrated in the figure below:

Nmap- a free utility designed for a variety of customizable scanning of IP networks with any number of objects, determining the state of objects of the scanned network (ports and their corresponding services). The program was originally implemented for UNIX systems, but versions for many operating systems are now available.

PowerGUI - Allows you to simplify building your own PowerShell scripts by simply selecting the required cmdlets that are appropriate for your task and dragging and dropping them wherever you want. Ideal for anyone new to PowerShell but with a basic understanding of the concepts. PowerGUI is an easy-to-use editor that is likely to improve your understanding of assembling more complex and sophisticated scripts, especially if you are best at absorbing information visually.

.

VirtualBox - lightweight and affordable virtualization for different operating systems (Windows, Linux, Max OS, etc.) Read more about this software.

ClamWin is a free antivirus for Windows operating systems (all editions). Opportunities include:

• Scheduled Scan Scheduler.
• Automatic updating of the anti-virus database.
• Antivirus scanner.
• Integration into the Explorer context menu in Windows.
• Plugin for Microsoft Outlook.
• Ability to work from a flash drive or CD without the need for installation.

Of course, there are many antivirus programs out there, but this product is included in today's article due to its open source code and availability.

This add-in allows you to conveniently manage virtual machines in the Microsoft Azure cloud.

Excellent fast multi-platform network scanner.

That's all. Leave in the comments the programs and services that you use in your work. Good luck!

Built-in OS and software administration tools are often not always convenient or functional, so the system administrator's arsenal over time becomes overgrown with useful utilities that simplify some tasks. However, many solutions are available completely free of charge and cover a wide variety of aspects of system administration, from configuring certain parameters, managing audit accounts, troubleshooting, and backing up. With their help, you can not only ensure the smooth operation of your IT infrastructure, but also make it more efficient and secure. Let's consider 15 of the most useful solutions affecting different areas of administration.

Advanced IP Scanner

The sysadmin must know everything about systems operating on the network and quickly access them, but this cannot be done using Windows Network Neighborhood. This problem can be solved by the Advanced IP Scanner program (radmin.ru/products/ipscanner), designed for fast multithreaded scanning of a local network. AIPS is provided completely free of charge, without any reservations. The program is very simple and straightforward to use. After starting AIPS, it checks the IP network interfaces of the PC on which it is installed and automatically assigns the IP range to the scan settings, if the IP does not need to be changed, then you just need to start the scan operation. As a result, we will get a list of all active network devices. For each, all possible information will be collected: MAC address, network card manufacturer, network name, user registered in the system, available shared resources and services (shared folders, HTTP, HTTPS and FTP). Almost all scanning parameters can be configured - change the speed, exclude scanning of a certain type of network resources (shared folders, HTTP, HTTPS and FTP) and the Radmin server. You can connect to any resource with one click, you just need to mark it in the list. AIPS is also integrated with the Radmin program and in the process of scanning finds all machines with a running Radmin Server. The result of the scan can be exported to a file (XML, HTML or CSV) or saved in the "Favorites" (Drag & Drop supported) and then access the desired PC as needed, without re-scanning the network. If the remote device supports the Wake-On-Lan function, you can turn it on and off by selecting the appropriate menu item.
AIPS is supported on any computer running Windows, the program has the status of Microsoft Platform Ready, Windows 7 Compatible.

NetWrix Inactive Users Tracker

The company NetWrix, specializing in the development of solutions for auditing changes in IT infrastructure, offers system administrators 10 free and very useful utilities (goo.gl/sfQGX) that significantly simplify the administration of Windows. For example, NetWrix Inactive Users Tracker (goo.gl/jWEj9) allows you to solve one of the pressing security problems - the presence of inactive accounts that no one uses for some time (dismissed employees, business trip, relocation, temporary, etc.) ... The IT department is rarely warned of changes, but such an account can easily be exploited by an attacker or a dismissed employee can simply "return". The utility periodically checks all accounts in the domains and reports on those that have not been accessed for a certain number of days. In the Free version, as actions, it is possible to specify only a warning by email (it is enough to set the SMTP parameters), all other operations are performed manually by the administrator, although the warning in our case is sufficient. Paid options include automatic setting of a random password, deactivating an account and moving to another OU, and an OU filter to search for accounts. Separately, the PowerShell cmdlet get-NCInactiveUsers is offered, which allows you to get a list of inactive users (checking the "lastLogon" attribute) and to simplify the writing of the corresponding scripts.

WinAudit Freeware

WinAudit is a free utility (including for commercial use) from Parmavex Services (pxserver.com/WinAudit.htm) that allows you to perform a complete system audit. Does not require installation, it can also be run on the command line. The program has a simple and localized interface, it can run on all versions of Windows, including 64-bit ones. The data itself is collected for about a minute (may vary depending on the operating system and computer configuration), the resulting report consists of 30 categories (can be configured). As a result, the administrator can receive data: about the system, installed software and updates indicating the version and vendor, connected devices, a list of open network ports (number, service, program, etc.) and open folders, active sessions, security settings, access rights to peripherals , accounts and groups, a list of tasks / services, startup programs, logs and system statistics (uptime, memory, disk usage) and much more. In fact, everything that is usually required in the process of work. You can also search for specific files by name. For example, to find music and videos on a user's hard disks, simply set the appropriate extensions (avi, mp3, etc.). The result can be opened as a web page, exported to a file of many popular formats (xml, csv, pdf, text), a database (using the wizard, all popular MS SQL, MS Access, MySQL, Oracle and others are supported), send by email and print.

Computer accounting CheckCfg

The problem of accounting for office equipment and used software is acute in any organization, it can be solved in different ways, one of the options is offered by the developer CheckCfg (checkcfg.narod.ru) Andrey Tatukov. This solution periodically collects data about hardware, OS and programs, including CPU type, RAM size, disk space, S.M.A.R.T. status, information about modem connections, and more. At the same time, CheckCfg can be easily controlled with several hundred computers. The result is displayed in a convenient tree-like form, local directories are easy to access. All PCs can be assigned an inventory number, if necessary, it is easy to generate a report in RTF format. CheckCfg consists of several components. For the direct collection of data about the computer, CheckCfg is "responsible", which starts when the OS starts and writes the result to a file. Management and archiving of information is carried out using the accounting program - Sklad, which processes the files created by CheckCfg and saves them to its database, after which you can generate reports. With the help of the Sklad_w program, you can conveniently view the current configurations of computers and basic data on office equipment (by IP addresses, CPU, Memory, software). To analyze changes in the PC configuration and notify the administrator about this, another utility is used - Doberman. The setting may not seem entirely native, since you have to manually create the necessary configuration files, but the description on the site and the available templates allow you to figure everything out without problems.
CheckCfg is distributed free of charge on an "as is" basis; without the author's consent, only selling programs to third parties or changing the code of programs is prohibited.

MailArchiva Open Source Edition

Business processes in any modern company, regardless of size, are unthinkable without email. It is a very convenient tool for exchanging information, both within the enterprise and with external correspondents. Some mail servers, such as MS Exchange, have mail archiving functions that allow you to find old messages if necessary, including when investigating incidents to identify leaks of confidential information. In other cases, you have to provide the necessary functions yourself. A variant of the solution is the development of MailArchiva (mailarchiva.com), which provides the necessary functionality and is compatible with most modern mail servers, including Lotus Domino, MS Exchange, MDaemon, Postfix, Zimbra, Sendmail, Scalix, Google Apps and others. Archiving via SMTP, IMAP / POP3, WebDAV and Milter protocols is possible (the program has a built-in SMTP and milter server, IMAP / POP client). To avoid collecting all mail, you can create any archiving rules. Three levels of access to saved data are implemented - user (only own mail), administrator (settings and own mail) and auditor (all mail, can be limited by rules). The OpenSource version of MailArchiva (openmailarchiva.sf.net) also provides intuitive search functionality including among attachments (Word, Powerpoint, Excel, OpenOffice, PDF, RTF, ZIP, tar, gz). MailArchiva runs on a variety of operating systems - Windows, Linux, OS X and FreeBSD.

Performance Analysis of Logs

In case of problems with system performance, it is very difficult to detect a bottleneck using the standard Windows Performance Monitor without experience. In order to understand what metrics need to be taken and how to correctly interpret the result, you will need to read the documentation. The PAL utility (Performance Analysis of Logs, pal.codeplex.com) greatly simplifies this task. Once launched, it scans the logs and analyzes them using built-in templates. Currently, there are settings for most of the popular MS products - IIS, MOSS, SQL Server, BizTalk, Exchange, Active Directory and others. After starting, the administrator activates the necessary counters in the PAL Wizard by simply selecting a template from the list of proposed ones, specifies the current server settings (number of CPUs, etc.), the analysis interval and the directory for saving the result. After launch, after a while, it receives a detailed report in HTML and XML, containing the description, counter name, and indicators (Min, Avg, MAx and Horly Trend). The report can then be easily copied to any document. The only thing that further you will have to understand the collected parameters yourself. Although if PAL shows that the characteristic is in the green sector, you definitely should not worry. The request itself is saved in the PAL.ps1 PowerShell script, which can be saved for later use. Templates are XML files, taking any as an example, you can create your own. The built-in PAL Editor is offered for editing parameters in the template.
Win7 is officially supported, but works on all MS OSs starting from WinXP (32/64). To install, you need PowerShell v2.0 +, MS .NET Framework 3.5SP1 and MS Chart Controls for Microsoft .NET Framework 3.5.

Create an Access Point with Virtual Router

The situation when a computer with a WiFi card needs to be turned into an access point is by no means rare today. For example, you need to quickly connect computers to the network or expand the WiFi coverage area. Initially, the operation of a network card was provided only in one of two modes: point-to-point, when clients connect to each other, or as an access point. No other options were offered. But in Win7 / 2k8 (except for Win7 Starter Edition), it became possible to virtualize network connections, when you can create several WiFi modules with their own settings using one physical WiFi adapter. That is, such a computer works in a wireless network and at the same time is also an access point. The corresponding technologies are called Virtual Wi-Fi (Intel has My WiFi), when one of the adapters can be configured in Software Access Point (SoftAP) mode. The connection to such a virtual hotspot is secured using WPA2. Most WiFi cards compatible with newer operating systems generally support this mode. You can turn a PC with Win7 / 2k8R2 into an access point using the Netsh console utility and through the Network and Sharing Center, although many do not like to fiddle with setting all the parameters. Therefore, we can recommend the Virtual Router application available in CodePlex (virtualrouter.codeplex.com) with a clear GUI and very simple settings. After starting Virtual Router, you just need to specify the SSD and password for access, and then activate the access point. If necessary, you can also stop the hotspot by pressing one button. Additionally, the window displays the current connections to the point, for each you can set its own icon and change some parameters.

RDC connection management - RDCMan

For remote control of servers and PCs running under Win, the Remote Desktop Connection snap-in is used. If there are many connections with different settings, then working with it is somewhat inconvenient. Instead of storing individual settings for each computer, you can use the free Remote Desktop Connection Manager (RDCMan) tool to automate this process somewhat. You can download RDCMan from goo.gl/QHNfQ. After launch, you should specify the RDG connection settings that will be used by default and inherited by all. Here we set general credentials, gateway, screen settings, security settings and much more. Next, we create the required number of groups of systems (for example, by purpose, location, OS version, etc.) for each specific connection settings are indicated, which are different from the general ones and which will be inherited by those included in the PC. And the last step is to fill the groups with systems. To add a server, enter only its domain name, although if any parameter differs from the group settings, you can immediately redefine it. If necessary, systems can be easily moved between groups by dragging and dropping. If there are many systems, it is easier to prepare a text file by specifying one name per line, and then feed the utility. Now, in order to connect, it is enough to select the required server and the Connect item in the context menu. You can simultaneously activate several connections by switching between them. If space is tight, the window can be easily detached. Any OS that supports RDC 6 or higher is suitable for work.

Free Active Directory Tools

It is not always easy and convenient to manage many Active Directory parameters using standard tools. In some situations, the Free Active Directory Tools kit (goo.gl/g11zU) developed by ManageEngine and distributed free of charge will help. The kit consists of 14 utilities, run from one shell. For convenience, they are divided into 6 groups: AD USer Report, SharePoint Report, User Management, Domain and DC Info, Diagnostic Tools and Session Management. For example, launching Empty Password User Report will allow you to get a list of accounts with empty passwords, GetDuplicates - to get accounts with the same attributes, CSVGenerator - to save Active Directory account data to a CSV file. And also: report on the time of the last logon, retrieve data from AD based on a query, reports on SharePoint installations, manage local accounts, view and edit domain password policies, get a list of domain controllers and their roles, manage their replication, monitor their work (CPU load, RAM, hard drives, performance, etc.), DMS ports status, terminal session management and much more. Installing and using FADT is very simple, some of the utilities require PowerShell to work. It should also be noted that ManageEngine offers several other packages useful for the admin, a list of which can be found on the company's website.

Comodo Time Machine

The ability to restore the system using System Restore has been incorporated into Win since XP, but its functionality is limited to put it mildly, so third-party applications are often used for backup. Free utility Comodo Time Machine (comodo.com) allows you to roll back the OS to any previous state. Moreover, it will work even if the OS has completely stopped loading. During the process, CTM creates restore points (manually or on a schedule) that record all modified system files, the registry, and user files. The latter has a big advantage over System Restore, which only saves and restores system files and the registry. The first copy takes the most space, the rest save only modified files. To save space, you should periodically create a new checkpoint by deleting old archives. To be able to restore the OS, information about CTM is written into the boot sector; to call the corresponding menu, just press the Home key. You can also restore the OS state according to a schedule, for example, configure the utility's behavior so that every reboot automatically rolls back to a "clean" version of the system. This will be useful, for example, in Internet cafes, where users leave a lot of garbage in the system after themselves. In addition to full OS recovery, you can get an earlier version of any file from the archive. Search has been implemented, so you can find the data you need without any problems.

Amanda

The task of centralized backup of workstations and servers running Windows and * nix can be solved using AMANDA (Advanced Maryland Automatic Network Disk Archiver, amanda.org). Initially, Amanda was created to work with tape drives, but over time there have been improvements to "virtual tapes" (vtapes) that allow you to save the collected data to hard drives and CD / DVD. AMANDA is a handy add-on to the standard Unix programs dump / restore, GNU tar, and several others. Therefore, its main characteristics should be considered precisely on the basis of the capabilities of these basic utilities. Works on a client-server basis. All available authentication methods are used to access computers: Kerberos 4/5, OpenSSH, rsh, bsdtcp, bsdudp or Samba password. To collect data from Windows systems, a special agent or, as a variant of Samba, is also used. To collect data, its own protocol is used that runs on top of UDP or TCP. Compression and encryption (GPG or amcrypt) of information can be performed both directly on the client and on the server. All settings of the backup parameters are made exclusively on the server, there are ready-made templates in the delivery, so it's very easy to figure it out.

Core Configurator 2.0 for Server Core

The initial configuration of a server running Win2k8R2 in Server Core mode is done in the console using commands, so beginners do not really like this mode. To simplify the task, the OS developers have added an interactive script SCONFIG.cmd that allows you to configure the basic parameters of the system. But as they say, the best is the enemy of the good. The excellent Core Configurator (coreconfig.codeplex.com) is available on Codeplex. For its operation, you will need the components NetFx2-ServerCore, NetFx2-ServerCore and PowerShell. After starting Start_CoreConfig.wsf, we get a menu in which we find several items that provide access to the main settings that would have to be managed from the command line: product activation, setting screen resolution, clock and time zones, network interface, setting permissions for remote RDP connections, manage local accounts, configure Windows Firewall, enable / disable WinRM, specify the name of a computer, workgroup or domain, configure roles and features, Hyper-V and run DCPROMO. Everything is in a very understandable way. If you check the Load at Windows startup box, the program will be loaded along with the system.

Exchange 2010 RBAC Manager

Exchange 2010 introduces a new role-based access model that allows very precise control of the privilege level for users and administrators depending on the tasks performed and uses three different methods of granting permissions. The only drawback is that the built-in management tools using PowerShell cmdlets may not seem convenient and understandable to everyone. More advanced features are the free Exchange 2010 RBAC Manager (RBAC Editor GUI, rbac.codeplex.com), which offers a clean graphical interface for setting properties for all roles. Probably a beginner can also figure out its features. The program is written in C # and uses Powershell. To work, you will also need installed Exchange 2010 Management Tools.

PowerGUI

It's no secret that PowerShell, having appeared, immediately won the sympathy of Win-admins, who have long demanded a similar tool that allows them to automate many tasks. But as usual, in the first version, we were not offered a coherent editor, so this gap was solved by several projects. The best of these today is PowerGUI (powergui.org), available completely free of charge, providing a user-friendly graphical interface for efficiently creating and debugging PowerShell scripts. A number of functions allow you to automate many tasks. At the same time, developers offer ready-made sets of scripts for solving many problems that can be used in their development.

Multi-Tabbed PuTTY

The free PuTTY client is well known for admins who need to connect to remote machines using SSH, Telnet or rlogin protocols. This is a very handy program that allows you to save session settings for quick connection to the selected system. PuTTY was originally developed for Windows, but later ported to Unix. The only thing is that with a large number of connections, the desktop is loaded with many open windows. This problem is solved by the Multi-Tabbed PuTTY add-on (ttyplus.com/multi-tabbed-putty), which implements the tab system.

Every sysadmin sometimes has to service the computers of acquaintances or make home trips. A proven set of utilities helps him in this matter. Our review will tell only about free, do not require installation and have become the de facto standard.

Autoruns

Autoruns displays the most complete and detailed list of autorun components regardless of their type. The utility shows how to load all drivers, programs (including system ones) and their modules by registry keys. It even generates a list of all Windows Explorer extensions, toolbars, auto-starting services, and many other objects that other similar programs usually elude.

Color-coding helps you quickly identify standard components that are digitally signed by Microsoft, suspicious files and erroneous strings that refer to non-existent files from a list of hundreds of entries. To disable the ability to autorun any component, just uncheck the box opposite it on the left.

Ghosts of autorun objects in Autoruns are highlighted in yellow

Some of the components are automatically loaded only when you log into the system under a specific account. In Autoruns, you can select the records that correspond to each account and view them separately.

The command line mode also deserves attention. It is extremely convenient for exporting a list of startup items to a text file, creating advanced reports and selective anti-virus scanning of all suspicious objects. Full help can be found on the site, here I will give an example of a typical command:

Autorunsc -a blt -vrs -vt> C: \ Autor.log
Here `autorunsc` is a program module launched in command line mode. The `-a` switch indicates that objects to be checked are listed after it. In the example, there are three of them: b - boot execute (that is, everything that is loaded after the system starts and before the user logs in); l - logon, the startup components of a specific user and t - scheduled tasks. If you specify an asterisk (*) instead of the blt enumeration, then all autorun objects will be checked.

The keys `-vrs` and` -vt` indicate the mode of operation with the online service VirusTotal. The first set sends only those files that are not digitally signed by Microsoft and have not been previously verified. If at least one antivirus out of fifty considers the file to be malicious, a detailed report will open in a separate browser tab. The second set of keys is needed so that each time the tab with the user agreement on the use of the VirusTotal service does not open and you do not have to confirm your agreement with it.

The Autorunsc report usually comes in tens or hundreds of kilobytes. It is inconvenient to read it on the screen, so in the example the output is redirected to a log file. It is a plain text format encoded in UCS-2 Little Endian. Here is an example of a recording from it with one false positive:

HKLM \ SOFTWARE \ Wow6432Node \ Microsoft \ Windows \ CurrentVersion \ Run Adobe ARM "C: \ Program Files (x86) \ Common Files \ Adobe \ ARM \ 1.0 \ AdobeARM.exe" Adobe Reader and Acrobat Manager Adobe Systems Incorporated 1.801.10.4720 c : \ program files (x86) \ common files \ adobe \ arm \ 1.0 \ adobearm.exe 20.11.2014 21:03 VT detection: 1/56 VT permalink: (link to VirusTotal report).


Two unsigned drivers turned out to be clean, and one signed one has a VT reaction

Process Explorer

In the PE settings, you can specify the desired way to display all active processes: a simple list sorted by name or CPU utilization, or a tree-like list with dependencies. In the same place, an option is set that allows you to check unknown files (determined by a hash) in VirusTotal. If you enable it, then after a while the check result will appear on the right. All objects that at least one antivirus swears at will be highlighted in red.

When you press the window is divided horizontally, and the bottom part displays full information about the selected process and its actions in the system. Pressing will bring up an additional window with indicators of CPU, GPU, RAM, I / O intensity, storage and network usage. For each component, the total load and the most resource-intensive process are displayed. For the GPU, even the percentage of occupied video memory and the load on each chip, if there are several, are shown. This is especially true now, since many (malicious) programs actively use video cards for non-graphical computing. This behavior is especially typical for Trojan cryptocurrency miners.

The test trojan does not look suspicious yet, and four antiviruses are already swearing on µTorrent

By right-clicking on any process from the PE list, a context menu appears. It duplicates all the functions of the built-in task manager and adds several new ones. In particular, you can send a file corresponding to a suspicious process to VirusTotal for analysis with one click, search for its description on the Internet, make a dump or suspend execution. A paused process stops responding to any commands (including internal ones) and becomes easier to analyze. Once you have figured it out, you can send the "resume" command through Process Explorer. Of course, unless absolutely necessary, this should not be done with system processes and utilities that perform low-level operations. It is better not to interrupt flashing BIOS / UEFI, changing disk layout, aligning partitions and other similar operations.

Usually, the title of each window contains the name of the application that spawned it, but it happens that they remain unnamed. This is especially true for Trojans that mimic the operation of known programs or small dialog boxes with error codes. Process Explorer has a handy Find Process by Window feature. It is enough to click this button on the top panel and, while holding the left mouse button, move the cursor to the area of ​​the strange window. The corresponding process is automatically highlighted in the PE table.

Test Trojan suspended via Process Explorer

To take advantage of all the features of Process Explorer, you will need to launch it with administrator rights and (in some cases) install Debugging Tools for Windows. They can be downloaded separately or downloaded as part of the Windows Driver Kit. The latest version of Process Explorer can be downloaded from the Microsoft website.

Unlocker

Some process is blocking Safari uninstallation

Unloker defines descriptors of running processes that are currently blocking work with the desired file or directory. This blocking is required to exclude mutual interference between applications in a multitasking environment. During normal operation of the OS and programs, it excludes the accidental deletion of the files used, but sometimes there are errors. As a result of one of them, the application may freeze or remain in memory after closing the window. Then the file system object can remain locked even after the need for it disappears.

Today, the list of active processes for an ordinary user starts from fifty, so you can look for zombies among them for a long time. Unlocker helps you immediately determine which process is blocking the modification or deletion of the selected file or directory. Even if he cannot figure it out due to the limitations of the Win32 API, he will offer to force the desired action: rename, move or delete the object.

Unlocker did not find the reason for blocking, but it can delete the rebellious file

Sometimes several programs can access one directory at once, so several descriptors are defined among the processes blocking it. Unlocker has the ability to unlock all with one button.

Starting from version 1.9.0 64-bit versions of Windows are supported. The utility can be integrated into the explorer context menu or run in graphical mode as a portable application. You can also install the Unlocker Assistant. It will hang in the tray and automatically call Unlocker whenever the user tries to manipulate a locked file. Running with the `-h` switch will display help about the command line mode. The utility is available in forty languages, although there is nothing much to translate in it - everything is already intuitive.

AVZ

AVZ contains many system analysis tools

It is better to remove known malware using other antivirus scanners. AVZ will come in handy for fighting an unknown evil, finding holes through which it can seep, and eliminating the consequences of infection. In most cases, AVZ allows you to do without reinstalling the OS, even after a severe virus attack.

You can use AVZ as a portable application, but the full set of utility functions will be revealed only if you install AVZPM - your own kernel-mode driver. It monitors all modules, drivers and active applications, making it easy to identify lurking processes and any technologies for spoofing their identifiers.

AVZGuard is another kernel mode driver that can be activated from the AVZ menu. It delimits the access of active processes by suppressing anti-virus activity on the infected computer. This approach allows you to launch any application from the AVZ window (including another antivirus) in protected mode.

One of the tricky anti-malware technologies remains the method of blocking its files and recreating the elements that are deleted by the antivirus the next time the OS is loaded. It is partially bypassed manually with the help of Unlocker, but AVZ has its own technology - Boot Cleaner. This is another kernel-mode driver that extends Windows's built-in Delayed Uninstall on Restart functionality. It loads earlier, logs the work done, and can delete registry entries as well as files.

The AVZ antivirus scanner itself also has a lot of know-how. It is able to scan alternative NTFS streams and speed up the scan by excluding files recognized as safe from the Microsoft catalog or its own database. All threats can be searched for by specific types - for example, immediately exclude the HackTool category. There are separate modules for searching for keyboard interceptors, ports opened by Trojan horses and for behavioral analysis. AVZ allows you to copy suspicious and deleted files into separate folders for their subsequent detailed study.

Creation of a detailed research protocol at AVZ

The requirement to send reports to AVZ and its System Research module has become a standard practice in many virology forums, where people turn for help in solving non-trivial problems.

Of course, the first-aid kit of an experienced administrator may contain more than a dozen programs, but these four utilities will be enough to solve most of the tasks. You can easily find the rest in the collections using the links indicated in the article.

WARNING!

Using system utilities requires an understanding of the logic of their operation and the structure of the OS itself. Check the Help before modifying the registry and interfering with active processes.

Subscribe to "Hacker"

1. Introduction

The idea of ​​creating networks for transmitting data over long and not very long distances has been in the air since the very time when people first thought about the creation of telecommunication devices. At different times and in different situations, carrier pigeons, bottles with SOS messages and finally, people - messengers and couriers were used as "information transmission devices".

Of course, many years have passed since then. Today, in order to pass from one person to another an invitation to Saturday's football game, many computers exchange electronic messages, using a mass of wires, optical cables, microwave transmitters and more to transmit information.

Computer networks today are a form of collaboration between humans and computers that accelerate the delivery and processing of information.

The network provides information exchange and sharing (sharing). Computer networks are divided into local (LAN, Local Area Network, LAN), which is a group of closely spaced, interconnected computers, and distributed (global, Wide Area Networks, WAN) (Fig. 1).

Networked computers exchange information and share peripheral equipment and storage devices.

Obviously, the administration of the network services operation implies the implementation of some additional procedures aimed at ensuring the correct operation of the entire system. It is not at all necessary that these functions be performed by one person. In many organizations, work is divided among several administrators. In any case, at least one person is needed who would understand all the assigned tasks and ensure their implementation by other people.

2. The main tasks of the system administrator

2.1. Connecting and removing hardware

Any computer network consists of three main components:

1. Active equipment (hubs, switches, network adapters, etc.).
2. Communication channels (cables, connectors).
3. Network operating system.

Naturally, all of these components must work in concert. For the correct operation of devices in the network, it is required to install them correctly and set the operating parameters.

If you purchase new hardware or connect existing hardware to another machine, the system must be configured to recognize and use these tools. Changing the configuration can be as simple as plugging in a printer or more complex (plugging in a new drive).

In order to make the right decision to upgrade the system, as a system administrator, it is necessary to analyze the performance of the system. The end nodes of the network are computers, and the characteristics of the entire network as a whole largely depend on their performance and reliability. It is computers that are those devices on the network that implement the protocols all levels ranging from the physical and channel (network adapter and driver) to the application layer (applications and network services of the operating system). Therefore, computer optimization includes two fairly independent tasks:

• First, the selection of such hardware and software configuration parameters that would provide optimal performance and reliability of this computer as a separate element of the network. Such parameters are, for example, the type of network adapter used, the size of the file cache, which affects the speed of access to data on the server, the performance of disks and disk controller, the speed of the central processor, etc.
• Secondly, the choice of such parameters of the protocols installed in this computer, which would guarantee the efficient and reliable operation of the communication means of the network. Since computers generate most of the frames and packets circulating in the network, many important parameters of the protocols are formed by the computer software, for example, the initial value of the TTL (Time-to-Live) field of the IP protocol, the size of the window of unacknowledged packets, the sizes of the frames used.

However, a computational task may require the participation of multiple devices. Each device uses certain resources to do its part of the job. Poor performance is usually due to the fact that one of the devices requires a lot more resources than the others. To fix the situation, you must identify the device that spends the most time on the task. Such a device is called u bottleneck. For example, if it takes 3 seconds to complete a task and 1 second to execute the program by the processor, and 2 seconds to read data from the disk, then the disk is a bottleneck.

Determining the bottleneck is a critical step in the process of improving performance. Replacing the processor in the previous example with another, two times faster processor, will reduce the total task execution time only to 2.5 seconds, but it will not be able to fundamentally correct the situation, since the bottleneck will not be eliminated. If we buy a disk and disk controller that are twice as fast as the previous ones, then the total time will be reduced to 2 seconds.

If you are seriously unhappy with the performance of the system, you can fix the situation in the following ways:

• providing the system with sufficient memory resources. Memory size is one of the main factors affecting performance;
• by eliminating some problems created by both users (running too many jobs at the same time, inefficient programming methods, running jobs with excessive priority, as well as large jobs during peak hours), and the system itself (quotas, CPU time tracking);
• organizing hard drives and file systems to balance the load on them and thereby maximize the throughput of the I / O facilities;
• monitoring the network to avoid overload and achieve a low error rate. UNIX / Linux networks can be monitored using the program netstat. If we are talking about network operating systems of the Windows family, then the utility will help you PerformanceMonitor(fig. 2) .
• by correcting the methodology for arranging file systems per separate disks;
• identifying situations where the system does not at all meet the requirements for it.

These measures are listed in order of decreasing effectiveness.

2.2. Backup

The backup procedure is quite tedious and time-consuming, but it must be done. It can be automated, but it is the responsibility of the system administrator to ensure that the backups are done correctly and on schedule. Almost any network operating system contains mechanisms for backing up or mirroring disks. For example, on UNIX systems, the most common means of backing up and restoring data is the commands dump and restore... In most cases, the information stored in computers is more expensive than the computers themselves. Moreover, it is much more difficult to restore it.

There are hundreds of highly ingenious ways to lose information. Errors in software often spoil data files. Users accidentally delete what they have worked on all their lives. Hackers and disgruntled employees erase data with entire disks. Hardware problems and natural disasters take out entire computer rooms. Therefore, no system can be operated without backups.

When done correctly, backing up data allows the administrator to restore the file system (or any part of it) to the state it was in when it was last backed up. Backups must be done carefully and on schedule.

Since many types of faults can destroy multiple hardware at the same time, backups should be written to removable media, CDs, ZIP floppies, etc. For example, copying the contents of one disk to another is certainly better than nothing, but it provides very little protection against controller failure.

2.3. Installing new software

After purchasing new software, you need to install and test it. If the programs are working properly, you need to inform users of their availability and location.

As a rule, the most responsible and most difficult task of the system administrator is the installation and configuration of the operating system. It depends on the correctness of your actions whether you will play Quake and browse your favorite sites or you will have to run between users of the system and do routine work.

In many modern operating systems, developers follow the path of eliminating many unproductive system parameters that administrators can use to influence the performance of the operating system. Instead, adaptive algorithms are built into the operating system that determine the rational parameters of the system during its operation. Using these algorithms, the OS can dynamically optimize its parameters for many known network problems, automatically reallocating its resources and not involving an administrator.

There are various criteria for optimizing the performance of the operating system. Some of the most common criteria are:

• The fastest execution speed for a particular process.
• The maximum number of tasks performed by the processor per unit of time. This characteristic is also called computer bandwidth. It determines the quality of resource sharing among several concurrently running processes.
• Free up the maximum amount of RAM for the highest priority processes, such as a process that acts as a file server, or to increase the size of the file cache.
• Freeing the most disk space.

Typically, when optimizing OS performance, the administrator starts this process with a given set of resources. In general, it is impossible to improve all performance criteria at the same time. For example, if the goal is to increase the available RAM, then the administrator can increase the size of the page file, but this will reduce the available disk space.

After installation and optimal tuning of the operating system, the almost endless process of installing the software begins. And here the problems of compatibility of various programs come to the fore, and if you are installing server software, then also about security.

If you are a novice system administrator, install simpler programs on your server - they have fewer errors. On UNIX, get rid of sendmail, install another SMTP daemon, carefully analyze the source code of all programs installed on the server, especially if the manufacturer's name does not tell you anything. In Windows NT, you should not use monsters like Microsoft Exchange Server, and it is advisable to avoid installing all kinds of freeware programs on the server.

2.4. System monitoring

There are a myriad of must-have daily transactions. For example, checking that email and teleconferencing is functioning properly, reviewing log files for early signs of failure, monitoring LAN connectivity and monitoring system resources.

The whole variety of tools used for monitoring and analyzing computer networks can be divided into several large classes:

Network Management Systems - centralized software systems that collect data on the state of nodes and communication devices of the network, as well as data on traffic circulating in the network. These systems not only monitor and analyze the network, but also perform network management actions in automatic or semi-automatic mode - enabling and disabling device ports, changing the parameters of bridges in the address tables of bridges, switches and routers, etc. Examples of control systems are the popular systems HPOpenView, SunNetManager, IBMNetView.

System Management Tools. System controls often perform functions similar to control systems, but in relation to other objects. In the first case, the objects of control are the software and hardware of the computers in the network, and in the second, the communication equipment. However, some of the functions of these two types of control systems can be duplicated, for example, system controls can perform the simplest analysis of network traffic.

Embedded systems for diagnostics and management (Embeddedsystems) . These systems are implemented in the form of software and hardware modules installed in communication equipment, as well as in the form of software modules built into operating systems. They perform the functions of diagnostics and control of a single device, and this is their main difference from centralized control systems. An example of this class of tools is the Distrebuted 5000 hub management module, which implements the functions of auto-segmentation of ports upon detection of faults, assigning ports to internal segments of the hub, and a number of others. As a rule, built-in management modules "in addition" act as SNMP agents that provide device status data for management systems.

Protocol Analyzers) ... They are software or hardware-software systems that are limited, in contrast to control systems, only by the functions of monitoring and analyzing traffic in networks. A good protocol analyzer can capture and decode packets of a large number of protocols used in networks - usually several dozen. Protocol analyzers allow you to set some logical conditions for capturing individual packets and perform complete decoding of captured packets, that is, they show, in a convenient form for a specialist, the nesting of protocol packets of different levels into each other with decoding of the content of individual fields of each packet.

Equipment for diagnostics and certification of cable systems. Conventionally, this equipment can be divided into four main groups: network monitors, devices for certification of cable systems, cable scanners and testers (multimeters).

Expert systems. This type of systems accumulates human knowledge about identifying the causes of abnormal operation of networks and possible ways to bring the network into a working state. Expert systems are often implemented as separate subsystems of various network monitoring and analysis tools: network management systems, protocol analyzers, network analyzers. The simplest variant of an expert system is a context-sensitive help system. More complex expert systems are so-called knowledge bases with elements of artificial intelligence. An example of such a system is the expert system built into the Cabletron Spectrum control system.

Multifunctional analysis and diagnostic devices and... In recent years, due to the ubiquity of local area networks, it became necessary to develop inexpensive portable devices that combine the functions of several devices: protocol analyzers, cable scanners, and even a number of network management software capabilities.

However, on a single Ethernet network, formal network management procedures are generally not worth implementing. It is enough to conduct a thorough network test after installation and check the load level from time to time. It breaks down - fix it.

If you have a wide area network or complex LANs, consider purchasing dedicated network management stations with dedicated software.

2.5. troubleshooting

The operating systems and the hardware they run on break down from time to time. The task of the administrator is to diagnose system failures and, if necessary, call specialists. As a rule, finding a malfunction is much more difficult than fixing it.

If you find that any of the network nodes is not working correctly or refuses to work at all, you should pay attention to the LED indicators when the hub is turned on and computers connected by cables. If they are not lit, then it is very likely that the reason is the following:

• The adapters are not configured correctly. Most often, when installing a network, problems do not arise until the cables are connected, and sometimes even before trying to access network resources. Usually the source of the problem is an IRQ conflict (two devices share the same interrupt). Such situations are not always easy to detect by software, so carefully check the interrupt settings for all devices on your computer (sound cards, parallel and serial ports, CD-ROM drives, other network adapters, etc.). Sometimes the adapter configuration and / or diagnostic program can help determine the available interrupt. In some cases, problems arise when using IRQ 15 for a network adapter on modern computers with a PCI bus, even if this interrupt is not used.
• The adapter is not responding. If, after turning on the computer, the diagnostic program cannot detect the adapter or detects a failure during an internal test, try replacing the adapter or contact its manufacturers.
• If the adapters and cables have been tested and proven to work, the problem may be caused by incorrect settings in the network adapter driver. Check the correctness of the parameters and the driver itself (it must be designed for the adapter you are using). More information can be found in the description of the adapter.
• Hubs are rarely the source of problems, but one of the most common problems of this kind is lack of power. Sometimes a bad network adapter can disrupt a port on a hub. To check the adapter, use the diagnostic programs supplied with the adapter.

2.6. Maintaining local documentation

As you tweak the configuration for your specific requirements, you will soon find that it differs significantly from the one described in the documentation (basic configuration). Most likely, you will not always take the place of the system administrator and sooner or later another person will come to your place. It is known that ex-spouses and former system administrators are rarely remembered with a kind word. But in order to reduce the number of "stones in your garden" and, more importantly, to protect yourself from calls and questions from the place of former work, the system administrator must document all installed software that is not included in the standard delivery package, document the cabling, keep records of maintenance of all hardware, record the status of backups and document the rules for working with the system.

It should also be borne in mind that the accounting system, the kernel, various utilities - all these programs produce data that is recorded and eventually gets to your disks. These data are also local documentation describing the operation of a particular system. However, most data have a limited useful life, so they need to be summarized, packaged, and finally thrown away.

The procedure for maintaining log files in any operating system is a set of procedures that are repeated after a certain time in the same order. Therefore, it needs to be automated.

On UNIX systems, the process is used for this purpose. cron... And the program syslog can be successfully applied as a complete registration system. It is highly flexible and allows you to sort system messages by source and severity, and then route them to different destinations: log files, user terminals, and even other machines. One of the most valuable features of this system is its ability to centralize registrations for the network.

Windows NT administrators can use the utility for the same purposes PerformanceMonitor, designed to record computer activity in real time. It can help you identify most of the bottlenecks that hinder performance. This utility is included in Windows NT Server and Windows NT Workstation.

PerformanceMonitor is based on a number of counters that record such characteristics as the number of processes waiting to complete a disk operation, the number of network packets transmitted per unit of time, the percentage of processor utilization, and others. PerformanceMonitor generates useful information through the following actions:

• real-time and historical performance monitoring;
• identifying trends over time;
• identifying bottlenecks;
• tracking the consequences of changing the system configuration;
• monitoring local or remote computers;
• Administrator warnings about events related to exceeding some of the specified thresholds.

2.7 Protection control

The main feature of any network system is that its components are distributed in space, and the connection between them is carried out physically - using network connections (coaxial cable, twisted pair, fiber, etc.) and software - using a message mechanism. To networked systems along with ordinary By (local) attacks carried out within the same operating system, we can apply a specific type of attack due to the distribution of resources and information in space - the so-called network (or remote) attacks. They are characterized by the fact that, firstly, the attacker can be thousands of kilometers from the attacked object, and secondly, not a specific computer can be attacked, but information transmitted over network connections.

The system administrator should implement a security strategy and periodically check to see if the security of the system is compromised.

Naturally, absolute protection of the network is impossible, but the task of every administrator is to do everything possible to improve it as much as possible. When building a protection system, it is reasonable to adhere to the following principles:

• Relevance. One should defend against real attacks, not fantastic or archaic ones.
• Reasonableness of costs. Since you will not provide 100% protection anyway, you need to find the line beyond which further spending on improving security will exceed the cost of the information that an attacker can steal.

Of course, the steps you must take to secure your server very much depend on which operating system you are using. However, there are some simple rules that any system administrator will need.

• Read the system administration manual carefully, you will surely find useful tips there that you will want to use.
• Run an automated program for monitoring your host - such as Internet Scanner. The Internet Scanner system can be run on one of the platforms (Windows NT, Windows 2000, HP / UX, AIX, Linux, Sun OS, Solaris). It is used to analyze the security of systems.
• Take a look at the CERT (http://www.cert.org) (Figure 3) or CIAC (http://ciac.llnl.gov) servers and carefully read the latest OS-specific bulletins. Install all recommended patches and configure the system as expected.
• Configure (or install) the firewall correctly. Put a monitor on all incoming connections (e.g. tcp_wrapper).
• Run the latest password cracker. Here you have a big advantage over hackers - you already have a file with hashed passwords.
• Check the settings for basic Internet services (http, ftp). Use anonymous access as much as possible to prevent the transmission of passwords over the network in the clear. If you need access control, use strong protocols such as SSL.
• For all other network services, also, if possible, use authentication that does not involve the transmission of the password in clear text.
• Throw away some underused services. This is especially true for administrators of UNIX servers: a service like finger, talk, rpc that has not been used for a long time, but exists on your server, can become the very "hole" in the security system through which a hacker can (or has already penetrated).
• Provide a proxy server for additional external authentication and also to hide addresses and internal subnet topology.
• Install a secure version of UNIX or other operating system.

2.8. Connecting and removing users. Helping them

It is the sysadmin's responsibility to create budgets for new users and delete budgets for those who are no longer working. You can automate the process of adding and removing users, but some of the decisions on which to enable a new user is up to the administrator.

Very often, employees of an enterprise turn out to be the weakest link in its security system, so the system administrator should pay more attention to working with system users. Otherwise, a simple piece of paper with a password lying in the workplace of a forgetful employee will make the adjusted configuration of your firewall useless.

The following steps may be considered prudent to enhance the security of a company's computer systems:

• Drawing people's attention to safety issues.
• Awareness by employees of the seriousness of the problem and the adoption of a security policy in the organization.
• Study and implementation of the necessary methods and actions to improve the protection of information security.

If you work in a large (more than 100 people) organization, then a penetration test can be performed to determine the level of its security. This method allows you to identify security flaws from the point of view of an outsider. It allows you to test a pattern that detects and prevents internal and external intrusion attempts and reports them.

The test should resolve two main questions:

• Do all of the security policy items achieve their objectives and are used as intended?
• Is there anything that is not reflected in the security policy that can be used by an attacker to achieve their goals.

Table. The probability of a successful attack, depending on the skills of the performer (low - 1, medium - 2, high - 3)

All attempts must be controlled by both the cracker and the "client". This will help you test your system much more efficiently. It is also necessary to minimize the number of people who know about the experiment.

It is required to create and develop various variants of security policy, to determine the rules for the correct use of computer phones and other equipment. Lack of safety awareness must also be considered, as any engineering controls can be misused. Ultimately, security testing should provide you with protection against intrusion.

3. Why pressure on the system administrator

Networks have a tendency to grow, therefore, you will be forced to spend more and more time performing administrative functions. You will soon find that you are the only person in your organization who knows how to solve a number of critical problems.

Since the responsibilities of a system administrator cannot be clearly defined, you will most likely be required to be not only a full-time administrator, but also a full-time engineer, writer, and secretary.

Instead, we suggest that you do the following: do the job at the proper level, while simultaneously recording the time spent on system administration. Collect evidence that can be useful to you when you ask management to hire another administrator or relieve you of "unnecessary" responsibilities.

On the other hand, you may find that you like system administration. In this case, you will not have any problems with finding a job.

ComputerPress 5 "2001

All system administrators, regardless of whether you are administering Windows or Linux, need a specific set of programs, tools and utilities that will help to cope with an unforeseen situation, analyze the system, or make it easier to solve everyday problems. There are many such solutions,
including open source.

In this article, we will take a look at the best 2016 sysadmin software that you can use in your work. Our list will include not only regular utilities and programs for a specific operating system, but also entire images. Now let's move on to our list.

A good text editor is one of the main tools of the system administrator, since in many situations you have to make changes to the configuration files and it is important to do it very quickly. Vim recently turned 25 and is still under active development.

It compares favorably with all other editors in that it allows you to perform text editing
and moving around it very quickly without lifting your fingers from the main keyboard. To do this, the editor has two modes - the command mode, with which you can navigate through the text using the letter keys, as well as execute various commands. The second mode is editing, in which the program turns into a regular editor.

In November, the eighth version of Vim was released, in which the program received many improvements. For example GTK3 support
and asynchronous I / O for plugins. This editor can work not only on Linux, but also on Windows and MacOS.

2. Htop

Monitoring the load on the operating system is also a very important task that system administrators often face. For example, if you need to find out very urgently which program overloads the processor or takes up all the available RAM. The htop utility shows in real time a list of all running processes with the ability to sort by the desired parameter, processor use, memory.

In addition, using the utility, you can see the number of threads of the processor core on which the program is running and much more. This is one of the most important utilities on the list of system administrator programs. The program works only on Linux systems.

3. Git

Version control is very important not only in programming. For various scripts, configuration and plain text files, it can also be very useful to restore the previous version.

The Git system was originally developed by Linus Torvaldst to guide the development of the Linux kernel.
But today it is a full-fledged platform that is used by a very large number of projects.
open source. But it can also be useful in keeping old versions of your config files.

The latest version at the moment is 2.10, which has many useful features. For example, using the git diff command, you can find out exactly which lines and in which files have been changed, the deleted lines will be strikethrough. The program can be used on Windows and Linux.

Computers don't always work as they should and tend to break down. It is a great practice for system administrators to have a CD or USB drive with a set of tools that will help restore the system or at least data from problem computers.

SystemRescueCD is an actively developing suite of system administrator utilities for all occasions. It is a bootable Linux distribution based on Gentoo that contains various tools for checking hardware, partitioning a disk, recovering data, checking your computer for viruses, setting up your network, and more.

Versions 2.8 and 2.9 were released in 2016. In these versions, the image received updates to various components, including the addition of support for tools for working with btrfs.

5. Clonezilla

Sometimes it is better not to rebuild the system from scratch, but to have a backup of the entire machine so that you can bring the system back to life in a few minutes. Clonezilla is the de facto standard for making backups
and deploying system images to disk. You can create backups as for separate partitions,
and for the entire disk as a whole.

The program can be used from the current system or as a bootable image with a pseudo-graphic interface - Clonezilla Live. Once you have a finished copy, you can very easily recover from a failed configuration or upgrade.

The latest release adds support for detecting Windows BitLocker-encrypted volumes, improves EFI support, and updates all software to the latest Debian versions.

6. Docker

Containers are isolated environments that allow multiple systems to run on a single Linux kernel. All systems are isolated from one another, as well as from the main system. The Docker container configuration tool has been a huge contributor to the development of containers in 2016.

Docker is an open platform that allows you to deploy containers in just a few commands
with the required Linux distributions and run the required software on them. With Docker
you can package a standalone application with all its dependencies and then run on any distribution that supports Docker.

You can create your own programs and share them with other users. Docker allows companies to choose the system on which the software will run without restricting developers
in tools and programming languages.

In the latest versions of Docker, the ability to check the state of the container and automatic recovery in case of problems have been added, and now Docker containers can work not only in Linux,
but also on Windows.

7. Wireshark

Wireshark is a tool for analyzing traffic passing through a computer and saving network packets. Such a task can arise when analyzing the health of a network, network services, or web applications. The program supports a huge number of protocols, it can even decrypt HTTPS traffic if it has a key.
You can filter all traffic by the required parameters, sort packets, view their contents
and complete information, as well as much more.

The new version of the Wireshark 2.0 program was released in 2015, since then it has been actively developed in this branch. Its interface has been rewritten in Qt5 and also made more intuitive.

8. TightVNC

TightVNC allows you to access the GUI on a remote computer. With this program, you can control your computer remotely without actually being in front of it. Usually administrators manage Linux servers via ssh, however, some users prefer to use a graphical interface to accomplish such tasks.

The program has the ability to encrypt VNC traffic, thus making it secure, just like ssh. TightVNC can run on both Linux and Windows. Then you will be able to access your device
from anywhere with internet access.

9. Zenmap

Zenmap is a graphical interface to the popular network scanner, nmap. With this tool
you can very quickly find all the nodes connected to the network, check the network topology, and also see the list of running services on each of the computers.

Also, with the help of the program, you can find potentially dangerous places in the configuration of servers; many administrators use it to check the availability of nodes or even measure the uptime.

10. Filezilla

Our list of sysadmin utilities is nearing completion. During server administration, it is quite common to transfer files. Typically this task is performed over FTP. Filezilla is one of the best and most popular FTP file transfer and upload clients. The program interface is split
on two panels, in one of them you see the local computer, and in the other the remote file system of the FTP server.

The program's interface is intuitive and can be used on Windows, Linux and MacOS.

conclusions

In this article, we looked at programs for the system administrator 2016, which can greatly help you in administering your computer ecosystem. What tools do you use? Write in the comments!