Windows 10 - best tools for your admin shed

Updated: November 12, 2018

Working with Windows 10 is an interesting phenomenon. Often, functionality is hidden or purposefully obfuscated, making administration work that much harder compared to earlier editions of Windows. Then, because this operating system is so popular, there are always many clever ways and workarounds for pretty much every problem.

Finding the right tools is almost as important as knowing what the issue is. But assuming you're following sound principles of problem solving, then having the adequate toolbox will help resolve problems quickly and efficiently. In this article, I'd like to present some of the most handy programs an advanced Windows user should always have in their proverbial IT drawer. Follow me.

Process Explorer

In general, anything by Sysinternals is a good bet. In particular, Process Explorer is a must-have tool. While it doubles as a task manager on steroids, growth hormones and radiotheraphy, it is also extremely useful in many other regards. It provides useful GPU, I/O, memory, network,DLL and file handles activity. The best way to look at the program is a combo of Windows task manager and resource monitor, with still more flexibility and power.

Process Explorer

Exploit protection

Up to Windows 10 Creators Update 1709, Windows 10 used and supported the superb Enhanced Mitigation Experience Toolkit (EMET), a set of mechanisms designed to prevent common exploits in memory. On older versions of Windows, EMET remains the Rolls Royce of software security, and it is one of the few, rare security solutions that I endorse, recommend and use. But Windows 10 no longer supports EMET.

Instead, Windows 10 now uses the Exploit protection framework, which is integrated into the Windows Defender Security Center. Essentially, it is the same tool as EMET, with a slightly different UI and underlying rules syntax. But the methods and functionality remain identical. At the moment, applying mitigations does require a lot of manual work - or you can use XML-based rulesets - but the end result is a lean, transparent and highly effectively security framework.

System settings

Windows Debugger & Image File Execution Options (IFEO)

This may sound like a name of a hip 1970s music band, but it's one of the more mystical and yet powerful components of the Windows operating system. So much in fact that you should read my dedicated article on this topic. In a nutshell, this functionality lets you change how programs behave. You can alter what they do, for purpose of troubleshooting, debugging or development - or if they bother you but you don't feel like yanking them out of the system - then just neuter them. This gives you almost infinite freedom to how you manage and control your system, including the ability to ruin everything majestically. Only for experts.

Registry, IFEO

ExecTI

This is another heavyweight, belied by its simple UI and size. ExecTI is a program, developed by Winaero, whose system tweaker tool I've used to tame Windows 10 (more on that in my privacy guide), which can run Windows executables with the ultimate TrustedInstaller privileges. Indeed, to prevent damage and abuse, some resources in the Windows operating system are not normally accessible by ordinary users (even admins). You need special permissions to modify certain things. This is done by elevating privileges to the TrustedInstaller account. You can do this manually, but it's a tedious process. Instead, you can use ExecTI to quickly run the programs you need, and then once you're done, close them and be done with it. Like IFEO, this gives you almost unlimited super-admin privileges. With great power comes great responsibility. Only for experts. You've been doubly warned!

ExecTI

Policy Plus

This program is an alternative to Microsoft group policy editor (gpedit.msc), allowing you to manage system changes in an organizational manner, even if you use the Home edition of Windows, which does not support group policies. Policy Plus behaves much like its spiritual model, it comes with a safe and consistent UI, and it allows users to define the behavior of their machines and then export the settings across multiple systems, if they need to. Very handy and practical. My tutorial has much more on this subject.

Working

Windows 10 hide/show updates

The Windows Update facility has been revamped in Windows 10, and it no longer features the ability to hide individual updates. This can be detrimental and limiting, especially if you are aware of potential driver conflicts for your particular hardware. While not well known, Microsoft does have a dedicated utility that lets you hide and show updates, just like in the past. It runs as a standalone tool, but it gets the job done.

Choose option, show or hide

Some extras

It is all too easy to diverge here. But then, there are also some safe bets. Similar to Sysinternals, pretty much anything Nirsoft will work well. In fact, you might want to read my review of NirLauncher, a mega-utility that bundles everything Nirsoft in one killer package.

Then, Microsoft Baseline Security Analyzer (MBSA) is another sturdy little workhorse. It's seen more glamorous days, and technically, it is supported only up to Windows 8.1 and equivalent server versions. However, it works just fine in Windows 10, and offers a very useful auditing capability for common security misconfigurations.

NirLauncher

MBSA 1

MBSA 2

Lastly, there's also SuRun, a sudo-like mechanism for Windows - works well in Windows 10, too. The basic idea is to allow you to use a standard account (rather than an admin one) for day-to-day stuff and then elevate privileges only when necessary. This is a very healthy practice for many reasons. Windows 10 has also gotten a lot better than previous versions in offering a seamless standard (limited) user functionality, but you can definitely complement the Run As mechanism with SuRun. Complement and experiment.

More reading

Hungry for me? Worry not. Your favorite chef provideth:

Thorough guide on group policies (has that Policy Plus article sparked thy curiosity?)

Windows BSOD guide (if you want to learn more about the Windows Debugger)

WMIC - The Windows secret weapon (if you thought IFEO was cool and you're craving more)

Conclusion

It is always very easy to go wrong with compilations - they can be often too short or way too long. I tried to keep this list down to a mid-range sweet spot, without going overboard, with enough detail to cover a broad spectrum of needs and uses - processes, security, complex administration, debugging. A few handy extras, and several in-depth articles that cover a few other vital areas.

Windows has quite a few built-in gems, but many of the best utilities for this operating system actually come from third-party sources. When you combine the two, you get yourself a solid toolbox that should help you make your life easier, cleaner, quieter, more productive. Windows 10 can be a fairly noisy system, so having the right stuff to tame it and bring it into submission is rather important. Well, hopefully, this was a useful article. If you have any suggestions on killer apps of similar nature, please do send them over. The recommendations, that is, not the apps themselves. Duh.

Cheers.

You may also like: