Utilize existing tools
Common commands like reboots, remote assistance, and Wake-on-LAN are included as pre-built tools. See the full list below.
What’s in the Tools Library?
Note: All Event Logs require PowerShell
|Get Application Errors||Display all events in the target’s Application Event Log that have an event level of Error or Critical.|
|Get Crash History||Display all events in target’s System Event Log that contain the word “crash”.|
|Get Rename History||Displays all events showing a computer name change.|
|Get TCP/IP All||Displays all events in System Event Log with TCP/IP provider and ID 4230.|
|Get TCP/IP Congestion||Display All TCP/IP messages from system Event Log.|
|Get Logon History||Shows Logon events on target machine.|
|Get Restart History||Shows all events in System log that contain “Shutdown Type” or “crash”.|
|Connect to IP via HTTP||If the target device has a webserver (such as a printer or IP Phone) this tool will attempt to start the default browser and connect to the IP address.|
|Get MAC||Uses a cmd shell to run `arp.exe -a` against target IP address.|
|Manage Services||Uses Services.msc to view/manage target’s Windows Services.|
|Ping (Persistent)||Sends a persistent Ping to target machine. This will open a CMD window. To stop the ping either press CTRL+C or simply close the CMD window. This utility is great to use when a computer has been rebooted and you want to know the moment it comes back online.|
|Open ADMIN$ Share||Attempts to connect via Windows Explorer (explorer.exe) to the target computer’s Windows directory. By default the %WINDIR% directory is shared as ADMIN$.|
|Flush DNS Resolver Cache (localhost)||Use this to flush (empty) the DNS cache on your console machine. This can be necessary when a target’s IP address has changed but your DNS cache stills has the old address. This tool is considered a “System Tool”. This means that a computer does not need to be selected to run it.|
|Lookup IP Address||Uses NSLOOKUP to perform a “Reverse lookup” to resolve the hostname from the supplied IP Address. Your environment must utilize PTR records in order to perform reverse lookups.|
|Lookup Hostname||Uses NSLOOKUP to resolve the IP Address for a target computer.|
|NetBIOS by IP||Uses NBTSTAT to resolve the hostname of a computer based on the IP Address.|
|NetBIOS by Name||Uses NBTSTAT to resolve the IP Address of a computer based on the computer name.|
With product guides, in-depth tutorials, and coverage of the latest cybersecurity threats, the PDQ blog is your one-stop-shop for all things IT.
Join us for our weekly live broadcast, where we cover everything from getting started to advanced use case scenarios and troubleshooting.