Ops Knowledge BaseThe Ops Stack
Home/Topics/Suggested Apps

Topic Hub

Suggested Apps

Recommended third-party and built-in utilities for admins, engineers, and homelab operators.

Use this hub as a cross-surface map: start with toolchest for this topic, then branch into supporting tools, drills, and implementation work as needed.

Related Items32
Best First StopToolchest
How To Use This Hub
0 Insights32 Toolchest0 Labs

Support Surface

Insights

Concepts, decision points, troubleshooting patterns, and operator-facing field notes.

Browse insights

Start Here

Toolchest

Checklists, scripts, templates, and evidence packs you can use once the path is clear.

Browse toolchest

Support Surface

Labs

Hands-on build guides and validation environments for testing ideas end to end.

Browse labs

Toolchest

Toolchest assets for Suggested Apps

ToolchestScriptActive Directory and IdentityRead-only

AD stale computer cleanup report

A read-only Active Directory stale computer report for last logon, OU, operating system, enabled state, and cleanup planning.

ToolchestScriptSecurity and Exposure ChecksRead-only

Authenticated Users drive ACL scanner

PowerShell scanner that checks fixed local drives on Windows servers for root ACL entries where Authenticated Users have broad access. Produces console and CSV evidence so admins can review exposure before any ACL changes.

ToolchestTemplateHybrid Cloud OperationsRead-only

Azure Arc bulk onboarding CSV and logging starter

Reusable starter for Azure Arc onboarding waves using a host CSV, dry-run expectations, per-host logging, and repeatable result tracking suitable for tickets, change records, and post-wave reporting.

ToolchestChecklistHybrid Cloud OperationsRead-only

Azure Arc onboarding preflight checklist

Preflight checklist for onboarding Windows servers to Azure Arc. Confirms supported OS state, outbound connectivity, proxy/TLS behavior, local admin rights, target Azure placement, tagging, pilot scope, and rollback notes before any agent install.

ToolchestTemplateReporting and Evidence PacksRead-only

Azure Update Manager compliance workbook starter

Starter template for an Azure Workbook plus Resource Graph evidence pack that shows patch compliance, pending updates, unsupported coverage, and patch-group drift across Azure and Arc-enabled machines.

ToolchestTemplateHybrid Cloud OperationsRead-only

Azure Update Manager patch wave planning template

Operator-ready planning template for Azure Update Manager patch waves covering scope, maintenance windows, reboot tolerance, exclusions, soak periods, rollback contacts, and stop-go criteria before scheduled patching.

ToolchestTemplateBackup and RecoveryPlanning aid

Backup Restore Drill Evidence Checklist

A restore-drill evidence template for proving backups are usable, measuring recovery time, and turning failed assumptions into repair tasks before an outage.

ToolchestScriptSecurity and Exposure ChecksRead-only

Certificate expiration scanner

A read-only certificate inventory for finding expiring Windows certificate-store items and endpoint certificates before outages.

ToolchestScriptWindows Server HealthRead-only

Disk space cleanup candidate report

A read-only disk pressure report that finds likely cleanup candidates without deleting logs, caches, dumps, or user data.

ToolchestChecklistDNS and DHCPRead-only

DNS and DHCP Health Check

A diagnostic DNS and DHCP triage flow that captures evidence, follows decision branches, and explains what each result means before changing anything.

ToolchestScriptConnectivity and Network TriageRead-only

DNS resolution and reverse lookup audit

A read-only DNS audit that compares forward and reverse lookup results across host lists and expected DNS servers.

ToolchestScriptFile, Backup, and Storage OperationsRead-only

File share permission audit

A read-only file share audit that records SMB share permissions, NTFS access, and ownership evidence for review.

ToolchestRecommended toolFreeware Utilities Worth KeepingReview before running

Free network scanner and port inventory guide

A practical guide to free network scanning options for host discovery, port inventory, and safe scan scoping.

ToolchestScriptWindows Server HealthRead-only

IIS site and binding inventory

A read-only IIS inventory for sites, app pools, bindings, host headers, ports, certificate thumbprints, and content paths.

ToolchestChecklistActive Directory and IdentityRead-only

Inactive AD user disable review workflow

Two-phase review checklist for identifying inactive AD user accounts, validating inactivity evidence, applying exclusions, capturing approval, and preparing rollback details before any disable action.

ToolchestTemplateOperations TemplatesPlanning aid

Incident Note Template

A compact operator note format for capturing symptoms, checks, decisions, and follow-up while the issue is fresh.

ToolchestChecklistApplication HostingRead-only

Internal IIS site rollout checklist

Operator checklist for launching an internal IIS-hosted site with evidence capture for IIS role presence, site folder layout, bindings, app pool identity, DNS readiness, browser validation, and rollback notes.

ToolchestScriptConnectivity and Network TriageRead-only

PowerShell server connectivity quick check

A read-only connectivity triage script that separates DNS, ping, RDP, WinRM, and application-port failures before escalation.

ToolchestScriptInventoryRead-only

RADIUS and NPS server detection report

Read-only PowerShell reporting script pattern to identify likely Microsoft NPS or other RADIUS-capable Windows servers using multiple evidence sources: NPS service presence, NPAS role/feature state, IAS/NPS event log activity, UDP 1812/1813 listener evidence, and registry indicators. Designed for migration discovery, audit support, and authentication troubleshooting.

ToolchestTemplateFile, Backup, and Storage OperationsChanges system state

Robocopy job template and log parser

A safer Robocopy job template with dry-run review, log capture, exit-code interpretation, and migration evidence.

ToolchestChecklistMigration and CutoverChanges system state

Robocopy migration cutover checklist and evidence pack

Operator checklist and evidence structure for file migration cutovers using Robocopy. Covers pre-copy checks, dry-run evidence, final sync readiness, exclusion review, validation samples, rollback details, and signoff artifacts suitable for tickets and change records.

ToolchestScriptActive Directory and IdentityRead-only

Service account usage finder

A read-only service account discovery pass for Windows services, scheduled tasks, and IIS application pools.

ToolchestRecommended toolFreeware Utilities Worth KeepingRead-only

Sysinternals first-response kit guide

A practical Sysinternals first-response map for process, file handle, startup, network, login, and registry symptoms.

ToolchestRecommended toolMonitoringPlanning aid

Uptime Kuma Monitoring Starter

A simple monitoring starter for internal services, homelab systems, and small-office status checks.

ToolchestScriptSecurity and Exposure ChecksRead-only

Windows firewall rule audit

A read-only Windows Firewall audit that records enabled allow rules, ports, profiles, and address scopes.

ToolchestScriptWindows Server HealthRead-only

Windows server health snapshot

A read-only Windows Server snapshot for uptime, disk pressure, memory, stopped automatic services, and recent critical events.

ToolchestChecklistPatchingChanges system state

Windows Update Repair Checks

A staged Windows Update troubleshooting path that starts read-only and escalates only when needed.

ToolchestRecommended toolConnectivity and Network TriageReview before running

Wireshark packet capture triage guide

A packet-capture triage guide for DNS, TLS, DHCP, SMB, RDP, retransmissions, and sensitive-data handling.