ASSOCIAT.EXE – This handy utility will add/remove file associates. This will associate certain files with specific programs.
    "ASSOCIAT .ORA NOTEPAD.EXE /F" would associate your Oracle configuration files with Notepad.
    "ASSOCIAT .DB /F" to prevent *.DB files from trying to auto-open with a specific app

DEPENDS – This utility will let you see DLL dependencies with an executable. This is handy in troubleshooting. If a program runs well on one machine but not another, this will give you a list of all of the dependent DLLs. You can then use this as a list to verify version dates on the different machines. Now you know what is running in the background.

DRIVERS – Drivers will display to the screen a list of all drivers loaded on a PC along with dates for those drivers. If you know that drivers with a certain date cause instability or other problems, then this utility can be redirected in script files to a text file and then grepped to help locate the machines that need to be updated.

PATHMAN – A simple utility to modify a workstation’s path.
    /as path[;path[;path ...]] Adds the semicolon-separated paths to the system path
    /au path[;path[;path ...]] Adds the semicolon-separated paths to the user path.
    /rs path[;path[;path ...]] Removes the semicolon-separated paths from the system path
    /ru path[;path[;path ...]] Removes the semicolon-separated paths from the user path.

PULIST – This utility will list all programs running and the authority with which they are running such "SYSTEM" or User. Many will not find this very useful, but we force-run many applications which all run in different security contexts, so this is a handy troubleshooting utility to verify the proper security context is being used.

SECADD – This very simple utility allows you to tighten your registry settings. It permits adding "read privilege" to a HKLM registry key and the complete removal of the "everyone" group from a registry key. The "everyone" group often has full rights to registry keys you do not want anyone but admins to have. I resolve this problem by using SECADD to first grant all users read privileges and then revoke the "everyone" group. By performing the actions in this order, the local user will have the rights to assign permissions before they are lost by revoking the rights of the everyone group.
    -a = add read privilege
    -l= indicates local registry (does not work with removing the everyone group)
    SECADD –l –a SOFTWARE\MYSOFTWARE "MYDOMAIN\DOMAIN USERS"
    SECADD –l –a SOFTWARE\MYSOFTWARE "USERS" (Local Users)
    SECADD %computername% SOFTWARE\MYSOFTWARE (Variable should work)

SRVINFO – A handy utility to collect information on the local machine. This data can be redirected to a file in a script and then grepped to collect data on all of your machines.

SU – This utility will install as a service and allow you to interactively start a process with a different security context. This is handy because it will let an admin sit down at a users PC with the user still logged on but perform any task with the admin’s authority.