top of page
Search
madeleneisidro591g

Cool Tools by Sysinternals: Tips and Tricks for Using the Most Useful and Popular Sysinternals Tools



Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as live.sysinternals.com/ or \\live.sysinternals.com\tools\.


Sysmon v14.1This update to Sysmon, an advanced host monitoring tool, adds a new event type, FileBlockShredding that prevents wiping tools such as Sysinternals SDelete from corrupting and deleting files.




Cool Tools by Sysinternals



The Sysinternals Troubleshooting Utilities have been rolled up into asingle Suite of tools. This file contains the individual troubleshootingtools and help files. It does not contain non-troubleshooting tools likethe BSOD Screen Saver.


The Windows Sysinternals site contains dozens of free utilities for viewing or troubleshooting individual operating system components. Before we look at my picks, be aware the Sysinternals library has existed for some time. Many of the tools were created for older OSes such as Windows XP or Vista, so not every tool in the Sysinternals collection will work with modern Windows versions.


Although none of these utilities is designed specifically for Windows 8, some of them can help address Windows 8 problems. Explore five Sysinternals tools any IT professional troubleshooting Windows endpoints should know about.


PsTools is a collection of 13 command-line tools you can use for diagnostic purposes. For example, the PsInfo command provides basic information such as the Windows version, system uptime, the kernel build number, the processor type and the amount of memory available in the system.


The PStools utilities are all popular and useful, but one that I recently discovered is PSFile. This utility shows files on a system that are open by remote systems by default but that can be passed parameters to return information about remote systems as well. This tool is a good way to check for open files on file servers when users might report read-only issues or have problems getting files to open properly.


The way I see this being useful depends on how stable your system is. If your computer tends to crash more than you would like (or if you are testing some scenarios), you might create a scheduled task to ensure that the system info is flushed back to disk once per hour or some other predefined timeframe. Another cool thing about this sync utility is that USB or ZIP drives or other removable drives can be flushed. You will need administrative privileges to use Sync.


For more details on these tools, see Five favorite Sysinternals tools and what they do (first five tools) and Learn about some Sysinternals tools that might be flying under the radar (second five tools).


I love cool software tools. They not only satisfy my gadget fixation, but also help me in my work. While I have used many tools over the years, the one that stands out as my favorite is the Sysinternals toolset.


Originally a standalone toolset, written and hosted by Mark Russinovich and Bryce Cogswell, Sysinternals was acquired by Microsoft nearly three years ago. I shuddered at the thought of the acquisition. I even hurried to do a quick download of the tools in case they were suddenly unavailable. Fortunately, Microsoft has mostly left things alone, and in many cases, they have made them better.


A note of warning: With the power Sysinternals tools bring to the table, they're not for everyone. In fact, used incorrectly, these tools can really jam up a system -- so proceed with confidence and caution.


Don't want to mess with downloading and unzipping the entire Sysinternals suite to your system? Visit live.sysinternals.com where you can download individual tools quickly and easily. I especially like the Sysinternals Utilities Index that describes the purpose of each tool (which I sometimes forget) as well as provides a link to the download and usage page for each tool.


If you take Windows administration and security seriously, you must familiarize yourself with the Sysinternals tools. I'm still amazed at how many IT professionals haven't heard of or use them in their daily work. So go ahead, download these tools and explore what they have to offer. Once you see what they can do for your day-to-day management and troubleshooting duties in Windows, you'll realize you can't function without them.


The website featured several freeware tools to administer and monitor computers running Microsoft Windows. The software can now be found at Microsoft. The company also sold data recovery utilities and professional editions of their freeware tools.


On July 18, 2006, Microsoft Corporation acquired the company and its assets. Russinovich explained that Sysinternals will remain active until Microsoft agrees on a method of distributing the tools provided there.[5] However, NT Locksmith, a Windows password recovery utility, was immediately removed.[citation needed] Most of the source that Sysinternals provided was also removed. Currently, the Sysinternals website is moved to the Windows Sysinternals website and is a part of Microsoft Docs.[1]


Knowing the right tool to the right job is something that can save you hours of extra work and tedium. We've compiled a list of of some of the best general purpose sysadmin tools for troubleshooting, testing, communicating and fixing the systems that you need to keep running.


The new tool in the Sysinternal Suite released recently by Mark Russinovich and Thomas Garnier both from Microsoft is called Sysmon (System Monitor) -us/sysinternals/dn798348 . The tool installs a service and a driver that allows for logging of activity of a system in to the Windows event log. The activity it monitors are:


If you're involved with administrating or troubleshooting Windows systems, you are doubtless familiar with the Windows Sysinternals Tools, a series of tools, both command line and GUI, for exploring and manipulating systems, files, processes, and other lower-level system facilities.


These tools are used not just by individual users and administrators but important Internet services. VirusTotal, a malware-checking service, uses Sigcheck to extract code signature information from files, for example.


The tools were the creation of Mark Russinovich, now chief technology officer at Microsoft Azure, and his then consulting partner, Bryce Cogswell. Russinovich is also the author of important technical books, including "Windows Internals," now in its 7th edition, and, with Aaron Margosis, "Troubleshooting With the Windows Sysinternals Tools," as well as the Jeff Aiken Series of cyberterrorism thriller novels. Russinovich was co-founder of Winternals Software, which Microsoft bought in 2006, taking him and the tools in the package.


Power users, IT admins, and developers predominantly. Some of the tools have different purposes that are more suitable or relevant to different audiences than others. [For example], DebugView is more useful for a developer, whereas Sysmon is for somebody working in cybersecurity. Active Directory Explorer is also used by security researchers and attackers to dump AD because you can take snapshots and then load them into AD Explorer offline.


Just about every company that I know of that has Windows uses the tools to some extent. One of the ones where I've been more directly involved is companies and organizations that use Sysmon, and there are various intelligence and defense organizations in the U.S. and around the world that have Sysmon deployed at scale.


For several reasons. One is Windows has a lot of rigor around making them address the broad Windows population in terms of, for example, multinational language support. So that would just be development tax on the tools, plus the ability to update them basically on demand. And if they ship in the box, you've got the rigor around making sure that they're completely bug free, because getting a fix out to them is also tough if they're in Windows. But then also adding features to them is really easy. We could talk today and you could say, "Hey, why don't you add this feature, or make this change, or fix this bug in tool X?" And I can literally have that published tomorrow or a few hours from now. Making a change to Windows itself is, as it should be, a far more time-consuming and complicated process.


We also aim to keep Windows as small as possible, minimize network bandwidth for the more than 1 billion Windows users, and maximize their free disk space. We only include things in Windows that we believe a large portion of Windows users will use. The Sysinternals tools are awesome, but they appeal to an audience of developers and tech enthusiasts, which is a tiny fraction of the user installed base.


Sysinternals was just me and Bryce up until a few years ago. And then I started to get contributors at Microsoft who said, '"Hey, I'd like to add this feature." So I would let them have access to the source and they'd add the feature. I've actually hired a person to manage Sysinternals engineering systems and also another developer for the tools. So two full-time people work on the tools and the engineering system. Engineering systems include the source control management systems, as well as the build pipelines for the tools. In the old days, Bryce and I would build the tools on our own desktops and our source control was me and him having copies of it.


There are about 15 million downloads of the tools a month, but that doesn't necessarily represent all of the spreading, because it's mirrored in different places and companies take one download and spread it through their organization. The most popular tools are Process Explorer, Autoruns, and Process Monitor. Sysmon has kind of taken over and become the de facto security monitoring tool for Windows. One of my favorite tools is ZoomIt ("a screen zoom and annotation tool for technical presentations that includes application demonstrations"), which I always used in presentations. And I wrote it for myself.


If you have not heard, Microsoft awesome Sysinternals site has released the beta version of Sysinternals Live. What this service offers is the capability to connect directly to the Sysinternals site and run their tools without the need to download. 2ff7e9595c


1 view0 comments

Recent Posts

See All

Comments


bottom of page