Pular para o conteúdo principal

10 Sysinternals tools you shouldn't be without

10 Sysinternals tools you shouldn't be without: "

Sysinternals has been around for quite some time and was acquired by Microsoft in 2006. These are great little tools for getting some heavy-hitting Windows things done and sometimes done better than when using the built-in tools for a task. The entire suite of products is available for download. While this is the easiest way to get the tools because they are bundled together, there are some tools that I find myself using far more than others. Here’s a look at my favorite tools in the Sysinternals collection (or the ones that I use the most).


Note: This article is also available as a TechRepublic photo gallery.


1: PsList and PsKill


I listed these together because I typically use them in this order. The goal here is to see processes on a machine — with PsList, I find the process ID, and then use PsKill to terminate the process.


There are quite a few ways to return information with PsList, and the best part is that it works on local and remote machines. PsKill works similarly to PsList except it is used to terminate processes by process ID.


2: Process Explorer


Process Explorer is a great tool for digging into open files or resources. Trying to open a file, but getting a notification that it’s already open? Process Explorer can help determine which application or process has the file open. It is a GUI-based utility and can be used as a Task Manager replacement. The utility has two panes of information. The top pane shows currently active processes on your system and includes information about the name, the account that owns the process, and the CPU usage of the process.


The bottom pane has two modes of operation, handle mode and DLL mode. When handle mode is enabled, selecting a process in the top portion of the window will show you the handles that the process has open. In DLL mode, the pane displays the DLLs and memory-mapped files loaded by the selected process.


3: ZoomIt


ZoomIt is a utility for the public speaker in all of us. When presenting information, sometimes it is helpful to show a certain area of the screen, magnified to call attention to a dialog box or other item. This is what ZoomIt does. When configured, it will integrate with PowerPoint to allow macro keys to trigger functions during a presentation.


4: PsLoggedOn


PsLoggedOn uses a registry scan to look through the HKEY_USERS key to see which profiles are loaded. Looking at the keys with a user ID SID, PsLoggedOn looks up the username of the SID and displays it. This shows you who is logged on in any session to a PC. When querying remote systems, your userid will be found as a connected user session as well. The remote and local users are returned separately to help distinguish logon types.


5: Autoruns


You know how malware likes to invade the startup folder and other locations on infected systems? Seems that these are the hardest things to find and get rid of when trying to clean up spyware/malware/ infections. Autoruns can help with that. It looks through all possible locations where applications can be listed to automatically launch when Windows starts. Then, it displays them in a tabbed, easy-to-follow GUI. You can hide Microsoft-signed entries to eliminate the good items from the list of things that start up on your system.


6: Contig


Some files have trouble with disk defragmenting applications and for one reason or another, can’t be corrected. This is where you might use Contig. It is a single file defrag utility, which can be helpful if you use a file often and suspect it might be suffering from performance issues due to fragmentation.


7: Disk2vhd


Disk2vhd creates a virtual hard disk file from a physical system for use with Hyper-V or even with Windows 7 or Server 2008 R2. Disk2vhd supports Windows XP SP2 and Windows Server 2003 SP1 and higher, including 64-bit versions of these systems.


A great use of this utility might be to create a snapshot of an entire disk for backup purposes. There are also options that allow Disk2vhd to be run at the command line. You can use these options to script vhd creation. Using the utility in this way would allow you to use Task Scheduler and Disk2vhd to create a snapshot of your PC at scheduled intervals with no user intervention. One caveat: When creating vhds, be sure not to attach them to the same system you created them from if you are going to boot from the vhd.


8: MoveFile


As we all know, there are times when files need to be moved or deleted to help get things cleaned off a PC (malware/bots/viruses). Sometimes, this can’t be done because files are in use, which prevents actions on the files until they are closed or the computer is rebooted. MoveFile provides an API that marks files for move/rename/delete at the next restart of the Windows system. Doing this allows the file to be acted on before it is referenced by the system.


9: PSFile


The PStools utilities are all popular and useful, but one that I recently discovered is PSFile. This utility shows files on a system that are open by remote systems by default but that can be passed parameters to return information about remote systems as well. This tool is a good way to check for open files on file servers when users might report read-only issues or have problems getting files to open properly.


10: Sync


This utility was created to mirror a UNIX utility that will allow you to flush cached file system data to disk. Doing this can help prevent problems with lost system information in the event of a system failure and helps to ensure live system information is getting written to disk.


The way I see this being useful depends on how stable your system is. If your computer tends to crash more than you would like (or if you are testing some scenarios), you might create a scheduled task to ensure that the system info is flushed back to disk once per hour or some other predefined timeframe. Another cool thing about this sync utility is that USB or ZIP drives or other removable drives can be flushed. You will need administrative privileges to use Sync.


For more details on these tools, see Five favorite Sysinternals tools and what they do (first five tools) and Learn about some Sysinternals tools that might be flying under the radar (second five tools).








"

Comentários

Postar um comentário

Postagens mais visitadas deste blog

Improve Windows Security By Closing Open Ports

Improve Windows Security By Closing Open Ports : " A standard Windows operating system has a number of ports open after installation. Some of these ports are needed for the system to function properly while others might not. These ports can pose a security risk as every open port on a system might be an entry point for a malicious user. A port basically allows communication to or from the device. Characteristics are a port number, an IP address and a protocol type. This article will give you the tools at hand to identify and evaluate the open ports on your Windows system to make a decision in the end whether they can or should be closed or left open. Software programs and tools that we will use: CurrPorts : Available for 32-bit and 64-bit editions of Windows. It is a port monitor that displays all open ports on a computer system. We will use it to identify the ports and the programs that are using them. Windows Task Manager: Also used to identify the programs and link some p
Postar um comentário
Leia mais

Diagnosing a Blue Screen of Death Error in Windows

Diagnosing a Blue Screen of Death Error in Windows : For many years now the famous Blue Screen of Death (BSoD) has been the ultimate indication that something disastrous has happened to make your computer die, but how useful is the information in the BSoD and the respective crash dump file that Windows produces? The best article I ever found explaining the BSoD in depth is here on the Microsoft website, however it’s quite technical and doesn’t discuss how to actually troubleshoot a problem. The crash dump file is just technical details of what was being held in the computer’s memory at the time of the crash, and this will include details on every driver and service that was loaded, and every piece of software that was running. The most useful pieces of information are to be found on the BSoD itself and are highlighted on the screenshot below. These are the BSoD error name, the stop error code and the name of the driver or service that has failed (this last one might not always appea
Postar um comentário
Leia mais

Use BGInfo to Build a Database of System Information of Your Network Computers

Use BGInfo to Build a Database of System Information of Your Network Computers : " One of the more popular tools of the Sysinternals suite among system administrators is BGInfo which tacks real-time system information to your desktop wallpaper when you first login. For obvious reasons, having information such as system memory, available hard drive space and system up time (among others) right in front of you is very convenient when you are managing several systems. A little known feature about this handy utility is the ability to have system information automatically saved to a SQL database or some other data file. With a few minutes of setup work you can easily configure BGInfo to record system information of all your network computers in a centralized storage location. You can then use this data to monitor or report on these systems however you see fit. BGInfo Setup If you are familiar with BGInfo, you can skip this section. However, if you have never used this tool, it takes ju
Postar um comentário
Leia mais