The Sysinternals suite is one of the many troubleshooting utilities published by Microsoft. The company acquired the suite with its buyout of Sysinternals some years ago, bringing on board its lead developer Mark Russinovich in the process. Tools such as Process Monitor, Autoruns or Disk2vhd are gems particularly appreciated by managers and power users. The tool collection is divided into the following areas:
Tools include:
AccessChk: This tool displays the access permissions for specified users or groups of files, registry keys or Windows services.
AccessEnum: This simple and yet powerful security tool indicates who has what access to directories, files and registry keys on your systems. It can be used to identify gaps in the permissions.
CacheSet: CacheSet allows you to control the working set size of cache management functions provided by NT. It is compatible with all versions of NT.
Contig: Use Contig to optimise individual files or to create new related files.
DiskExt: DiskExt demonstrates the use of the IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS command that returns information about what disks the partitions of a volume are located on (multipartition disks can reside on multiple disks) and where on the disk the partitions are located.
DiskMon: DiskMon is an application that logs and displays all hard disk activity on a Windows system. You can also minimize DiskMon to your system tray where it acts as a disk light, presenting a green icon when there is disk-read activity and a red icon when there is disk-write activity.
DiskView: A graphical disk sector utility.
Disk usage (DU): Displays disk usage by directory.
EFSDump: Displays information on encrypted files.
Born FileMon: This monitoring tool you see all file system activity in real-time. (Integrated into process monitor.)
Junction: Create Win2K NTFS symlinks.
Network Tools
AdRestore: Restores Windows Server 2003 Active Directory objects.
AD insight: ADInsight is an LDAP (Lightweight Directory Access Protocol) real-time monitoring tool for troubleshooting Active Directory client applications.
AdRestore: Restore deleted (obsolete) Active Directory objects in Windows Server 2003.
PsFile: Open display of remote files.
PsTools: The PsTools suite includes command-line utilities to list the processes that are running on local or remote computers, restart computers, map event logs, etc.
ShareEnum: Scans file shares on your network and views their security settings, to close security gaps.
WHOIS: Determines of the owner of an Internet address.
Processes & threads
Tools include:
Autoruns: shows the programs that are configured to run automatically when the system boots and you login. Autoruns also shows a full list of registry and file locations where applications can configure Auto-start settings.
Born Filemon: This monitoring tool you see all file system activity in real-time.
Handle: this handy command-line utility shows which files were opened by which processes, and much more.
ListDLLs: Shows all the currently loaded DLLs with their loading place and version number. Version 2.0 displays the full path names of loaded modules.
Portmon: Monitors the activity on serial and parallel ports. Process Explorer: Shows files, registry keys and other objects that are open in processes, the loaded DLLs, and more.
Process monitor: Monitors file system, registry, process, thread and DLL activity in real-time.
PsExec: Remote execution of processes.
Security tools
Tools include:
AccessChk: This tool displays the access permissions for specified users or groups of files, registry keys or Windows services.
AccessEnum: This simple and yet powerful security tool indicates who has what access to directories, files and registry keys on your systems. It can be used to identify gaps in the permissions.
Autologon: Used to bypass the password screen during logon.
Autoruns: Shows the programs that are configured to run automatically when the system boots and you login.
LogonSessions: Lists active logon sessions.
NewSID: A free computer SID changing tool.
Process Explorer: Shows the files, registry keys and other objects that are open in processes, the loaded DLLs, and more.
PsExec: Executes processes with limited user rights.
System information
Tools include:
Autoruns: Shows the programs that are configured to run automatically when the system boots and you login.
ClockRes: indicates the resolution of the system clock, which is also the maximum timer resolution.
Core Info: Coreinfo is a command line utility that displays a mapping from logical to physical processor, NUMA node, as well as the cache allocated to each logical processor.
Handle: This handy command-line utility shows which files were opened by which processes, and more.
LiveKd: Microsoft kernel debugger uses to inspect a live system.
LoadOrder: Shows the order in which devices on your Windows NT/2000 system are loaded.
LogonSessions: Lists the active logon sessions on a system.
More tools
Tools include:
AdExplorer: Active Directory Explorer is an advanced Active Directory Viewer and editor.
AdRestore: Restores outdated Active Directory objects in Windows Server 2003 domains.
BgInfo: This fully-configurable program automatically generates desktop backgrounds that include important information about the system, including IP addresses, computer name, network adapter, and more.
Blue screen: This screen saver simulates not just blue screens, but also restarts (including CHKDSK). Blue screen works under Windows NT 4, Windows 2000, Windows XP, Server 2003, and Windows 9 x.
Ctrl2cap: This kernel mode driver allows keyboard input filtering just above the level of the keyboard class driver and turns the caps lock a control key. Filtering at this level allows conversion and hiding the keys before NT sees them. Ctrl2cap also like NtDisplayString shows () will be used to print messages to the initialisation blue screen.
Conclusion
Microsoft made a wise decision in acquiring Sysinternals and hiring its lead developer, Mark Russinovich. The suite offers powerful utilities that complement Windows. It is a very user-friendly decision to offer the tools in one overall package. The user saves a lot of time and effort not having to download the individual tools separately. The individual tools are also available here: live.sysinternals.com