IT admin's guide to the Sysinternals suite
A comprehensive collection of articles, videos and more, hand-picked by our editors
The tools that are available to IT administrators in Windows Sysinternals can make work a lot easier, but many people don't even know about the free suite.
The tools that come with Windows and Windows Server will help you put out fires, but if you're interested in the inner workings of Windows or you want to simplify some tasks, Sysinternals is a must. Check out some basic facts about Windows Sysinternals tools in this FAQ, and learn a little more about some utilities that can make your life easier.
What is Windows Sysinternals?
Windows Sysinternals is a repository for freeware utilities developed by Mark Russinovich and Bryce Cogswell starting in 1995. Microsoft acquired Sysinternals in 2006. Program categories include file and disk, networking, process, security and system information.
When Sysinternals began, there were a handful of tools to make administrators' work easier, but today there are more than 100. Russinovich wrote a book called Windows Sysinternals Administrator's Reference that provides an in-depth look at how Windows works, how to use various utilities and how to troubleshoot some Windows problems.
How do I access Sysinternals?
KirySoft's Windows System Control Center has the 100-plus Sysinternals tools, as well as NirSoft utilities. You could also access Sysinternals through Microsoft's website or preload the utilities on a thumb drive and access them that way.
What are some useful Sysinternals utilities?
Process Explorer and Process Monitor are favorites among admins because they're great for cleaning up PCs, but there are many other useful Windows Sysinternals tools. Autoruns can improve software debugging, and Contig makes sure that all files get defragmented. Desktops can arrange programs on virtual desktops, and NotMyFault deliberately crashes a system, which is useful if you need to test resiliency. Other tools include RAMMap, which lets you map out how physical memory gets used, and VolumeID, for troubleshooting disk image backup and restore problems.
How can I use Process Explorer to ease Windows 8 management?
In Windows 8, Task Manager and Process Explorer are pretty similar, and you can replace Task Manager with Process Explorer if you want. You can also kill processes and all their child processes to make your computer run faster. Process Explorer allows you to perform a security analysis or a malware investigation.
You can view your PC's system-utilization details and use Process Explorer to show the users of all the processes running in the background of their machines to remind them to be aware of security.