Tip

Another look at Windows Sysinternals finds yet more useful tools

I can't believe that it has been six years since Microsoft acquired Winternals Software, makers of the beloved Sysinternals tool set for Windows admins and tinkerers. I was concerned about Windows management tools going away as so many other cool technologies do after an acquisition. Luckily, that didn't happen.

There have been a fair number of updates to Windows Sysinternals over the past few years, but one thing hasn't changed much: the fact that so many Windows administrators I bump into have not yet heard of the Windows management tool set, much less used it.

These tools can benefit desktop admins just as much as digital multimeters help electricians. There are just some things you simply cannot do without these programs -- both in the enterprise and (of course) at home when helping friends, relatives and neighbors with their computer problems.

I'm especially fond of Process Explorer and Process Monitor because I use these tools frequently. I've covered other Sysinternals tools that I believe are useful for security tasks, but here are a few more that you may find useful when managing Windows desktops in the enterprise:

Autoruns detail specific items that Windows loads when starting up.

Autoruns can help beef up software debugging by showing all the autostart programs, services, registry keys and anything else imaginable on a Windows desktop, as shown in the screenshot.

Contig allows you to defragment specific files. As you've likely seen, disk defragmenters often ignore certain files, so Contig provides a way to ensure that defragmentation has taken place on all files.

Desktops is a tool for arranging specific programs on specific virtual desktops. Perhaps more of a novelty, it could still boost productivity or otherwise prove useful, depending on an organization's needs (such as those in manufacturing or kiosks).

NotMyFault is a tool for bringing Windows systems to their knees via deliberate crashing, hanging or memory leaks. This could come in handy for resiliency tests, forensics analysis or whatever you can dream up.

RAMMap allows IT admins to map out how physical memory is being utilized, including the caching of data and drivers. The tool supports Windows Vista and above, and just might be the resource you need to justify more memory for your workstations. Or better yet, RAMMap can help justify upgrading to solid-state hard drives which, in my opinion, is the best Windows performance booster ever.

VolumeID is good for troubleshooting problems that may surface with disk image backups and restores, or software licenses and registrations that are tied to your system's volume ID.

More on Windows Sysinternals and security

Clean your Windows systems with Sysinternals tools

Add Sysinternal tools to your Windows security toolbox

Free WinObj utility from Sysinternals offers tracking system resources

Computer systems auditing using the Microsoft Sysinternals suite

Use free open source security tools to find and fix Windows flaws

FAQ: Rootkit detection and malware removal

Just as a network analyzer can provide a view into what's happening at the protocol level on a network, so too can Sysinternals reveal the amazing action behind the scenes of a Windows computer. When you load tools such as Process Monitor or Autoruns, you realize just how complex the Windows operating system truly is.

With so much taking place in the background, it's a wonder that our computers are as stable as they are. But this complexity also underscores the very reason why Windows desktops have such trouble with malware.

Are you using the Sysinternals tools? If not, you should be. They are useful for administration, troubleshooting or forensics analysis, and merely getting familiar with the Windows operating system. Whether you have physical systems or virtual machines, you can't dig any deeper into Windows than what these tools allow you to do. Also, check out the book Windows Sysinternals Administrator's Reference, which covers the tool set in detail.

This was first published in September 2012

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.