I can't believe that it has been six years since Microsoft acquired Winternals Software, makers of the beloved
Sysinternals tool set for Windows admins and tinkerers. I was concerned about Windows management tools going away as so many other cool technologies do after an acquisition. Luckily, that didn't happen.
There have been a fair number of updates to Windows Sysinternals over the past few years, but one thing hasn't changed much: the fact that so many Windows administrators I bump into have not yet heard of the Windows management tool set, much less used it.
These tools can benefit desktop admins just as much as digital multimeters help electricians. There are just some things you simply cannot do without these programs -- both in the enterprise and (of course) at home when helping friends, relatives and neighbors with their computer problems.
I'm especially fond of Process Explorer and Process Monitor because I use these tools frequently. I've covered other Sysinternals tools that I believe are useful for security tasks, but here are a few more that you may find useful when managing Windows desktops in the enterprise:
Contig allows you to defragment specific files. As you've likely seen, disk defragmenters often ignore certain files, so Contig provides a way to ensure that defragmentation has taken place on all files.
Desktops is a tool for arranging specific programs on specific virtual desktops. Perhaps more of a novelty, it could still boost productivity or otherwise prove useful, depending on an organization's needs (such as those in manufacturing or kiosks).
NotMyFault is a tool for bringing Windows systems to their knees via deliberate crashing, hanging or memory leaks. This could come in handy for resiliency tests, forensics analysis or whatever you can dream up.
RAMMap allows IT admins to map out how physical memory is being utilized, including the caching of data and drivers. The tool supports Windows Vista and above, and just might be the resource you need to justify more memory for your workstations. Or better yet, RAMMap can help justify upgrading to solid-state hard drives which, in my opinion, is the best Windows performance booster ever.
VolumeID is good for troubleshooting problems that may surface with disk image backups and restores, or software licenses and registrations that are tied to your system's volume ID.
More on Windows Sysinternals and security
Clean your Windows systems with Sysinternals tools
Add Sysinternal tools to your Windows security toolbox
Free WinObj utility from Sysinternals offers tracking system resources
Computer systems auditing using the Microsoft Sysinternals suite
Use free open source security tools to find and fix Windows flaws
FAQ: Rootkit detection and malware removal
Just as a network analyzer can provide a view into what's happening at the protocol level on a network, so too can Sysinternals reveal the amazing action behind the scenes of a Windows computer. When you load tools such as Process Monitor or Autoruns, you realize just how complex the Windows operating system truly is.
With so much taking place in the background, it's a wonder that our computers are as stable as they are. But this complexity also underscores the very reason why Windows desktops have such trouble with malware.
Are you using the Sysinternals tools? If not, you should be. They are useful for administration, troubleshooting or forensics analysis, and merely getting familiar with the Windows operating system. Whether you have physical systems or virtual machines, you can't dig any deeper into Windows than what these tools allow you to do. Also, check out the book Windows Sysinternals Administrator's Reference, which covers the tool set in detail.