Originally a standalone toolset, written and hosted by Mark Russinovich and Bryce Cogswell, Sysinternals was acquired by Microsoft nearly three years ago. I shuddered at the thought of the acquisition. I even hurried to do a quick download of the tools in case they were suddenly unavailable. Fortunately, Microsoft has mostly left things alone, and in many cases, they have made them better.
A note of warning: With the power Sysinternals tools bring to the table, they're not for everyone. In fact, used incorrectly, these tools can really jam up a system -- so proceed with confidence and caution.
The specific Sysinternals tools that have helped me over the years are:
- AccessChk and AccessEnum: Used to enumerate Windows user rights and privileges
- Process Explorer (the most popular of them all): Used for probing Windows processes and killing hung ones that Windows Task Manager can't seem to handle
- Process Monitor: For monitoring real-time file, registry, etc. activity
- PsTools: To control remote Windows systems
- RootkitRevealer: For finding Windows-based rootkits
- ShareEnum: For enumerating Windows shares on the network
- TCPView: To determine what's using specific TCP connections
And here are a couple of other gadgety-type tools that may help you:
- DiskMon: A hard disk activity light which comes in handy for troubleshooting things on computers that don't have one
- ZoomIt: For zooming in and marking up presentations
Don't want to mess with downloading and unzipping the entire Sysinternals suite to your system? Visit live.sysinternals.com where you can download individual tools quickly and easily. I especially like the Sysinternals Utilities Index that describes the purpose of each tool (which I sometimes forget) as well as provides a link to the download and usage page for each tool.
If you take Windows administration and security seriously, you must familiarize yourself with the Sysinternals tools. I'm still amazed at how many IT professionals haven't heard of or use them in their daily work. So go ahead, download these tools and explore what they have to offer. Once you see what they can do for your day-to-day management and troubleshooting duties in Windows, you'll realize you can't function without them.
|ABOUT THE AUTHOR:|
Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic, LLC. Kevin specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). He's also the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at kbeaver /at/ principlelogic.com.
This was first published in February 2009