IT admin's guide to the Sysinternals suite
A comprehensive collection of articles, videos and more, hand-picked by our editors
If there's been one constant in my working on Windows OSes since I started getting serious about them in the early...
1990s, it has to be the consistently great tools from the Sysinternals team. A dynamic duo of developers named Mark Russinovich and Bryce Cogswell started this phenomenon in 1996.
Simply put, the Sysinternals utilities offer some of the best capabilities for monitoring Windows at work available anywhere. You can access those utilities online through Sysinternals Live, or download them in the form of a collection called the Sysinternals Suite, via a Utilities Index, or one at a time by accessing any of the following categories:
- File and Disk Utilities
- Networking Utilities
- Process Utilities
- Security Utilities
- System Information Utilities
- Miscellaneous Utilities
In the sections that follow, I'll discuss the Sysinternals utilities under those very same headings, with shoutouts to my personal favorites, and occasional saviors, Windows-wise.
In this group, my favorites include Disk2vhd (a great way to save old OSes before upgrading or replacing them with new ones, for ongoing use as VMs), DiskMon, DiskView and PendMoves which makes it simple to schedule stubborn files for deletion when you can trash them any other way.
In this group, my favorites are TCPView and Whois, but then I'm an IP guy from way back. I understand that the AD tools are quite handy as well.
If any Sysinternals category is the mother lode, this is it. I've used all of these often and with gratitude, except for VMMap, PSGetSID and ProcDump. Autoruns, Process Explorer and PSTools are insanely great.
AccessChk and AccessEnum are absolutely terrific at helping to illuminate and fix access rights or permissions problems for server shares, resources, files and registry keys. Logon info is helpful, too, especially when servers need to be shut down or VM pools managed or moved.
I don't venture much into this niche, but hardcore kernel and driver developers tell me all of these tools are useful when they're needed. Most admins won't need them much, if at all.
Many of these are hardcore developer tools and outside my bailiwick. I've used BgInfo, Desktops, Hex2dec, and RU with great delight, however.
If all this still isn't enough for you, there's a Microsoft Press book that deals with these tools in detail with considerable panache. It's called the Windows Sysinternals Administrator's Reference by Mark Russinovich and Aaron Margosis. It includes a recitation of the organization's history from the man himself, and provides lots of detailed discussion of the utilities, along with copious examples of how to exercise their sometimes-overwhelming array of features and capabilities. For those who really want to dig in, it's worth running down a copy (or taking advantage of Microsoft's promotion that runs through June 15, 2015, that grants one free MS press book to anyone who passes an MCP exam on or before that date).
Ed Tittel is a full-time freelance writer who specializes in IT Certification, Windows operating systems, information security, and markup languages, who also occasionally works as a consultant and expert witness. He blogs three times a week for TechTarget at Windows Enterprise Desktop, and also blogs weekly for PearsonITCertification.com (IT Certification Success), Tom's IT Pro and GoCertify.
Read about NirSoft's tools
Get the most out of Windows Sysinternals tools
Gain Windows management, troubleshooting and security tools with Sysinternals