Five most useful Windows Sysinternals tools

If you need to gain insight into Windows systems, Sysinternals utilities are among the best tools. Microsoft’s collection goes way beyond the functionality of native Windows tools and provides some fairly advanced capabilities.

The Windows Sysinternals site contains dozens of free utilities for viewing or troubleshooting individual operating system components. Before we look at my picks, be aware the Sysinternals library has existed for some time. Many of the tools were created for older OSes such as Windows XP or Vista, so not every tool in the Sysinternals collection will work with modern Windows versions.

Although none of these utilities is designed specifically for Windows 8, some of them can help address Windows 8 problems. Explore five Sysinternals tools any IT professional troubleshooting Windows endpoints should know about.

AccessChk

We have all run into situations in which a seemingly simple repair or maintenance operation is halted by unexpected security restrictions. The AccessChk utility helps you determine which permissions are in effect.

The tool works for files, folders, registry keys, Windows services and global objects. AccessChk is also useful for verifying system resources have received the proper level of security.

Handle

One of the more frustrating experiences for an end user is the inability to save, move or rename a file because Windows claims that the file is in use. The Handle utility (which is now in version 4.0) displays information about open handles for any system process. In other words, you can use Handle to figure out which program has a file locked open.

Process Explorer

Process Explorer is an excellent tool for anyone tracking down a system performance problem. It displays all of the processes running on the system, as well as the CPU and memory usage for each process.

Although some might be quick to point out Windows Task Manager offers similar functionality, Process Explorer offers capabilities far beyond those of the Task Manager. In fact, Process Monitor includes a menu option that lets you replace Task Manager with Process Explorer.

Process Explorer has lots of information about the processes running on a system. In addition to basic resource statistics, the software lists the name of the vendor that created the process and a (usually) meaningful description of what the process is or what it does.

A tree view shows the dependencies for each process. Hovering over a process with the mouse pointer displays information such as the command line used to launch the process, the path to the process executable and the system services related to the process.

Process Explorer can help detect malware by verifying image signatures and checking VirusTotal.com to see if the process is related to a virus.

In addition, the software can terminate, suspend or restart a process, and adjust a process’s priority, among other functions.

PsTools

PsTools is a collection of 13 command-line tools you can use for diagnostic purposes. For example, the PsInfo command provides basic information such as the Windows version, system uptime, the kernel build number, the processor type and the amount of memory available in the system.

However, the PsInfo tool may have a bug related to memory reporting. My computer has 16 GB of physical memory, but the utility reported less than 2 GB of memory.

PsTools includes the following tools:

  • PsExec: Remotely executes processes
  • PsFile: Shows files opened remotely
  • PsGetSid: Displays the computer’s SID
  • PsPing: Measures network performance
  • PsInfo: Displays basic information about the system
  • PsKill: Terminates a running process
  • PsList: Lists detailed information about running processes
  • PsLoggedOn: Shows who is logged onto the system, both locally and through resource sharing
  • PsLogList: Dumps event log records
  • PsPassword: Changes account passwords
  • PsService: A command-line tool for viewing and controlling system services
  • PsShutdown: Forces a reboot or a shutdown of the system
  • PsSuspend: Suspends a running process

All of the PsTools functions exist in PowerShell but, there are advantages to using PsTools. First, it works across OS versions—including Windows XP, Windows Server 2003 and higher. Second, the tools included in PsTools tend to be easier to use than some of the PowerShell cmdlets.

TCPview

TCPView is an excellent tool for troubleshooting network problems. It displays a near-real-time view of how the processes on a system are using the networking stack. For each process, you can view the Process ID, protocol, local address and local port number, remote address, and remote port number. Admins can also see state, the number of sent packets, the number of sent bites, the number of received packets and the number of received bytes.

Although this information would be extremely helpful by itself, a few other features make TCPView really useful. For starters, the tool uses highlighting to show which processes are using the network at a given moment.

The tool also lets you view properties (such as the underlying executable file) for each process, and you can terminate a process or close a network connection with a couple of mouse clicks. The utility even includes a Who Is function that helps you determine the identity of an unknown connection.

To effectively troubleshoot a system you need accurate diagnostic information. Although the diagnostic information TCPview displays is viewable in other areas of the OS, showing the information on the desktop is a huge timesaver if you are tasked with diagnosing a problem.

There are many other excellent Sysinternals utilities, including Active Directory Explorer, BgInfo and Process Monitor. You can even download the entire software suite as a bundle.

Επιστροφή...

Update cookies preferences