If you are confused about finding the ideal tools for managing, diagnosing, troubleshooting, monitoring, etc., in a Microsoft environment, Sysinternals is the solution for you. It is a suite with more than 70 freeware utilities that anyone can use without installation.
In this article, we will discuss what is Windows Sysinternals, how to install the Sysinternals suite, and the list of utilities in Sysinternals.
Sysinternals is a suite of utilities designed to help IT professionals and power users manage, diagnose, troubleshoot, and monitor Windows systems and applications. It was originally developed by Mark Russinovich and Bryce Cogswell and was acquired by Microsoft in 2006.
Windows Sysinternals was previously known as Winternals and was first launched in 1996. Microsoft acquired the Winternals software later in 2006. At present, Microsoft offers Windows Sysinternals as a set of Windows utilities that can be freely downloaded as a complete collection or as individual tools.
Windows Sysinternals has been developed with the aim of offering IT professionals a range of technical resources and utilities for efficiently managing, diagnosing, troubleshooting, and monitoring Windows systems. This comprehensive suite has gained significant recognition and appreciation within the IT professional community for its wide array of capabilities.
The utilities provided by the Sysinternals site can be organized into six main categories to cater to different system management needs:
File and Disk: This category offers utilities that monitor file usage and disk status. Notably, Process Monitor is a highly regarded tool in this section as it provides real-time monitoring of activities in the file system, registry, and processes.
Networking: Here, you can find applications designed to troubleshoot and monitor connections on both desktop and server systems. TCPView, a tool for checking TCP and UDP endpoints, and PS Tools, a set of command-line utilities facilitating remote system monitoring and management, are among the popular choices in this category.
Process: This section contains utilities that aid in monitoring and troubleshooting running applications. Process Explorer, a well-known tool within this category, allows users to track the files and directories accessed by a specific process.
Security: The Security category hosts utilities focused on security-related tasks. For instance, Autoruns is a valuable tool that reveals the applications configured to start automatically during system boot-up, assisting in identifying potential security risks.
System Information: Applications in this category provide general information about workstations or servers, aiding in understanding system configurations and capabilities.
Miscellaneous: This section encompasses utilities that do not fit neatly into the other categories and typically offer limited diagnostic or troubleshooting capabilities. BgInfo is an example of a popular download in this category, which creates a background image displaying essential system configuration details like the IP address and computer name.
The categorization ensures easy access to the appropriate tools for specific system management and troubleshooting tasks.
Sysinternals can be freely downloaded as a complete collection or as individual tools from Microsoft’s official website. You can download the Sysinternals Suite from three different places.
From Microsoft’s official website.
From Microsoft Store
Using Sysinternals Live
To download the full suite of tools, open the Sysinternals Utilities Index, choose the suite as per your requirement, click download, and start downloading it.
The downloaded file will be in a zip format. You should extract the content to use.
You can execute the tool of you choose to use it.
To download the Sysinternals Suite from the Microsoft Store:
1. Visit Microsoft Store
2. Search for ‘Sysinternals’ and click on the ‘get’ button
3. We can download and use it directly
Sysinternals Live is an alternative method provided by Microsoft to access and use Sysinternals tools. It allows you to directly execute Sysinternals tools by entering the tool’s Sysinternals Live path into the Run dialog. With Sysinternals Live, you can quickly and conveniently utilize the power of Sysinternals tools without the need for downloading and installing them individually.
Visit the Live page of Sysinternals where we can view the entire list of tools. We can directly download all tools from here and execute them.
To execute the Sysinernals tools from the live, open the ‘Run’ dialog box or click Win + R and give input in the below format \\live.sysinternals.com\tools\<toolname>, for example, \\live.sysinternals.com\tools\PsExec.exe.
When accessing Sysinternals tools via Sysinternals Live, a security warning may appear, prompting you to click “Run” in order to proceed with the execution of the tool. This security warning is a standard precautionary measure to ensure that you are aware of and consent to the execution of the tool on your system. By clicking “Run,” you can proceed with using the Sysinternals tool and leverage its functionalities for system management and analysis.
Sysinternals has a long list of tools in its suite. Let’s see some of the most likely used by IT professionals.
AccessChk: A command-line utility that provides a comprehensive view of the effective permissions on system entities like files, registry keys, services, processes, and kernel objects.
AccessEnum: This tool allows you to identify and analyze access permissions on directories, files, and registry keys. It helps find security vulnerabilities and gaps in permissions.
Autologon: This tool enables you to bypass the password screen during the logon process.
Autoruns: It provides a comprehensive list of programs configured to automatically start when the system boots. It also shows the registry and file locations where autostart settings are configured.
BgInfo: This program generates desktop backgrounds that display essential system information, such as IP addresses, computer names, network adapters, and more.
BlueScreen: This screen saver accurately simulates blue screens and system reboots, complete with the CHKDSK utility.
CacheSet: It allows you to control the working set size of the cache manager on Windows NT-based systems, optimizing memory usage. It is compatible with all versions of NT.
ClockRes: This tool enables you to view the resolution of the system clock, which indicates the maximum timer resolution available.
DebugView: It intercepts calls made to DbgPrint by device drivers and OutputDebugString made by Win32 programs. DebugView enables viewing and recording of debug session output on your local machine or even across the Internet without requiring an active debugger.
Desktops: This tool allows you to create and manage up to four virtual desktops. It provides a tray interface and hotkeys to preview the content on each desktop and easily switch between them, enhancing productivity and organization.
Disk2vhd: Disk2vhd simplifies the process of migrating physical systems into virtual machines (P2V). It creates virtual hard disk (VHD) files from physical disks, enabling a seamless transition to virtualized environments.
DiskExt: It displays volume disk mappings, providing information about the physical disks and partitions associated with volumes on your system.
DU (Disk Usage): DU allows you to view disk usage information for specific directories, providing insights into the space occupied by files and folders.
EFSDump: EFSDump enables you to view information related to encrypted files, offering details about encryption attributes, keys, and other relevant data.
LoadOrder: LoadOrder enables you to see the order in which devices are loaded on your Windows NT/2000 system, providing insights into the system boot process.
LogonSessions: LogonSessions lists the active logon sessions on a system, displaying information about user sessions and their associated processes.
MoveFile: MoveFile allows you to schedule, move, and delete commands for the next system reboot, facilitating file operations that cannot be performed while the system is running.
PsExec: PsExec enables the execution of processes on remote systems, allowing for remote command execution and management.
PsFile: PsFile provides visibility into files that are opened remotely, allowing you to see which files are being accessed on remote systems.
PsGetSid: PsGetSid displays the Security Identifier (SID) of a computer or user, providing a unique identifier for system identification and management purposes.
PsInfo: PsInfo allows you to obtain detailed information about a system, providing insights into hardware, software, and configuration details.
PsKill: PsKill allows the termination of local or remote processes, providing a way to end specific processes that may be causing issues or consuming resources.
PsList: PsList shows information about processes and threads running on a system, offering an overview of active processes and their details.
PsLoggedOn: PsLoggedOn displays users who are currently logged on to a system, helping to identify active user sessions.
PsLogList: PsLogList enables the dumping of event log records, allowing for the retrieval and analysis of event log data.
PsPasswd: PsPasswd facilitates the changing of account passwords, providing a command-line interface for password management.
PsPing: PsPing measures network performance, allowing for network latency and bandwidth testing between systems.
PsService: PsService provides the ability to view and control services on local or remote systems, offering service management capabilities.
PsShutdown: PsShutdown allows for the shutdown and optional reboot of a computer, providing a command-line interface for system shutdown operations.
PsSuspend: PsSuspend enables the suspension and resumption of processes, allowing for the temporary pausing of specific processes.
PsTools: PsTools is a collection of command-line utilities that includes tools for listing processes on local or remote computers, executing processes remotely, rebooting computers, dumping event logs, and more. It offers a comprehensive set of system management and analysis utilities.
Sysmon: Sysmon monitors and reports key system activities by leveraging the Windows event log. It provides detailed information about process creation, network connections, file creation, and other important system events.
TCPView: TCPView is a command-line viewer that displays active sockets and their corresponding processes. It allows you to monitor network connections and view information such as local and remote IP addresses, port numbers, and connection status.
VMMap: VMMap is a utility that provides analysis of virtual and physical memory usage by processes. It offers insights into how memory is allocated and utilized by specific applications, helping in-memory optimization and troubleshooting.
Whois: Whois is a tool that allows you to retrieve information about the ownership and registration details of an Internet address, such as a domain name or IP address. It provides insights into the organization or individual associated with the address.
ZoomIt: ZoomIt is a presentation utility that enhances screen sharing and presentations by enabling zooming and on-screen drawing. It allows you to focus on specific areas of the screen and annotate content in real time during presentations or demonstrations.
With Sysinternals, you can do a wide range of things on Windows systems. Its wide set of tools gives you full visibility into the inner workings of your system. You can monitor processes, services, performance, network connections, and more. You can use Sysinternals to find security threats, detect rootkits, troubleshoot system issues, and automate administrative tasks. Additionally, Sysinternals includes utilities to manage disk usage and system resource allocation. Sysinternals allows you to make changes to your system quickly and easily, giving you unparalleled control over your computer. This makes it an invaluable tool for troubleshooting, system optimization, and general system maintenance.
Here are some of the things that you can do with Sysinternals:
Monitor active processes, services, registry entries, and file activity.
Check the network connectivity status of each computer on the network.
Analyze CPU usage and memory utilization of processes.
View detailed information about installed software programs.
Detect rootkits in hardware or hard drive partitions.
Manage user accounts more easily with Local User Manager (LUSRMGR.EXE).
Automate system maintenance tasks with Task Scheduler (TASKLIST.EXE).
Manage the operation of Windows Services with Service Manager (SRVMGR.EXE).
Analyze and diagnose system errors and performance issues with Process Explorer (PROCEXP.EXE).
Search for files on local or network drives using Findstr (FINDSTR.EXE).
Monitor TCP/IP connections and view data traffic with TCPView (TCPVIEW.EXE)
Quickly capture screenshots of your computer with Autoruns (AUTORUNS.EXE).
Create detailed reports about logon sessions, registry entries, file shares, services, drivers, events, and more with the LogonSessions utility (LOGONSESSIONS.EXE).
Sysinternals will be a very handy tool for all kinds of requirements for Windows. It can be the go-to solution, as there are more than 70 utilities that can be executed without installation. I hope this article, it was clear about what is Windows Sysinternals, how to install the Sysinternals suite, some of the list of utilities in Sysinternals, and what can you do with Sysinternals Suite.
Please share this post and help secure the digital world. Visit thesecmaster.com for more technological content or follow our social media page on Facebook, Instagram, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive information like this.
You may also like these articles:
Aroma is a cybersecurity professional with more than four years of experience in the industry. She has a strong background in detecting and defending cyber-attacks and possesses multiple global certifications like eCTHPv2, CEH, and CTIA. She is a pet lover and, in her free time, enjoys spending time with her cat, cooking, and traveling. You can connect with her on LinkedIn.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.