Table of Contents
  • Home
  • /
  • Blog
  • /
  • What Is Windows Sysinternals? How to Get the Sysinternals Suite?
January 11, 2024
|
11m

What Is Windows Sysinternals? How to Get the Sysinternals Suite?


What Is Windows Sysinternals And How To Get The Sysinternals Suite

If you are confused about finding the ideal tools for managing, diagnosing, troubleshooting, monitoring, etc., in a Microsoft environment, Sysinternals is the solution for you. It is a suite with more than 70 freeware utilities that anyone can use without installation.

In this article, we will discuss what is Windows Sysinternals, how to install the Sysinternals suite, and the list of utilities in Sysinternals.

What Is Windows Sysinternals?

Sysinternals is a suite of utilities designed to help IT professionals and power users manage, diagnose, troubleshoot, and monitor Windows systems and applications. It was originally developed by Mark Russinovich and Bryce Cogswell and was acquired by Microsoft in 2006.

Windows Sysinternals was previously known as Winternals and was first launched in 1996. Microsoft acquired the Winternals software later in 2006. At present, Microsoft offers Windows Sysinternals as a set of Windows utilities that can be freely downloaded as a complete collection or as individual tools.

Windows Sysinternals has been developed with the aim of offering IT professionals a range of technical resources and utilities for efficiently managing, diagnosing, troubleshooting, and monitoring Windows systems. This comprehensive suite has gained significant recognition and appreciation within the IT professional community for its wide array of capabilities.

Categories of Sysinternals Suite

The utilities provided by the Sysinternals site can be organized into six main categories to cater to different system management needs:

  1. File and Disk: This category offers utilities that monitor file usage and disk status. Notably, Process Monitor is a highly regarded tool in this section as it provides real-time monitoring of activities in the file system, registry, and processes.

  2. Networking: Here, you can find applications designed to troubleshoot and monitor connections on both desktop and server systems. TCPView, a tool for checking TCP and UDP endpoints, and PS Tools, a set of command-line utilities facilitating remote system monitoring and management, are among the popular choices in this category.

  3. Process: This section contains utilities that aid in monitoring and troubleshooting running applications. Process Explorer, a well-known tool within this category, allows users to track the files and directories accessed by a specific process.

  4. Security: The Security category hosts utilities focused on security-related tasks. For instance, Autoruns is a valuable tool that reveals the applications configured to start automatically during system boot-up, assisting in identifying potential security risks.

  5. System Information: Applications in this category provide general information about workstations or servers, aiding in understanding system configurations and capabilities.

  6. Miscellaneous: This section encompasses utilities that do not fit neatly into the other categories and typically offer limited diagnostic or troubleshooting capabilities. BgInfo is an example of a popular download in this category, which creates a background image displaying essential system configuration details like the IP address and computer name.

The categorization ensures easy access to the appropriate tools for specific system management and troubleshooting tasks.

How to Get the Sysinternals Suite?

Sysinternals can be freely downloaded as a complete collection or as individual tools from Microsofts official website. You can download the Sysinternals Suite from three different places.

  1. From Microsofts official website.

  2. From Microsoft Store

  3. Using Sysinternals Live

Step 1. Download the Sysinternals Suite

To download the full suite of tools, open the Sysinternals Utilities Index, choose the suite as per your requirement, click download, and start downloading it.

Step 2. Extract the Utilities of Sysinternals Suite

The downloaded file will be in a zip format. You should extract the content to use.

Step 3. Run the Sysinternals Tools

You can execute the tool of you choose to use it.

Step 4. Download the Sysinternals Suite From the Microsoft Store (Alternate way)

To download the Sysinternals Suite from the Microsoft Store:

1. Visit Microsoft Store
2. Search for Sysinternals and click on the get button
3. We can download and use it directly

Step 5. Download the Sysinternals Suite Using Sysinternals Live (Alternate way)

Sysinternals Live is an alternative method provided by Microsoft to access and use Sysinternals tools. It allows you to directly execute Sysinternals tools by entering the tools Sysinternals Live path into the Run dialog. With Sysinternals Live, you can quickly and conveniently utilize the power of Sysinternals tools without the need for downloading and installing them individually.

Visit
the Live page of Sysinternals where we can view the entire list of tools. We can directly download all tools from here and execute them.

Step 6. Execute the Sysinternals Tools Directly from the Sysinternals Live

To execute the Sysinernals tools from the live, open the Run dialog box or click Win + R and give input in the below format \\live.sysinternals.com\tools\<toolname>, for example, \\live.sysinternals.com\tools\PsExec.exe.

Step 7. Accept the Security Warning

When accessing Sysinternals tools via Sysinternals Live, a security warning may appear, prompting you to click Run in order to proceed with the execution of the tool. This security warning is a standard precautionary measure to ensure that you are aware of and consent to the execution of the tool on your system. By clicking Run, you can proceed with using the Sysinternals tool and leverage its functionalities for system management and analysis.

List of Tools in Sysinternals Suite

Sysinternals has a long list of tools in its suite. Lets see some of the most likely used by IT professionals.

  • AccessChk: A command-line utility that provides a comprehensive view of the effective permissions on system entities like files, registry keys, services, processes, and kernel objects.

  • AccessEnum: This tool allows you to identify and analyze access permissions on directories, files, and registry keys. It helps find security vulnerabilities and gaps in permissions.

  • Autologon: This tool enables you to bypass the password screen during the logon process.

  • Autoruns: It provides a comprehensive list of programs configured to automatically start when the system boots. It also shows the registry and file locations where autostart settings are configured.

  • BgInfo: This program generates desktop backgrounds that display essential system information, such as IP addresses, computer names, network adapters, and more.

  • BlueScreen: This screen saver accurately simulates blue screens and system reboots, complete with the CHKDSK utility.

  • CacheSet: It allows you to control the working set size of the cache manager on Windows NT-based systems, optimizing memory usage. It is compatible with all versions of NT.

  • ClockRes: This tool enables you to view the resolution of the system clock, which indicates the maximum timer resolution available.

  • DebugView: It intercepts calls made to DbgPrint by device drivers and OutputDebugString made by Win32 programs. DebugView enables viewing and recording of debug session output on your local machine or even across the Internet without requiring an active debugger.

  • Desktops: This tool allows you to create and manage up to four virtual desktops. It provides a tray interface and hotkeys to preview the content on each desktop and easily switch between them, enhancing productivity and organization.

  • Disk2vhd: Disk2vhd simplifies the process of migrating physical systems into virtual machines (P2V). It creates virtual hard disk (VHD) files from physical disks, enabling a seamless transition to virtualized environments.

  • DiskExt: It displays volume disk mappings, providing information about the physical disks and partitions associated with volumes on your system.

  • DU (Disk Usage): DU allows you to view disk usage information for specific directories, providing insights into the space occupied by files and folders.

  • EFSDump: EFSDump enables you to view information related to encrypted files, offering details about encryption attributes, keys, and other relevant data.

  • LoadOrder: LoadOrder enables you to see the order in which devices are loaded on your Windows NT/2000 system, providing insights into the system boot process.

  • LogonSessions: LogonSessions lists the active logon sessions on a system, displaying information about user sessions and their associated processes.

  • MoveFile: MoveFile allows you to schedule, move, and delete commands for the next system reboot, facilitating file operations that cannot be performed while the system is running.

  • PsExec: PsExec enables the execution of processes on remote systems, allowing for remote command execution and management.

  • PsFile: PsFile provides visibility into files that are opened remotely, allowing you to see which files are being accessed on remote systems.

  • PsGetSid: PsGetSid displays the Security Identifier (SID) of a computer or user, providing a unique identifier for system identification and management purposes.

  • PsInfo: PsInfo allows you to obtain detailed information about a system, providing insights into hardware, software, and configuration details.

  • PsKill: PsKill allows the termination of local or remote processes, providing a way to end specific processes that may be causing issues or consuming resources.

  • PsList: PsList shows information about processes and threads running on a system, offering an overview of active processes and their details.

  • PsLoggedOn: PsLoggedOn displays users who are currently logged on to a system, helping to identify active user sessions.

  • PsLogList: PsLogList enables the dumping of event log records, allowing for the retrieval and analysis of event log data.

  • PsPasswd: PsPasswd facilitates the changing of account passwords, providing a command-line interface for password management.

  • PsPing: PsPing measures network performance, allowing for network latency and bandwidth testing between systems.

  • PsService: PsService provides the ability to view and control services on local or remote systems, offering service management capabilities.

  • PsShutdown: PsShutdown allows for the shutdown and optional reboot of a computer, providing a command-line interface for system shutdown operations.

  • PsSuspend: PsSuspend enables the suspension and resumption of processes, allowing for the temporary pausing of specific processes.

  • PsTools: PsTools is a collection of command-line utilities that includes tools for listing processes on local or remote computers, executing processes remotely, rebooting computers, dumping event logs, and more. It offers a comprehensive set of system management and analysis utilities.

  • Sysmon: Sysmon monitors and reports key system activities by leveraging the Windows event log. It provides detailed information about process creation, network connections, file creation, and other important system events.

  • TCPView: TCPView is a command-line viewer that displays active sockets and their corresponding processes. It allows you to monitor network connections and view information such as local and remote IP addresses, port numbers, and connection status.

  • VMMap: VMMap is a utility that provides analysis of virtual and physical memory usage by processes. It offers insights into how memory is allocated and utilized by specific applications, helping in-memory optimization and troubleshooting.

  • Whois: Whois is a tool that allows you to retrieve information about the ownership and registration details of an Internet address, such as a domain name or IP address. It provides insights into the organization or individual associated with the address.

  • ZoomIt: ZoomIt is a presentation utility that enhances screen sharing and presentations by enabling zooming and on-screen drawing. It allows you to focus on specific areas of the screen and annotate content in real time during presentations or demonstrations.

What Can You Do With Sysinternals?

With Sysinternals, you can do a wide range of things on Windows systems. Its wide set of tools gives you full visibility into the inner workings of your system. You can monitor processes, services, performance, network connections, and more. You can use Sysinternals to find security threats, detect rootkits, troubleshoot system issues, and automate administrative tasks. Additionally, Sysinternals includes utilities to manage disk usage and system resource allocation. Sysinternals allows you to make changes to your system quickly and easily, giving you unparalleled control over your computer. This makes it an invaluable tool for troubleshooting, system optimization, and general system maintenance. 

Here are some of the things that you can do with Sysinternals:

  1. Monitor active processes, services, registry entries, and file activity. 

  2. Check the network connectivity status of each computer on the network. 

  3. Analyze CPU usage and memory utilization of processes. 

  4. View detailed information about installed software programs.

  5. Detect rootkits in hardware or hard drive partitions. 

  6. Manage user accounts more easily with Local User Manager (LUSRMGR.EXE).

  7. Automate system maintenance tasks with Task Scheduler (TASKLIST.EXE).

  8. Manage the operation of Windows Services with Service Manager (SRVMGR.EXE).

  9. Analyze and diagnose system errors and performance issues with Process Explorer (PROCEXP.EXE).

  10. Search for files on local or network drives using Findstr (FINDSTR.EXE).

  11. Monitor TCP/IP connections and view data traffic with TCPView (TCPVIEW.EXE) 

  12. Quickly capture screenshots of your computer with Autoruns (AUTORUNS.EXE). 

  13. Create detailed reports about logon sessions, registry entries, file shares, services, drivers, events, and more with the LogonSessions utility (LOGONSESSIONS.EXE). 

Bottom Line

Sysinternals will be a very handy tool for all kinds of requirements for Windows. It can be the go-to solution, as there are more than 70 utilities that can be executed without installation. I hope this article, it was clear about what is Windows Sysinternals, how to install the Sysinternals suite, some of the list of utilities in Sysinternals, and what can you do with Sysinternals Suite.

Please share this post and help secure the digital world. Visit thesecmaster.com for more technological content or follow our social media page on Facebook, Instagram,  LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive information like this. 

You may also like these articles:

Aroma Rose Reji

Aroma is a cybersecurity professional with more than four years of experience in the industry. She has a strong background in detecting and defending cyber-attacks and possesses multiple global certifications like eCTHPv2, CEH, and CTIA. She is a pet lover and, in her free time, enjoys spending time with her cat, cooking, and traveling. You can connect with her on LinkedIn.

Recently added

Explore

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe