Microsoft

SolutionBase: Free PsTools make life easier for Windows admins

One of the biggest drawbacks of administering Windows systems is that so many admin tasks must be done using the GUI. See how Sysinternals' PsTools can help change that with a free download.


In many ways, Linux/UNIX administrators have it good. They have long-tested utilities built into their operating systems that make administration much easier. With command line utilities to kill processes, granularly list processes, and do a whole host of other important tasks, Linux/UNIX admins can easily and quickly manage and troubleshoot problems with processes, users, and the system without ever having to touch a mouse. Sure, you can avoid the mouse in Windows, if you really want to memorize a bunch of key combinations, but it's not as easy as simply remembering a command (or even customizing your own commands) to do a common task.

However, Sysinternals has come up with a solution that helps even the field a little bit for Windows admins. Sysinternals provides freeware Windows utilities, collectively called PsTools, that provide twelve indispensable utilities, including psinfo, which lists a slew of details about the current system, and pskill, which kills processes quickly and easily from the command line.

What about the resource kit?
At first glance, you might wonder why Sysinternals bothered to write a kill utility given the fact that there is a perfectly good version available in various Windows resource kits. The beauty of Sysinternals' version of kill—along with most of its other utilities—is that, unlike the resource kit version, the SysInternals version of kill can terminate processes on both the local computer as well as remote computers. This assumes, of course, that you have a valid administrative username and password for the remote system.

The complete list
The complete list of utilities included in PsTools version 2.01, as of this writing, is shown in Table A, along with the versions of Windows that each of the tools will work on.

Table A
Utility Description NT351 NT4 2K XP 2K3
PsExec Runs programs from a local or remote system, with full console interactivity. Y Y Y Y Y
PsFile Shows a list of files currently open on either the local or remote machine. Also provides the ability to close open files on a machine. Y Y Y Y N
PsGetSid Reports the security identifier (SID) of a computer or user. N Y Y Y Y
PsKill Immediately terminates a running process on a local or remote computer. Y Y Y Y N
PsInfo Provides a plethora of information about the target computer including the build, owner, service pack level, hardware information, and more. N Y Y Y Y
PsList Views the running processes and threads on the target computer including CPU and RAM statistics. N Y Y Y N
PsLoggedOn Provides a list of users currently logged into a machine either locally or over the network. Alternatively, it can search the local network to determine if a particular user is logged on to any servers. N Y Y Y N
PsLogList Retrieves the contents of the event logs from either the local or a remote system. Y Y Y Y Y
PsPasswd Changes the password of the specified account. Also works locally or on remote systems. N Y Y Y Y
PsService Manages services on local or remote machines. Includes the ability to search the network for a particular service. Y Y Y Y N
PsShutdown Shutdown, reboot, log off the console user, or lock the console for the local machine or on a remote computer. N Y Y Y Y
PsSuspend Suspends a running process to free up resources. Also used to resume a previously suspended process. N Y Y Y N
PsUptime Moved to PsInfo. N Y Y Y Y

Usage
All of the PsTools utilities use a fairly common syntax. Of course, there are some differences among them since they serve different functions, but all of them include at least a few common optional parameters:
  • \\computer – This is the name of the target system. If this parameter is omitted, the utility will run against the local machine.
  • -u username – Certain functions require administrative rights on a remote machine. Use this parameter to provide a username that has the appropriate rights.
  • -p password – This is used for the password for the user specified in the -u parameter.

These utilities can accept multiple remote computer names in the event that you want to run a tool against multiple machines. This can be particularly useful, for example, if you want to run PsInfo on a number of machines to check for the installation of specific hot fixes.

For more specific information on usage for each command, use the <command name> -? command to look at the help file.

Examples
Here are a couple of examples to give you an idea as to how PsTools can help you in your daily work.

The psgetsid utility will provide the SID for the current machine or for the currently logged-in user. This example shows psgetsid retrieving the security identifier for the local machine.

The next example runs on the same machine, but this time, I have specified a user account. This will make psgetsid report the SID for that particular user account, assuming it exists.

Finally, this example shows the output from the psinfo –h command. The -h parameter forces psinfo to look for the installed hot fixes on the target machine. This can make it a little easier to determine where patches have been applied and where they are missing.

Summary
Since Sysinternals gives them away for free, and since PsTools provide extremely valuable tasks that can make life easier for almost every Windows administrator, it makes sense for Windows admins to give them a try. If nothing else, you won't be so jealous of Linux/UNIX admins and all their command-line tools anymore.

Editor's Picks