Bill Detwiler: In January, I showed you how Sysinternalstools like Autoruns and Process Explorer could make your job easier.
Well, I'm Bill Detwiler, and during this episode of TR Dojo,I'm back with a list of five Sysinternals command-line tools for those of whoprefer a prompt to a GUI.
During an earlier Sysinternals episode, I covered bothcommand-line tools like PsList, PsKill, Contig MoveFile along with GUI-basedtools like Process Explorer and Autoruns, Contig.
While extremely helpful, these utilities are just the tip ofthe iceberg. Microsoft's Sysinternals Suite contains dozens of highly usefultools. And during this show, I'll explore five more tools for those IT prosthat would rather operate from the command line.
Before we begin, remember that you can download individualSysinternals tools or the entire Sysinternals Suite from Microsoft's TechNet.You can also run many of the tools directly from the Web via Microsoft'sSysinternals Live service. I'll link to both from the TR Dojo.
First on our list is SDelete, which helps you securelydelete files and folders. The utility uses the Department of Defense standardDoD 5220.22-M for clearing data. Essentially it overwrites each character of afile with random values.
SDelete is a command-line utility that has a variety ofparameters. For example, you can use the -p argument to specify the number ofoverwrite passes and the -z argument to cleanse a drive's free space.
For more information on how SDelete works and all itsparameters, check out the Windows Sysinternals website, which I'll link to inthis episode's blog notes.
Second on our list is PsInfo, which can give you lots ofhelpful information on a local or remote system. Enter psinfo at a commandprompt, and the tool will return data such as the version of Windows, currentservice pack, activation status, IE version, number of processors, processorspeed, physical memory, video driver, and more.
You can even customize the results through the tool'sparameters. For example, using -s shows a list of installed applications.
By default, the tool returns data on the local system. But,you can get information on remote machines, by simply including the system'sname with the command. You can even run the command using a text file tospecify a list of remote systems.
Just know that you'll need to enable the Remote Registryservice on the remote machines. You'll also need to run PsInfo from an accountthat can access the HK Local Machine\System area of the remote machine'sRegistry.
The third tool worth learning is Disk Usage. This commandline tool can quickly give you important information about a directory--suchthe number of files and subdirectories it contains, its size, and its size ondisk.
Sure, you can get this information from Windows Explore, butwhere's the fun in that. And hey, sometimes using the command line is justquicker.
To use the utility, open a command prompt and enter d ufollowed by the directory's path. You can even tailor the tool's output withparameters such as -u, which counts only unique occurrences with in the targetdirectory.
The fourth tool on our list is Handle. This utility lets youwhich application has a particular file or directory open.
As with the Disk Usage, there's a GUI version of this toolprovided in Sysinternals' Process Explorer utility. But for those who love thecommand line, Handle and be really handy.
Now, you'll need admin privileges to use this tool andyou'll likely want to tailor its output using one of it's many parameters.
For example, you can specify the file or directory you wantHandle to scan by including its name after the command. You can also a varietyof parameters to modify the scan, such as the -u, which shows the owning username when searching for handles. You can even close a specific handle by usingthe -c parameter and the handle's process ID.
Last on our list of Sysinternals command-line tools isRegJump. This handy tool let's quickly "jumping" to a specificregistry path.
Simply type RegJump, followed by a registry path, at acommand prompt and viola, a Registry Editor window opens with the specifiedpath selected. Better still, RegJump supports both the standard and abbreviatedform of the registry's root keys. For example, you could type outHKEY-CURRENT-USER or just use H K C U.
Well that does it for this episode. For information on evenmore Sysinternals tools, check out Derek Schauland 's article, "10 moreSysinternals utilities to keep handy,"--on which this video is based.
I'll link to it from the TR Dojo blog.
And as always, for more teachings on YOUR path to becomingan IT Ninja, visit trdojo.techrepublic.com, sign-up for our email newsletter,or follow me on Twitter.
Thanks for visiting the TR Dojo.
