Bill Detwiler: There are lots both third-party and built-in tools designed to help you administer Windows systems. But perhaps none earn more kudos than the bundled utilities that are part of Mark Russinovich and Bryce Cogswell's Sysinternals Suite. They're so good, in fact, that Microsoft acquired them back in 2006.
I'm Bill Detwiler, and during today's TR Dojo episode, I'll take at five of the handiest tools Sysinternals has to offer.
You can download individual Sysinternals tools or the entire Sysinternals Suite from Microsoft's TechNet. You can also run many of the tools directly from the Web via Microsoft's Sysinternals Live service. I'll link to both from the TR Dojo.
First on the list are two tools that you'll use together most of the time - PsList and PsKill. The first allows you to see processes on a machine and lists the process IDs. Once you know the ID, you can then use PsKill to terminate the process.
These tools can be really helpful if you have a runaway process consuming a ton of system resources or you suspect a process might actually be malware.
Now, there are several switches for both PsList and PsKill that you can use to tweak how they work. For example the - x switch will give you the process ID, memory information, and thread details.
Entering either command following by a slash and a question mark will give a list off all the available switches.
Next is Process Explorer, which is a great tool for digging into open files or resources.
Let's say you're trying to open a file, but Windows is telling you that it's already in use. Process Explorer can help determine which application or process has the file open.
It is a GUI-based utility and can be used as a Task Manager replacement. The utility has two panes of information.
The top pane shows currently active processes on your system and includes information about the name, the account that owns the process, and the CPU usage of the process.
The bottom pane has two modes of operation, handle mode and DLL mode. When handle mode is enabled, selecting a process in the top portion of the window will show you the handles that the process has open. In DLL mode, the pane displays the DLLs and memory-mapped files loaded by the selected process.
The third tool on our list, called Autoruns, is a handy way to learn which applications are being run when Windows starts. And, having this information can help you track down both misbehaving programs and malicious software.
When executed, the Autoruns utility looks through all the locations where applications are listed to automatically launch. Then, it displays them in a tabbed, easy-to-follow GUI.
If you're having trouble with single file that's constantly becoming fragmented and hurting an application's or the system's performance, you could defragment the entire drive. But, why defrag the drive when it's just one file causing the problem?
Sysinternals has a better option - Contig.
This utility let's you defragment a single file, and is a great way to save time and effort.
The last tool in our list is called MoveFile.
Now, there are plenty times when files need to be moved or deleted to help get things cleaned off a PC - possibly due to malware, bots, and viruses.
Sometimes, if the files are in use, Windows prevents actions on them until they are closed or the computer is rebooted. MoveFile provides an API that marks files for move/rename/delete actions at the next restart of the Windows system. Doing this allows the file to be acted on before it is referenced by the system.
Well, that does it for this episode. For information on another five of the handiest tools Sysinternals has to offer, check out Derek Schauland 's article 10 Sysinternals tools you shouldn't be without -- on which this video is base. I'll link to it from the TR Dojo blog.
And as always, for more teachings on YOUR path to becoming an IT Ninja, visit trdojo.techrepublic.com, or you can follow me on Twitter at twitter.com/billdetwiler.
Thanks for visiting the TR Dojo.
