10 more Sysinternals tools to simplify routine Windows admin tasks
Image 1 of 10
DiskMon
ntLast December I put together a list of Sysinternals tools that I found the most useful. Recently, I have been looking through the entire list and found a few more tools that you might keep on a flash drive, just in case the need arises.
n
ntThe first utility on my new list is DiskMon, which looks at all of your hard disk traffic and reports it to the screen. When the window is displayed, the default is to auto scroll the data constantly filling the window as you use your PC. If you minimize the application to the tray (Options | Minimize to tray disk light) DiskMon will blink as it monitors traffic.
n
nt
Disk Usage
ntSometimes finding the size of a directory is convenient, but do you want to know the size on disk? Sure Windows explorer can provide some information about the size of a directory; however ,I haven’t found that method particularly useful. Many times getting to the information when I need it is a bit of a hassle. This command line utility can display the size of the specified directory and files contained within it.
n
ntThe command usage and the arguments it takes are below:
n
ntUsage: du [[-v] [-l ] | [-n]] [-q] (file or directory)
n
- nt
- ntt-l Specify the subdirectory depth to use, the utility defaults to all levels
- ntt-n Don’t recurse
- ntt-q Do not print the banner
- ntt-u Unique files or folders only please
- ntt-v Show information in intermediate directories
ntt
nt
nt
nt
nt
n
Page Defrag
ntWindows has a bit of a tendency to allow files to get fragmented and perform less than optimally, and for files/folders there are countless tools and utilities to help keep your system in top shape. Many of these tools (especially the built in tool for defragmentation) doesn’t do much for the registry and paging files. Page Defrag will help you get the page files and registry under control.
n
ntNote: In testing, it seems that Page Defrag is a 32bit-only utility.
SDelete
ntEven after a file is deleted, many times it can still be recovered and may be a problem when trying to recycle a clean system or repurpose it. SDelete conforms to Department of Defense regulations / standards for file wiping. When used to remove files or folders, the items deleted will be removed.
n
ntSDelete is run from the command line and takes the following parameters:
n
- nt
- ntt-c This argument zeroes free disk space
- ntt-p passes This argument allows you to specify the number of passes to use (-P 3 for 3 passes)
- ntt-q Silent execution
- ntt-s Subdirectory recursion
- ntt-z Cleans free space
nt
nt
nt
nt
n
LoadOrder
ntDevice drivers in Windows are rather important when it comes to proper system operation, but when you start Windows, Microsoft doesn’t often show off the order in which these additional devices are added and installed. LoadOrder helps to present the order in which items were loaded by Windows. As an added bonus, services are included here too.
Handle
ntThis utility allows you to see the handles that are open on your system and will, with arguments allow you to close (albeit forcibly) handles to running applications.
n
ntThe usage and arguments for Handle are:
n
- nt
- ntt-a Dumps all information
- ntt-c
Closes handles specified u2013 can cause system instability - ntt-l Shows only profile section handles
- ntt-y Do not prompt for handle close
- ntt-s Display a count of each handle type that is open
- ntt-u Display the user who owns each handle
- ntt-p
Dump the handles belonging to a specified process - nttName Search for handles related to the supplied object name
nt
nt
nt
nt
nt
nt
nt
n
LogonSessions
ntLogging on to Windows just isn’t what it used to be, depending on the version you are accessing of course. LogonSessions will display all of the sessions currently logged on to a given system, because like potato chips, these days, having just one is highly unlikely. The only argument available for LogonSessions is u2013p which shows the processes available for each logon session. Oh, and when run on my laptop for testing for this post, there were eight sessions running.
PSInfo
ntPSInfo falls in the PS tools suite of products, but I thought it particularly interesting because of the amount of information it returns. The idea here is to allow a logged on user to gain system information from their system or a remote system with little effort. Specifying the \\computername option will point PSInfo at a remote system. Another way to run PSInfo is to point it at a file containing a list of remote systems, this will return the info for each remote system listed.
n
ntWhen run with no arguments, the utility returns basic system information about your local machine. The arguments I found most interesting were u2013h for installed hotfixes and u2013s for installed software.
RootkitRevealer
ntWhen looking at this utility, it seemed to be a no brainer to include it here, but it seems to work only on 32 bit systems prior to Win 7. It also runs as a random service when executed (for the duration of execution) to reduce the possibility of being hijacked by a rootkit. I am hoping that the team behind Sysinternals releases a Win 7 ready version of this tool very soon.
n
ntThe utility can be started from the command line or a double-click and detects places where Rootkits might be hiding on your system. Is it perfect, no, but it does do a pretty thorough job.
n
ntThe screenshot was taken on a 32bit Windows XP VM with very little more than Windows updates applied.
RegJump
ntThis utility is a convenient command line way to get into the registry where you need to be rather than chasing down the hive that is needed. This will allow you to start out right at HKey-Current-User or elsewhere in the registry with minimal typing. The feature of this utility that really stands out is the fact that it supports abbreviations and standard notation for registry hives, so both HKEY-CURRENT-USER and HKCU will work with the RegJump command line entry.
n
ntThese utilities provided a great amount of information with rather minimal effort. Because Sysinternals utilities are free to download, there is no reason not to check them out. They do make a great addition to any Windows admin’s toolkit. It is important to note that some of the utilities included here, but not all, require Administrator access. In many cases, when using these tools I will run them with an elevated command prompt for ease of use.
-
Account Information
Contact derek schauland
- |
- See all of derek's content