Like SysInternals Tools? Want to Keep Them Automatically Updated?
If you are an IT Professional and have not heard of the SysInternals tools, you need to get out of the server room more often. SysInternals tools, originally NTInternals and then WinInternals, were built by a company headed by Mark Russinovich and Bryce Cogswell. Their company, started in 1996, offer many tools for IT professionals. In 2006, Microsoft purchased the company and all of its assets including bringing Mark Russinovich to Redmond to join Microsoft.[1] These tools can help IT Professionals and developers understand what is happening when things go wrong.
I want to briefly cover the tools available as they can be forgotten and yet be so amazingly helpful when trying to figure out the problems that come up. Some of my personal favorites are: [2]
- AdExplorer - Active Directory Explorer is an advanced Active Directory (AD) viewer and editor.
- Autoruns - See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.
- BgInfo - This fully-configurable program automatically generates desktop backgrounds that include important information about the system including IP addresses, computer name, network adapters, and more.
- BlueScreen- This screen saver not only accurately simulates Blue Screens, but simulated reboots as well (complete with CHKDSK), and works on Windows NT 4, Windows 2000, Windows XP, Server 2003 and Windows 9x.
- Coreinfo - Coreinfo is a new command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache’s assigned to each logical processor.
- Disk2vhd - Disk2vhd simplifies the migration of physical systems into virtual machines (p2v).
- Diskmon - This utility captures all hard disk activity or acts like a software disk activity light in your system tray.
- DiskView - Graphical disk sector utility.
- ListDLLs - List all the DLLs that are currently loaded, including where they are loaded and their version numbers.
- ProcDump - This command-line utility is aimed at capturing process dumps of otherwise difficult to isolate and reproduce CPU spikes. It also serves as a general process dump creation utility and can also monitor and generate process dumps when a process has a hung window or unhandled exception.
- Process Explorer - Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.
- Process Monitor - Monitor file system, Registry, process, thread and DLL activity in real-time.
- PsExec - Execute processes on remote systems.
- PsFile - See what files are opened remotely.
- PsGetSid - Displays the SID of a computer or a user.
- PsInfo - Obtain information about a system.
- PsKill - Terminate local or remote processes.
- PsList - Show information about processes and threads.
- PsLoggedOn - Show users logged on to a system.
- PsLogList - Dump event log records.
- PsPasswd - Changes account passwords.
- PsService - View and control services.
- PsShutdown - Shuts down and optionally reboots a computer.
- PsSuspend - Suspend and resume processes.
- RAMMap- An advanced physical memory usage analysis utility that presents usage information in different ways on its several different tabs.
- RootkitRevealer - Scan your system for rootkit-based malware.
- SDelete - Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program.
- TCPView - Active socket command-line viewer.
- VMMap - VMMap is a process virtual and physical memory analysis utility.
- WinObj - The ultimate Object Manager namespace viewer is here.
- ZoomIt - Presentation utility for zooming and drawing on the screen.
These tools and the rest available on the SysInternals website are immensely important in troubleshooting. On top of the tools, books have been written on using the tools to troubleshoot at the system level in Windows. I have been lucky enough to attend a class during my years at Microsoft to learn how to use the tools to troubleshoot and determine crash root causes.
The best thing about these tools are two things:
- Some are updated at a pretty regular pace and almost all the tools when they need to be updated to work with Windows when updates or hotfixes make them not useful.
- The tools are available via their live access system at http://live.sysinternals.com and \\live.sysinternals.com\tools\. If you have access to the internet, the tools are always available through those access methods.
Being that the tools do update regularly, I built a scheduled task to keep a directory of the tools updated and synchronized. Here is the easy steps to create a job to keep a synced copy of all the tools on your computer.
- Open up Task Scheduler and create a Basic Task
- Give the task a name like "SysInternals Tools Sync" and click "Next"
- Select what triggers the update the tools. I chose daily myself. Click "Next".
- Enter in the details for the trigger and click "Next".
- Select "Start a Program" from the Action list and click "Next".
- Enter the following information then click “Next”
- Program/Script - robocopy
- Add Arguments - \\live.sysinternals.com\tools [[Destination Directory]] *.* /z /xo /xf thumbs.db /log:sysinternal.txt
- Start in - Directory that the log can be written to. On Windows Vista and 7, writing to the root drive would require the task to run elevated.
- Check all of your settings and click "Finish"
You can add other actions like e-mail notification. I have my task e-mail me as a second action and the e-mail includes the log created by RoboCopy. Following this posting is the XML for importing in a task to be modified and used. It runs the RoboCopy to F:\ServerFolders\Tools at 6:08am daily and e-mails the log file saved in F:\TaskLogs. As you can tell, I run this on my Windows Home Server giving me the tools on my main file server for my network. I also run this same job on my computer at work. Give it a shot! I also plan to convert the job into PowerShell cause I want to.
<!--?</span-->xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2011-05-07T12:09:24.4810632<!--</span-->Date>
<Author>WHS\Administrator<!--</span-->Author>
<!--</span-->RegistrationInfo>
<Triggers>
<CalendarTrigger>
<StartBoundary>2011-05-08T06:08:00<!--</span-->StartBoundary>
<Enabled>true<!--</span-->Enabled>
<ScheduleByDay>
<DaysInterval>1<!--</span-->DaysInterval>
<!--</span-->ScheduleByDay>
<!--</span-->CalendarTrigger>
<!--</span-->Triggers>
<Principals>
<Principal id="Author">
<UserId>WHS\Administrator<!--</span-->UserId>
<LogonType>Password<!--</span-->LogonType>
<RunLevel>LeastPrivilege<!--</span-->RunLevel>
<!--</span-->Principal>
<!--</span-->Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew<!--</span-->MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true<!--</span-->DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true<!--</span-->StopIfGoingOnBatteries>
<AllowHardTerminate>true<!--</span-->AllowHardTerminate>
<StartWhenAvailable>false<!--</span-->StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false<!--</span-->RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>true<!--</span-->StopOnIdleEnd>
<RestartOnIdle>false<!--</span-->RestartOnIdle>
<!--</span-->IdleSettings>
<AllowStartOnDemand>true<!--</span-->AllowStartOnDemand>
<Enabled>true<!--</span-->Enabled>
<Hidden>false<!--</span-->Hidden>
<RunOnlyIfIdle>false<!--</span-->RunOnlyIfIdle>
<WakeToRun>false<!--</span-->WakeToRun>
<ExecutionTimeLimit>PT2H<!--</span-->ExecutionTimeLimit>
<Priority>7<!--</span-->Priority>
<!--</span-->Settings>
<Actions Context="Author">
<Exec>
<Command>robocopy<!--</span-->Command>
<Arguments>\\live.sysinternals.com\tools F:\ServerFolders\Tools *.* /z /xo /xf thumbs.db /log:sysinternal.txt<!--</span-->Arguments>
<WorkingDirectory>F:\TaskLogs<!--</span-->WorkingDirectory>
<!--</span-->Exec>
<SendEmail>
<Server>exchange.j2ed.local<!--</span-->Server>
<Subject>SysInternals Updated<!--</span-->Subject>
<To>jareds@j2ed.local<!--</span-->To>
<From>whs2011@j2ed.local<!--</span-->From>
<Body>SysInternals have been updated. Log attached.<!--</span-->Body>
<HeaderFields />
<Attachments>
<File>F:\TaskLogs\sysinternal.txt<!--</span-->File>
<!--</span-->Attachments>
<!--</span-->SendEmail>
<!--</span-->Actions>
<!--</span-->Task>
Footnotes
1 – Information about SysInternals and Mark Russinovich found on http://en.wikipedia.org/wiki/Sysinternals
2 – List of tools is from http://technet.microsoft.com/en-us/sysinternals/bb545027