Sysinternals Tools are free and widely used by IT Administrators as they are handier than the built-in Windows Tools. With these tools, IT administrators no longer need to struggle to manage desktops because of insufficient capabilities of the Windows-native tools.
Despite the possibilities of the Sysinternals suite, many IT Administrators are yet to utilize the full potentials of it. See the link for a comprehensive insight of the Sysinternals tools. https://docs.microsoft.com/en-us/sysinternals/
Capabilities of the Sysinternals suite: The Sysinternals suite provides IT Administrators with better and greater control over their Windows systems than the operating system’s native tools. It is worthy to note that, almost every Sysinternals tool works across every Windows Operating System.
The tool cab ve Downloaded here: You can decide to download an individual tool or the entire suite. https://docs.microsoft.com/en-us/sysinternals/downloads/
Below is a screenshot of all available tools in the Sysinternals suite and there is no way I can discuss all of them. I will take a look at some of the most recent tools I have used and will continue to discuss these tools in detail subsequently in the future. Some popular Sysinternal tools will be discussed below. Take a look at the screenshot for many other Sysinternals Tools that are available.
The Sysinternals toolset as shown in the images above consists of many utilities such as the Autorun, Zoomit.exe, File and Disk, Networking, Process, Security, System Information, etc. These tools can be used to measure network performance, remotely execute processes, dump event log records and much more. Take a look at this Windows Sysinternals Administrator’s Reference guide https://ptgmedia.pearsoncmg.com/images/9780735656727/samplepages/9780735656727.pdf
How individual Sysinternals tools work: Every tool in the Sysinternals suite works differently from the other and as discussed previously, they are more effective than the built-in Windows tools such as the Process Explorer which can be used in place of the built-in Task Manager. Also, the Autoruns helps IT professionals identify and remove any software that may be slowing down a computer.
- Process Explorer: This is the most widely used Sysinternals tool and it helps visualise about details about every processor and active DLL sessions in your system, kill and suspend processes set process priority, gives graphical statistics about CPU, memory and I/O usage, a tree view to show processes and their dependencies.
This tool is executed by running the procexe.exe application and does not require any execution or whatever. To terminate a process, select the process and press the Delete key.
- Process monitor: See the following link for more details https://techdirectarchive.com/2020/03/07/how-to-detect-registry-keys-written-during-program-installation-process-monitor-sysinternal-tools/
- Auto Logon: AutoLogon provides the means to configure Windows built-in auto logon. Here the user does not need to enter his username and password, the systems (windows) automatically to logon to his/her workstation. The credentials entered into the AutoLogon is used to create and encrypt the credentials in the Registry. See the link on how to configure this https://techdirectarchive.com/2020/01/25/enable-automatic-logon-on-windows-10-via-autologon-exe/
- PsToolS: This tool allows for the possibility to manage remote systems as well as the local one. The first tool in the suite was PsList, a tool that lets you view detailed information about processes, and the suite is continually growing.
The tools included in the PsTools suite, which is downloadable as a package are:
Below is the explanation of the tools above. - PsExec: Execute processes remotely - PsFile: Shows files opened remotely - PsGetSid: Display the SID of a computer or a user - PsInfo: List information about a system - PsPing: Measure network performance - PsKill: Kill processes by name or process ID - PsList: List detailed information about processes - PsLoggedOn: See who's logged on locally and via resource sharing - PsLogList: Dump event log records - PsPasswd: Changes account passwords - PsService: View and control services - PsShutdown: Shuts down and optionally reboots a computer - PsSuspend: Suspends processes - PsUptime: Shows you how long a system has been running since its last reboot. - The PsTools download package includes an HTML help file with complete usage information for all the tools.
Run the PsExec.exe and agree to the license terms
Run the CMD as an administrator and type - PSEXEC -i -s cmd to launch CMD as System. Focus on PSExec and how to use it: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
Also, see step 4 on how I have used this tool https://techdirectarchive.com/2020/01/24/single-app-kiosk-mode-configuration-using-mdm-bridge-wmi-provider/