Microsoft released Process Monitor v1.2 just two weeks ago. Now there is a newer version available again. It is only a minor update, just as the ones for TCPview and PSExec. Since all three utilities belong in every admin’s tool box, it is worth a blog post.

(more…)

Microsoft released Process Monitor v1.2, a free tool to monitor real-time file system, registry and process/thread activity. There is an “interesting” SearchWinIT article about its new features. I guess the author never saw Process Monitor in his life.

(more…)

Active Directory Explorer v1.0 is a free new Sysinternals tool from Microsoft. It allows you to view and edit the Active Directory database. The utility is similar to ADSIedit from the Windows Server 2003 Support Tools. It offers two useful additional features: You can create snapshots and you can bookmark AD objects.

(more…)

Some days ago, Microsoft released Sysinternals Process Monitor 1.12. It has a very interesting new feature: boot logging. I must admit that I didn’t use the last version of Process Monitor, so I can only rely on this article on SearchWinIT about its new features.

(more…)

If not, you really should check them out. WindowsSecurity.com just finished a series of articles that discusses them in detail. The PsTools consist of a couple of command line tools, allowing you to view and manage many important Windows functions.

(more…)

There are many good autostart managers available for Windows XP/2003. The most comprehensive one is, probably, Sysinternals Autoruns (now Microsoft). Runalyzer from Spybot Search & Destroy, however, offers an interesting feature that is quite useful if you’re afraid of having spyware on your PC that make use of rootkit technology: You can autostart programs on Windows installations using attached hard disks.

(more…)

If you are sys admin you probably know the Sysinternals tools. You might have heard that they were bought by Microsoft a while ago. Meanwhile the tools are available at Microsoft’s Windows Sysinternals technet site. If you don’t know about Sysinternals tools, I highly recommend having a look at them. Many of them are must-have-tools for system administrators. You can download now the complete Sysinternal Suite. I discussed Sysinternals Process Explorer and Sysinternals Autoruns some time ago. There also is a new tool, called Process Monitor, which combines the functionality of Filemon and Regmon.

Sysinternals Autoruns is the most comprehensive free Windows tool I know for managing auto starting programs. It lists the corresponding registry entries, services, drives etc. etc. (see screenshot) You can disable auto starting programs with it and can use it from the command line too. If you really want to know what is going on your computer when it boots up, then you need this tool.

(more…)

KillProcess 2.32 is a free tool that allows you to kill multiple Windows processes with just a mouse click. This is especially useful if you have to deal with malware like viruses or trojans. Sophisticated malware uses multiple processes checking each other constantly. If one of them got terminated, then one of its fellow processes will start it again immediately. So Windows Task-Manager is often useless if you want to get rid of this kind of malware since it only allows you to kill processes one at a time.

(more…)

I suppose that many sysops already know Sysinternals Process Explorer. Although I often meet system administrators who never used it. As it is one of my favorite tools, I’d like to introduce it now. Yesterday, I used the Process Explorer to find out which program used ntuser.dat.

(more…)