Kevin Beaver, a contributor to SearchEnterpriseDesktop wrote great article about Windows SysInternals tool.
Another look at Windows Sysinternals finds yet more useful tools
There have been a fair number of updates to Windows Sysinternals over the past few years, but one thing hasn't changed much: the fact that so many Windows administrators I bump into have not yet heard of the Windows management tool set, much less used it.
These tools can benefit desktop admins just as much as digital multimeters help electricians. There are just some things you simply cannot do without these programs -- both in the enterprise and (of course) at home when helping friends, relatives and neighbors with their computer problems.
I'm especially fond of Process Explorer and Process Monitor because I use these tools frequently. I've covered other Sysinternals tools that I believe are useful for security tasks, but here are a few more that you may find useful when managing Windows desktops in the enterprise:
Autoruns can helpbeef up software debugging by showing all the autostart programs, services, registry keys and anything else imaginable on a Windows desktop, as shown in the screenshot.
Contig allows you to defragment specific files. As you've likely seen, disk defragmenters often ignore certain files, so Contig provides a way to ensure that defragmentation has taken place on all files.
Desktops is a tool for arranging specific programs on specific virtual desktops. Perhaps more of a novelty, it could still boost productivity or otherwise prove useful, depending on an organization's needs (such as those in manufacturing or kiosks).
NotMyFault is a tool for bringing Windows systems to their knees via deliberate crashing, hanging or memory leaks. This could come in handy for resiliency tests, forensics analysis or whatever you can dream up.
RAMMap allows IT admins to map out how physical memory is being utilized, including the caching of data and drivers. The tool supports Windows Vista and above, and just might be the resource you need to justify more memory for your workstations. Or better yet, RAMMap can help justify upgrading to solid-state hard drives which, in my opinion, is the best Windows performance booster ever.
VolumeID is good for troubleshooting problems that may surface with disk image backups and restores, or software licenses and registrations that are tied to your system's volume ID.
Just as a network analyzer can provide a view into what's happening at the protocol level on a network, so too can Sysinternals reveal the amazing action behind the scenes of a Windows computer. When you load tools such as Process Monitor or Autoruns, you realize just how complex the Windows operating system truly is.
With so much taking place in the background, it's a wonder that our computers are as stable as they are. But this complexity also underscores the very reason why Windows desktops have such trouble with malware.
No comments:
Post a Comment