In the current market we have a good number of programs that are responsible for helping us manage the Windows operating system. With them, what we actually manage is to control various sections of it while optimizing its operation.
In fact, we can find tools of this type in various formats, some more complex than others. But here we are going to focus on a particular case that is a development of Microsoft itself, hence its importance. Specifically, it is Microsoft Sysinternals , a set of applications that will be of great help to us when managing Windows to the maximum. In addition, since it is a Redmond suite for its own product, the guarantees are maximum in this regard.
It is worth mentioning that initially all this was developed by a couple of expert users so that Microsoft itself would later buy these utilities. From there it was improving them over time based on updates and new additions. As you can imagine, the suite as such is composed of a series of individual software solutions that we can execute depending on the needs of each case. That is why in these same lines we will talk about them. Also, if you want to try them, we tell you that they can be downloaded from the Microsoft website individually or the complete suite in a ZIP file, all from here .
Therefore, below we will talk about the applications that are part of this useful suite and that will surely help you to better manage the operation of Windows .
Applications that make up Microsoft Sysinternals
AccessChk
Here we find a tool that tells us the type of access all users or groups have to system resources. Here we talk about files , folders, registry keys, or Windows services.
AccessEnum
Thanks to this application we have greater control over the security and permissions of the system files. This is how we manage their permissions so that users have adequate access to files, directories and registry keys .
AdExplorer
Also known as Active Directory Explorer, here we find an advanced Active Directory viewer and editor. It will help us to navigate through a database in this section, define favorite locations or see the properties and attributes of the objects. We can also save snapshots of the database to compare them later.
ADInsight
Tool for real-time monitoring of Windows LDAP. This is responsible for troubleshooting Active Directory client applications.
AdRestore
This is a command line utility that lists the deleted objects from a domain and offers the option of restoring each one.
Autologon
This utility allows us to configure the Windows authentication mechanism. Instead of waiting for a user to enter their name and password, Windows uses the credentials that are entered in Autologon that are encrypted in the registry . So we can access the system in a faster way if we want.
Autoruns
Here we have a utility to find out which programs are configured to run during system startup or login. It also informs us when the applications included with such as Internet Explorer, Explorer, etc. are started. In addition, the utility allows us to control all these entries in order to improve the startup of the operating system .
BgInfo
If you work with several computers this will be very useful since it shows the relevant information about a Windows PC on the desktop background. This includes your name, IP address, system version, etc. It also allows you to edit any field we see.
CacheSet
This application allows us to control the working parameters of the file cache of the operating system. It will help us to adjust the size of the system cache in a more precise and personalized way.
Contig
Improve the performance and speed of your disk drives with this powerful defragmenter that is used to try to make files closer together on the disk itself. Used to quickly optimize files that are continuously fragmented.
Coreinfo
With this we have a command line utility that shows the relationship between the logical processors and the physical processor. At the same time, it shows us the cache assigned to each of the logical processors .
Ctrl2Cap
This is an application that helps us control the computer to convert the caps lock key into control characters.
DebugView
This is an application that allows us to monitor the debugging output on the local system. It also works with any PC on the network that we can access via TCP / IP. This shows us both the debugging output in kernel mode and in Win32, all in real time.
Desktops
Next we have a utility that allows you to organize your applications on a maximum of four virtual desktops to optimize Windows. We can configure shortcut keys to switch desktop, create and change these items, etc.
Disk2vhd
Disk2vhd is a utility that creates versions of physical disks for use in virtual machines. It has the ability to create snapshots of a Windows volume or point-in-time snapshots.
DiskExt
The tool returns information about which disks the partitions of a volume are on and where on the disk these partitions are located.
Diskmon
This is an application that records and displays all hard drive activity in Windows . We can leave the application in the system tray where it acts as a disk operation led presenting a green icon when there is read activity and red when there is writing activity.
DiskView
This tool shows a graphical map of the disk drives allowing you to determine where a file is located. We can also click on a specific cluster to see which file occupies it.
DiskUsage
This function informs us of the disk space usage for the directory we specify. We can see in detail the directories and their corresponding subdirectories directly.
FindLinks
FindLinks informs us of the file index and any alternate file paths on the same volume that exist for a specified file.
Handle
This will help us to know which program has a specific file or directory open. Handle is a utility that shows us the information about the open contents for any process in the system.
Hex2dec
From here we have the possibility of converting a number from hexadecimal to decimal and vice versa with this simple utility that works on the command line.
Junction
This is a tool that not only allows us to create NTFS junctions between drives, but also allows us to see if files or directories are points of repair. Say that these points are the mechanism that NTFS junctions are based on and are used in Windows Remote Storage Service or RSS.
LDMDump
Windows has a disk partition scheme that is managed by a component called the Logical Disk Manager or LDM. Therefore LDMDump is a utility that allows us to examine exactly what is stored in the disk copy of the LDM database. Thus, it displays the contents of the private header of the database, the table of contents, and the object database where the partition definitions are stored.
ListDLLs
As its name suggests, ListDLLs is a utility that displays the DLLs loaded in system processes. It is used to list all DLLs loaded in all processes, in a specific process, or to list the processes that have a specific DLL loaded. Also see the information of the full version of the libraries listed.
LoadOrder
Here we can see the order in which the Windows system loads the drivers for the devices that we have installed on the computer.
LogonSessions
Say that this is a utility that lists the active login sessions at that precise moment, in addition to the processes that are executed in each open session.
NotMyFault
Notmyfault is an application that helps us to block or cause kernel memory leaks in the Windows system. It is useful for learning how to identify and diagnose hardware and device driver problems. It can also be used to generate bluescreens dump files on crashed systems.
NTFSInfo
As you can imagine, this is a utility that shows all the information about NTFS drives. This includes the size of the allocation units, where the key NTFS files are located, or the sizes of the NTFS metadata files.
PipeList
Here we can manage the controller of the equipment that implements the connections with their names.
Portmon
Portmon is a utility that monitors and shows all the activity of the system’s ports . It has filtering and search functions that make it a very useful tool for exploring the way Windows works. We can also see how applications use these ports or track down problems in the configurations.
Process Monitor
This is a tool that shows in real time the activity of the Windows file system, processes and the registry. All of this can be of great help to us when solving problems and locating malware .
PsExec
PsExec is a utility that allows us to run processes on other systems without having to manually install the client software. So we can launch command notices on remote systems or use tools like IpConfig .
PsFile
We find a tool that works on the command line and that displays a list of system files that are opened remotely . In addition, it also allows closing open files by name or by an identifier.
PsInfo
This is an equally command-line tool that displays key information about the local or remote system. This includes data such as installation type, kernel build, registered organization, or owner. We will also see the number of processors and their type, p the amount of RAM , among other things.
PsKill
With this utility we can close running processes from the command line. Furthermore you can also kill processes on remote systems without installing a client on the other computer.
PsPing
Say that PsPing implements the functionality of the Ping command to be able to see interesting data of the network connection .
PsLoggedOn
Here we can determine who is using the resources of the PC and that shows both the users connected locally and those connected through a remote PC. We can specify a username to see if it is currently connected.
PsLogList
PsLogList allows us to access remote systems in situations where security credentials do not allow us to access the Event Log.
PsPasswd
This is a tool that allows us to change the password of an account both on local and remote systems. We can also create batch files to make a massive change of administrator passwords.
PsService
Here we find a Windows services viewer and driver. It allows us to log in to a remote system using a different account for cases where the account does not have the necessary permissions on the remote system. It also allows searching for services and identifies active instances of a service on your network .
PsShutdown
PsShutdown is a command line utility with which we can shut down or restart the PC locally or remotely. We can also close the user session or block the equipment.
PsSuspend
This tool allows us to suspend processes on the local or remote system. This will be useful in cases where a process is consuming a lot of resources and we don’t want it to be that way.
RAMMap
With this, we will be able to know first-hand how Windows allocates physical memory and how much file data is stored in RAM . We can also know how much RAM uses the kernel and the drivers of the installed devices.
RegDelNull
This is a command-line function that allows you to delete registry keys that contain null characters.
Registry Usage
This utility informs us about the use of the registry space for a key that we previously specified.
SDelete
SDelete is an application that allows us to safely delete existing files, as well as safely delete any file data stored in unassigned parts of a disk.
ShareEnum
Say that ShareEnum allows us to block shared files on the network. At the same time it scans all the computers in the domains to which we have access showing the shared resources of files, printing and security settings.
Shell Runes
This is a utility to launch programs under different accounts. This allows us to launch programs as a different user through the command line.
Sigcheck
Sigcheck is a tool that shows the version number of a specific file. At the same time it lets us see the information of your date or the details of the digital signature. It also includes an option to check the status of a file in VirusTotal .
Strings
This is a tool that scans the files we pass to it for UNICODE or ASCII strings of a predetermined length.
Sync
Sync works in all versions of Windows and it will be very useful to know the data of the modified files that are stored safely on the hard drives . It needs administrator permissions to function as it should.
Sysmon
System Monitor or Sysmon is a system utility that helps us to monitor and record system activity in the Windows event log. It also provides us with detailed information about process creation, network connections, and file creation time changes.
TCPView
TCPView is a program for Windows that shows us a list of all the TCP and UDP points of the system. This includes the local and remote addresses and the status of the TCP connections.
VMMap
Here we find a tool for analyzing virtual and physical memory of Windows processes. Thus, it shows a breakdown of the types of virtual memory used by a process, as well as the amount of physical memory allocated by the operating system. It has graphical representations of memory use and shows summary information about it.
VolumeID
This is a command line program that allows us to modify the labels of the disk units.
Whois
Saying that Whois actually does is register the domain name or IP address that we specify.
WinObj
Here we have an application focused on security . It will help us to find problems related to objects in the applications that we are creating.
ZoomIt
And to finish we will tell you that ZoomIt is a tool to zoom the Windows screen. Say that it is activated with customizable shortcut keys to zoom in on an area of the screen when we need it.