Top

A Smorgasbord of SysInternals Tools

SysInternals offers a lot of useful tools for Windows computers. These can either add more functionality, work-around different quirks, or gather more information for debugging.

This article is divided into two sections. I tried to separate the utilities into General use and IT use. Those in the General use category might have a larger interested audience and those in the IT category would be of particular interest to those in IT or regular computer maintenance.

Useful for everybody:

Desktops allows you to create up to 3 additional virtual desktops for your computer. This only requires about 5 megabytes of memory for the process and allows you to keep your organizational spaces organized. You could have one desktop where you are browsing, another for working on a document,  and etc. As you can see in the screenshot below, you can configure hotkeys to switch easily between desktops and enable the program as a service so it starts up with your computer.

desktops 300x122 A Smorgasbord of SysInternals Tools

Unfortunately, Firefox has the same issues as having more than one session with Remote Desktop. You can open Firefox on more than one desktop if you use a different profile on each one otherwise you’ll get a message that the profile is in use.

ZoomIt is one of the coolest applications on this list. I would definitely make use of this the next time I am to give a presentation or a demo. Heck, even trying to show people things on the computer (“Double-click on this.”), ZoomIt would be helpful. Since it’s a stand-alone executable, I could just have it on my jump drive and launch it, no install necessary. Unfortunately, it’s also difficult to capture in action.

ZoomIt is a presentation tool. It allows you to zoom into your desktop, write on the screen, or turn the monitor all white or all black (for writing). It could really help illustrate some concepts and zoom in to add emphasis while removing distraction when trying to give a presentation. There is also a nice little timer function. If you wanted to take a break in the middle of your presentation, you could just define the amount of time (i.e. 10 minutes), the screen would be entirely white with a clock on it (you can configure the position in the options) and count down.

RootkitRevealer is a tool for checking against rootkits. After reading of the dangers and methods of rootkits, I’ve become much more aware of this problem. Rootkits can install themselves and replace standard system components to get executed and take over your machine or just sit idly back and collect data as it passes through.
RootkitRevealer works by comparing the system at the highest-level (where you operate) and the lower-level (where the computer operates), if the data is changed or redirected, a rootkit could be present. Not something you’d use everyday, but nice to have should the need arise.

rootkitrevealer 300x204 A Smorgasbord of SysInternals Tools

Useful especially for IT:

Active Directory Explorer is a different tool to navigate your AD structure with than the standard Microsoft Management Console snap-in. It provides a lot more information up front so you don’t have to dig around in the properties of different objects.

You can also save a snapshot of the AD for comparison later. The program itself provides the means to compare these saved snapshots.

ad explorer 300x214 A Smorgasbord of SysInternals Tools

AccessEnum allows you to analyze a certain directory or registry key and see who has what permissions to it. This is very handy if you’re working on a computer problem and you’re fairly certain it’s a permissions problem, but want to get as fine-grained as possible.

accessenum A Smorgasbord of SysInternals Tools

You should also check out the same tool but for checking the permissions of network shares, ShareEnum.

PsGetSID is part of the PS Tools set that I’ve discussed previously, but seemed to deserve it’s own highlighting here. You can use PsGetSID remotely to resolve the SID of computers on the network. The Security IDentifier is important because it is the cornerstone to security in a computer. The SID is randomly generated during the installation of Windows, but if you clone or ghost machines, you run the risk of duplicate SIDs on your network. You can read more from Microsoft with their article on SID Duplication problem. Of course, the problem doesn’t apply if you are on a domain as an unique SID is generated when joining the domain.

If you do have this issue, you can use another SysInternals application to generate a random, unique SID: NewSID. To know which computers you need to get, you can script PsGetSID to retrieve the SID from a list of computers and then compare to find your duplicates.

ShellRunAs is one of those tools to change the behavior of Windows Vista, Server 2008, and Windows 7 back to what used to be available. With Windows XP or Server 2003, if you (shift+)right click on a program you had the option to Run As… You could then specify who to run as. With the new operating systems, you’re limited to running as the administrator. If you want to test a program with a different user, you’d have to log off and log on as them (of course, there was always the command line version of the Run As trick). Add ShellRunAs and you can easily run as a different user right from the context menu.

Before ShellRunas is run:
runas1 A Smorgasbord of SysInternals Tools

After ShellRunAs is run:
runas2 A Smorgasbord of SysInternals Tools

runas3 A Smorgasbord of SysInternals Tools

RegJump is a good friend to anybody that pops in and out of the registry with any frequency at all. Essentially, it allows you to type in a registry path and it will open regedit to that location for you. This will save loads of time from drilling down through the registry. It allows you to copy+paste registry locations if you have them or you could even create shortcuts to different registry locations you visit frequently. Put regjump.exe in a directory indicated by your Path system variable and you can use it from Start, Run…

The best part of RegJump is that it understands short names. You can use hklm instead of the ‘HKey Local Machine’ and hkcu instead of ‘HKey Current User’, etc.

regjump 300x186 A Smorgasbord of SysInternals Tools