This is the companion blog post to my “Using Microsoft Sysinternals to Troubleshoot & Secure Windows Server” talk at the 2017 West Central Technology Conference.
Information and downloads for the Sysinternals Tools are availble at sysinternals.com.
A list of my favorite Sysinternals tools:
- Process Monitor
- Sysmon
- Process Explorer (Task manager on steroids)
- Autoruns (MSCONFIG on Steroids)
- AccessChk & AccessEnum (Great for evaluating security on file shares)
- AdExplorer (ADSIEdit on Steroids)
- AdInsight (Process Monitor, but for Active Directory)
- SigCheck (Verify Digitally signed files)
- PsTools & PsExec (Command line, useful for automation tasks)
This presentation is primarily focused on Process Monitor and Sysmon.
My preferred way of quickly getting the latest version of a tool is to go to https://live.sysinternals.com.
You can also install quickly on Windows 10 using OneGet for Powershell:
get-packageprovider -name chocolatey
find-package sysinternals | install-package