Review administrative tools from SysInternals, including autoruns and Procmon.
[Narrator] Sysinternals tools are a set of admin tools that can be used to monitor and manage the inner workings of the Windows operating system. Much of what you see in Windows 10 is visible to the consumer. Using tools such as the sysinternals tools and others that I'll show you in this course, you'll see Windows 10 from a demonstrative perspective. Beneath the hood, as it were. The sysinternals tools are not included with Windows 10, but they can be downloaded free from Microsoft at the link shown on screen.
They are fully supported and kept up to date by Microsoft. Most IT support personnel are aware of at least one sysinternals tool, and some wouldn't leave home without a USB stick containing the complete suite of sysinternals tools. You can even execute the tools directly from the sysinternals live website if you do not want to download or have the ability to install them. And there's even a vibrate community of users who support the tools, and you can visit the forum at the link on screen.
Currently, there are over 70 tools included in the suite, and they are categorized into tools for file and disk, networking, process, security, system information, and miscellaneous. For each tool, there's a help file, and on the website, are detailed examples for you to understand how to get the best results from using the tool. Most tools are quite low level and are designed to manage and monitor processes and services, to help troubleshoot and diagnose problems with Windows.
Let's take two examples, autoruns and process monitor. These can be used to help manage and monitor Windows 10 startup problems. The autorun tool will show which programs are configured to run during boot up, lock in, or when certain applications are started. For example, the programs that are started when opening a media player application. Autoruns will find information from the startup folder, registry keys run and run wants, explorer shell extensions, tool bars, browser help objects, win login notification, and auto start services.
In fact, for many different locations. You can filter the information to hide Windows information, to view only start up information from third-party services. Autoruns can also be used to disable auto start functions by unchecking the option next to the process name. In this way, you can disable malware and viruses from starting up. Autoruns also includes search tool, so if you're unsure what a specific process does, you can use the web search option to find the information for you.
There's also a safe configuration feature in autoruns that saves the auto start configuration so that they can be exported and then reloaded at a later date onto a different machine. Process monitor, or procmon, is a process monitoring tool which shows real-time file system, registry, and thread activity. Information can be filtered and logged, and can include items such as image path, command line, user and session ID. This means that you can view which processes are writing to which files, where things are stored in the registry, and which processes are accessing registry information.
To help you, a search facility is also included. You can use process monitor to monitor an application or service that you believe is causing a start up issue. You can track each aspect of an operation to see where a failure is occurring or a process is stalling. This information can then be used to find a solution to the issue.
- Troubleshooting startup issues
- Using Windows 10 Safe Mode
- Creating a new BitLocker password
- Resolving a slow-running computer
- Managing device driver issues
- Fixing an incompatible application using a shim
- Troubleshooting computers remotely
- Troubleshooting network and remote connectivity
- Troubleshooting a VPN connection
- Migrating to a mobile device management solution
- Resolving sign-in issues