Sysinternals Suite Review: Is It Suitable for Beginners?

In this Sysinternals Suite Review, I tested Microsoft’s own bundle of tools to see if it has everything you need to solve errors, manage the system, and keep your PC in top condition.

The suite is available for free and contains more than 60 utilities and 100 supporting files designed for everyday use and more technical tasks. It’s updated regularly, so be sure to check that you have the latest version.

The Sysinternals Suite is additional to what comes with the standard Windows operating system and is aimed more at IT professionals than home users.

While many native and third-party Windows troubleshooting tools exist, does this suite do it the best? Let’s find out!

Features

Sysinternals Suite doesn’t have a single user interface, but each program has its own purpose. For many of them, you’ll see versions for both 32-bit and 64-bit Windows versions. Here’s what I found most useful. Further below is a summary of some of its other key tools.

Process Monitor

The Process Monitor (Procmon.exe) allows you to take a deeper look at the current processes running on Windows than the Task Manager. Moreover, it gives details on file system activity and the Windows Registry.

It’s a combination of the two older utilities, Filemon and Regmon, that lets you explore the behavior of different processes. This is useful for identifying malicious programs or activity, or simply processes that are performing poorly or abnormally.

Procmon displays numerous system events in real-time, including process creation, thread activity, registry operations, and file access.

I like that you can easily filter what’s displayed to hone in on performance bottlenecks and individual user sessions.

Furthermore, it can save event data for future reference and comparison. This is like a snapshot, so you don’t become overwhelmed with all the ongoing activity and can perform a thorough analysis.

System Monitor

ProcMon has some crossover utility with the System Monitor (SysMon). This helps detect malicious or suspicious activity, understand system behavior, and identify security risks.

It monitors and logs the following:

• New processes with command-line info for parent and child processes.
• Network connections, including the originating and destination IP addresses, port numbers, as well as protocol details.
• Any changes to file creation times.

SysMon itself cleverly runs as a protected process and has its own Windows service and device driver. This prevents it from being wiped out after reboots or accessed by malware, which can often occur with regular antivirus software.

If you are a system admin that needs to investigate potential security incidents. This is the tool for you.

The advanced insight into system behavior makes it easier to understand how intruders and malware operate on the network.

Autoruns

If you find Windows is taking a long time to boot and system resources are being zapped, it’s likely you have too many programs set to launch on startup that run in the background.

Unlike the Startup tab in Task Manager, Autoruns (Autoruns.exe) displays everything, not just third-party software. This includes Windows system entries and services, DLLs, scheduled tasks, drivers, codecs, print monitors, and much more.

This is more advanced than CCleaner and any other third-party software with startup managers I’ve used. You can select different category tabs and hide Microsoft entries altogether if you don’t want to block something critical.

All you have to do to stop an auto-run is uncheck it from the list and reboot. Even if you make a mistake, in most cases, you simply run the tool again and check the box to bring it back.

The ability to save and restore your current autorun entries is also very helpful, as you can easily revert back if errors occur, or you’ve installed a bunch of new software that you do not wish to run on startup.

PS Tools

PS Tools (Pstool.chm) contains shortcuts to all the PS-related command line tools included in the suite. In this case, the interface includes extensive guidelines on how to use them, making this particular feature more accessible to beginners.

You can easily shut down a system, end processes, and get a full list of processes, in a scaled-back form to the Process Monitor.

It’s especially useful for network admins because it grants remote access to connected computers.

As explained in the guidelines, run the following commands on your desired PC and reboot to gain remote access:

• sc config RemoteRegistry start=auto
• sc start RemoteRegistry
• reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

Next, specify the tool to use and the identifier of the remote PC:

• tool.exe \[IP] -u [Username] -p [Password] [More Options]

Tools found in the documentation include PsExec, PsInfo, PsKill, PsList, and PsLoggedOn, among many others.

TCPView

The TCPView utility lets you view all local and remote UDP and TCP connections and statuses. You can also view ports, process names, and process IDs.

While using the netstat command from the Windows Command Prompt provides similar info, TCPView gives a more comprehensive overview and is much easier to navigate.

If you’re familiar with CMD, you can launch it with Tcpvcon and get the info you want with various commands.

Regardless, after you open TCPView and run the scan, it lists the active UDP and TCP protocols. Moreover, it converts IP and DNS addresses, so you can see the name of the target machine and its services.

If you think the network has been breached, it’s easy to terminate any TCP or IP connection. What’s more, all info can be logged for closer analysis later and record keeping of any suspicious or abnormal event.

In terms of interface, this is one of the few that makes it easy to view and analyze network connections without the need for command-line tools or advanced technical knowledge.

Interface

Sysinternals utilities function within Windows itself, so the look is familiar. Nonetheless, there isn’t a single user interface, and many are run from the Command Prompt.

It’s aimed more at Windows professionals and those already familiar with troubleshooting the operating system and using CMD.

I find this to be its main drawback, as the average user will need to Google what tool is required and how to use it.

Using the Command Prompt

I found the best way to use CMD with Sysinternals is to:

1. Hold down the Shift key, right-click on the SysinternalsSuite folder, and select Open command window here (Admin).

2. In the CMD, you can type dir and hit Enter to list all the tools available.

3. Type the name of any tool from the list and hit Enter to launch it.

Note: If the tool itself requires CMD, it will show you a list of commands, switches, and help information after following step three.

As mentioned in the features section, some tools do come with an interface. If so, they’ll launch as normal from CMD or you can just double-click the executable in the folder.

How to get a GUI for Sysinternals Suite

If you do want to manage all the tools under one program, I recommend KLS Soft’s Windows System Control Center. This third-party solution is free for personal use and will check for new updates for Sysinternals too.

It’s best to install the software’s folder at the top level, such as C:WSCC so you don’t over-complicate the command line utilities.

When you launch WSCC, browse to the software sources section and select the tool packages for installation option. Here, you can locate the Sysinternals Suite folder or directly download the suite, if you haven’t already.

Check everything to install all tools or choose the ones you wish to include in WSCC.

Once installed, you can locate Sysinternal Suite in the folder tree to the left and click any of the tools to launch them in the main Window.

Other Sysinternals Tools

Sysinternals contains many other useful tools for experienced Windows users, network admins, and IT professionals. Here’s what else you’ll find in the Suite:

• Accesschk – Manage the level of access different users and groups have to different resources, which can be useful for troubleshooting access issues and setting user permissions for security.

• Accessenum – Overview of the security settings of the file system and registry to identify security risks and change permissions.

• ADExplorer – Navigate the AD structure to view object properties and create, modify, or delete objects.

• AutoLogon – Allows a specified user to automatically log in during system startup, bypassing the Windows login screen and password process.

• Contig – Rearranges the fragments of a file or group of files in contiguous or sequential format. Contig helps improve file access times by reducing fragmentation.

• DBGView – Logs debug info from the system, applications, and device drivers in real-time. Useful for debugging complex software, kernel-mode drivers, and system-level events.

• Desktops – Create up to four virtual desktops, with their own set of open windows and applications. Switch between them in the system tray.

• DiskView – Analyze the contents of storage devices at the sector level. Identify performance issues, manage disk space, and troubleshoot issues related to storage and retrieval.

• EFSDump – View and export information about encrypted Windows files on an Encrypting File System.

• FindLinks – Outputs a list of file paths that reference the same file data.

• Handle – Manage the open handles and DLLs associated with running Windows processes. This can also help access, delete, and rename files and folders that display the error: “The action cannot be completed because the folder (or a file in it) is open in another program.”

• Junction – Simplify file system management by listing, deleting, and creating junction points, which are shortcuts that redirect file system requests to another directory or volume.

• ListDLLs – Lists all DLLs currently running for your chosen Windows process or every running process.

• LoadOrd – Displays the order in which device drivers are loaded to help with troubleshooting device driver issues.

• MoveFile – Schedule a file to move, be renamed, or deleted on the next reboot if it is currently locked or otherwise in use by the system.

• NotMyFault – Lets you intentionally cause crashes and errors to identify vulnerabilities and evaluate system stability.

• ProcDump – Monitor programs for CPU usage and memory leaks, then generate crash dump files based on your criteria.

• PsPassword – Admins can change account passwords on local or remote Windows systems.

• PsShutdown – Shutdown, restart, log off, hibernate, or terminate local or remote Windows systems.

• RAMMap – Get detailed info about the memory usage of running processes to identify memory leaks and help optimize system performance.

• SigCheck – Verifies the digital signatures and version information of programs, DLLs, and system components. Helps to recognize dangerous files, unsigned drivers, and other security vulnerabilities.

• Streams – Lets you view NTFS file system alternate data streams, delete them, or create new ones. Useful for ensuring sensitive information is not hidden inside data streams.

• Sync – Synchronizes files and folders between local drives, external drives, and entire networks. This is ideal for users to share the most up-to-date copies of their files on all available PCs or storage devices.

• TestLimit – Run benchmarks for the system or its programs by simulating an environment with lower system resources, such as RAM, threads, and processes.

• VolumeID – Change the volume serial number of a disk volume, including hard drives, USB storage, and other hardware. This is good for privacy or licensing issues.

• WinObj – The Windows Object Manager gives a hierarchical view of the Object Manager namespace and lets you modify object properties, such as security descriptors and symbolic links.

Customer Support

Although the Suite doesn’t have any direct technical support, a wealth of information can be found on Microsoft’s download page. This includes links to a training module, documentation, and a community page.

You can also browse through each individual tool to learn more about it.

Several of the tools that function via executable, such as PS Tools, have technical support included too.

Pricing

Sysinternals Suite is completely free. Simply download the Zip file and extract the folder or pick and choose the specific tool you need. No installation is required and you can share the tools to any Windows system in a portable manner.

Sysinternals Suite Review – Verdict

To conclude this Sysinternals Suite Review, there’s no doubt that it has a comprehensive selection of Windows tools that open up the operating system for management and maintenance like no other software.

However, without digging deep into the documentation, this is not for the average user and lacks the ease of use of software like CCleaner and its alternatives.

If you are in charge of a network of Windows systems, this is the suite for you. If not, go with something a little easier that has automated Windows repair features and a full GUI.