Free Sysinternals Windows utilities now available online, 24/7

Free Sysinternals Windows utilities now available online, 24/7

Summary: If you troubleshoot Windows PCs for fun or profit, then chances are you've used one or more tools from Sysinternals. Microsoft bought the company and its amazing library of diagnostic and troubleshooting utilities in 2006, and the collection has been continually updated ever since. A few weeks ago, I ran into Sysinternals co-founder Mark Russinovich at a technical conference, where he told me about a new Sysinternals service that was in private beta testing. Today, I'm pleased to break the news that Sysinternals Live is now open to the public.

SHARE:
TOPICS: CXO
20

If you troubleshoot Windows PCs for fun or profit, then chances are you've used one or more tools from Sysinternals. Microsoft bought the company and its amazing library of diagnostic, troubleshooting, and management utilities in 2006, and the collection has been continually updated ever since. It's also still completely free.

A few weeks ago, I ran into Sysinternals co-founder Mark Russinovich at a technical conference, where he told me about a new Sysinternals service that was in private beta testing. Today, I can finally break the news that Sysinternals Live is now open to the public.

Sysinternals Live offers direct access to world-class Windows utilitiesThe new service enables you to execute the most recent version of any Sysinternals tool directly from an Internet-connected PC, without having to hunt for the executable file and manually download it first. To access the complete library of tools, use either of these methods from a Windows-based PC:

  • Go to the Sysinternals Live directory (http://live.sysinternals.com) and click the name of the tool you want to run. Because the directory listing is a bare-bones HTML file, it can be used in any browser.
  • If you know the name of the executable file for the tool you want to use, enter it directly, using the syntax \\live.sysinternals.com\tools\<toolname>, where <toolname> is the name of the executable file. (Note the UNC syntax uses backslashes, not slashes, as in a URL. Start with a pair of backslashes to indicate that live.sysinternals.com is the remote server, and don't include the angle brackets with the tool name.)

If you've never used Sysinternals tools before, you'd do well to start at the Sysinternals home page, which includes descriptions of each tool, along with download links and installation instructions. But if you are already familiar with one or more tools in the library, you can create direct shortcuts to those tools on your desktop or on the USB flash drive you keep with your emergency toolkit.

Here are three shortcuts to get you started, all of which have been updated in 2008:

Process Explorer (\\live.sysinternals.com\tools\procexp.exe) - This Task Manager replacement occupies the number-one slot on my top 10 list of all-time favorite Windows programs. As I noted in that writeup, "It provides system information, a hierarchical view of all running processes (including services), and an overwhelming number of technical details about how each process uses CPU and memory. It all runs in real time, making it an ideal troubleshooting tool."

AutoRuns (\\live.sysinternals.com\tools\autoruns.exe) - Are you still using Msconfig to see which processes are automatically running when you start a Windows PC? Then you literally don't know what you're missing. There are dozens of nooks and crannies in the Windows file system and registry where auto-starting programs can park themselves. This tool finds them all. More importantly, it allows you to disable or remove any entry you find.

Process Monitor (\\live.sysinternals.com\tools\procmon.exe) - If you're trying to figure out exactly what a program or process is doing (especially if you're actively on the hunt for malware), this tool is your best friend. It combines the features of the now-retired Filemon and Regmon utilities to trace (and capture in an optional log file) the impact of a process as it starts, runs, and exits.

The "live" tools should work equally well in x86 and x64 versions of Windows Vista and Server 2008; I ran into a bug with Process Explorer and Handle.exe in my x64 testing, but corrected versions of both utilities were scheduled to go online today before Sysinternals Live opened to the public. Also, in Windows Vista and Server 2008 you can use "live" versions of command-line tools, but most require that you enter the command name in UNC syntax from an elevated prompt (click Start, type cmd in the Search box, select Cmd.exe from the results list, and press Ctrl+Shift+Enter).  The command-line tools I tested worked perfectly exactly as expected.

If you're a Sysinternals fan, you'll love Sysinternals Live.

Update 30-May-2008: For instructions on how to create a Windows Explorer shortcut in the Computer folder that displays the contents of the Sysinternals Live Tools folder, see Working with Sysinternals Live.

Topic: CXO

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

20 comments
Log in or register to join the discussion
  • An actual use for Live Mesh

    A Live Mesh-shared read-only version of this directory would be a great way to ensure that the latest versions of these (excellent) tools are always on one's HDD. I wonder if MS will "Mesh-enable" it?
    Jason Etheridge
    • Very nice suggestion!

      +1
      silent.griffin
  • RE: Free Sysinternals Windows utilities now available online, 24/7

    I've used Sysinternals tools for a couple of years now and they are simply great for finding out whats going on in a Microsoft Windows system. This live service will be a much valued service. Quite a few times I wish I could get to the tools when a system was going haywire.
    Loverock Davidson
  • Nice

    Russinovich and Cogswell have been producing system progs going back to the Win95 days and NTFSDOS. They've only gotten better and handier as time has gone on. Who can argue with easy live access, and a second way around?

    There is also the Sysinternals Suite available for download, for those who want hard copies of these utilities locally to disk:
    http://www.microsoft.com/technet/sysinternals/utilities/sysinternalssuite.mspx
    klumper
  • RE: Free Sysinternals Windows utilities now available online, 24/7

    Well going to www.sysinternals.com allows one to see a description of the utils. If one is using these items frequently do like I do and put them on a thumb drive.

    The original article said "The new service enables you to execute the most recent version of any Sysinternals tool directly from an Internet-connected PC, without having to hunt for the executable file and manually download it first." That may be the case if one is using IE to go to the website. However FireFox only allows one to download the file and not run it from the website.

    One thing I see is that using the live.sysinternals.com method you are always using the current version of the util. That is if one can get on the internet where the computer being scanned is located.
    bughunter999
    • Use the Run box

      You're right about the differences in browser behavior, but with all Windows versions you can bypass that by using the UNC paths here. A little extra typing, but less clicking.
      Ed Bott
  • Thumb Drive material

    These are already on my 'fix it' thumb drive that I use for doing repair and recovery work. Great stuff, I'm glad MS is keeping them out and free.

    Since Process Explorer is so much more advanced, I wonder why it isn't incorporated into Windows instead of the (almost) worthless task manager?
    Norcross
  • not so useful

    I still don't see the source code for these tools, so they are of limited used and sadly windoze only.
    Linux Geek
    • and your point is linux geek' i see none

      and your point is linux geek' i see none the headline tells you it's for windows.

      and i do not see any where that ED said it was open source. because it's not you can't see it.

      heck if you want them bad enough for Linux why not write your own. or do you need someone else to write the code for you. because you can't start from scratch.
      SO.CAL Guy
    • Hi! I've got a chip on my shoulder

      ...so I will contribute nothing useful except a pointless gripe!
      beoz
  • Process Explorer is crippled

    It used to be a great product that allowed you to kill processes. Now it suffers from the same problem the Task Manage has where it won't allow you kill certain processes. This basically limits it's usefulness for me.
    voska1
    • Have you reported at Sysinternals forums?

      There might be either a reason or a workaround.
      Ed Bott
  • UNC links aren't correct

    Just thought I'd point out--the UNC links are missing the \tools portion of the path.

    Thanks for the article!
    blu_vg@...
    • Fixed, thanks!

      I wish I could have made the links clickable, but WordPress insists on turning the UNC paths into URLs.
      Ed Bott
  • RE: Free Sysinternals Windows utilities now available online, 24/7

    What does this give me that I can't already do in Vista's reliability monitor?
    DonBurnett
  • ISP's Block Netbios etc. File Sharing Does not work

    Port 139/137 are being blocked more and more on the internet. As Such, this kind of distribution will not work.

    These ports are well exploited by viruses etc. It can still happen.
    magic@...
    • They're not NetBIOS shares

      What gave you that idea?
      Ed Bott
      • Net Bios.

        Must be SMB then.

        http://www.petri.co.il/what%27s_port_445_in_w2k_xp_2003.htm

        Either way accessing those files, seems very slow.
        magic@...
        • No, it's WebDAV

          Over HTTP, port 80.

          http://en.wikipedia.org/wiki/WebDAV
          Ed Bott
          • WebDAV

            Awesome, Thanks.

            I did not realize WebDAV was accessible in that manner(UNC). Learn something Every Day!!!
            magic@...