Tip: Sysinternals Live on your PATH

Tip: Sysinternals Live on your PATH

Summary: Do you use Microsoft's Sysinternals tools regularly, like I do? Do you always want to be using the latest versions? Here's a way you'll never fall behind.

TOPICS: Security, Windows

Technical Windows users quickly fall in love with the Sysinternals tools. They are a set of technical programs for Windows, largely for system and network diagnostics. The most famous and popular are Process Explorer, which is Windows Task Manager with super powers, and Autoruns, which provides control over programs which load with Windows (there are a lot more than you'd think).

The tools were written by Mark Russinovich and Bryce Cogswell while the pair ran their company Winternals. Microsoft bought the company many years ago, basically to get Russinovich and Cogswell and their considerable expertise, but they have kept Sysinternals going on, hosted now by Microsoft.

Typically, people download these tools put them in "c:\program files\sysinternals" or some such directory. But every now and then Russinovich updates the key tools. At that point you have to download the full suite or just the ones that changed on every system on which you run them.

Run Sysinternals tools directly from the site (Image: ZDNet)

A while back I thought I was clever and decided to put them in my Dropbox folder. That way I could put "c:\users\larry\dropbox\sysinternals" on the PATH on all my systems and only have to update that one folder.

But there's a better way.

The current versions of the Sysinternals utilities are always directly available on Sysinternals Live. The actual files are in that location and in the /tools subdirectory. As the nearby image shows, the home page for many of the utilities includes a link directly to the file on Sysinternals Live. And the Sysinternals home page includes this note:

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or  \\live.sysinternals.com\tools\<toolname>

The next logical step is to put the Sysinternals Live location in your PATH. Instead of putting "c:\program files\sysinternals" or some other local or network location, put "\\live.sysinternals.com\tools". In this way, you will always execute the current version of the tool.

You will probably notice a delay in execution that wasn't there before. Personally, I've decided it's a small price to pay. There is also the issue of what happens if you're offline. One possible solution is to keep a local copy and put it after "\\live.sysinternals.com\tools" in the PATH. For reasons unclear to me, you need to use the /tools directory even though all the same tools are in the root.

Of course this tip isn't exclusive to Sysinternals, although it won’t often make sense to use this technique. For instance, perhaps your company has an Intranet with tools available on it; you can address those tools with the same \\server\directory\filename syntax, including in the PATH.

It's possible that many of you don’t know what the PATH is or how to set it. PATH is a concept that goes back to MS-DOS 2.0. It's a system environment variable that contains a list of directory names DOS/Windows uses to look for programs you have asked to execute if the name you supplied is not fully qualified or is not in the current working directory. There are many other environment variables; open a command line session and enter SET to see a list of them.

You can set the values of these variables at the command line with the SET command, but that will only affect variables local to that process. There is a separate set of variables that are global to Windows, and this is the PATH you want to modify.

Windows has never been good about letting users modify the global environment. It provides only one method for end users (see the image):

Setting environment variables in Windows. (Image: ZDNet)

Go to Control Panel-System; click the Advanced System Settings link on the left; click the Environment Variables button; select PATH (or whatever other variable you wish) in the System Variables section; edit the variable in the tiny little dialog box they give you.

[Update: Thanks to reader Mr.SV for pointing out that the Windows command line tool SETX can modify the system environment. In this example, the command would be:
                  SETX PATH "%PATH%;\\live.sysinternals.com\tools;"

Some alternatives: You can set environment variables using Windows Group Policy and there are many third party tools for setting them. I like Rapid Environment Editor

Thank you to Mark Russinovich for his help with this and many other stories.

Topics: Security, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Sysinternals

    I love this tools, Microsoft should just put them by default to Windows and update through WU.

    BTW, Environment Variables, just use setx, for example:
    setx path "%PATH%;D:\SysIn"
    • I forgot about SETX!

      You need a /M on that example and to be runninng as Administrator.

      I'll add this to the story soon
  • suggestion

    I would suggest synchronizing a local copy with the live repository. The update frequency is not very high for the Sysinternals tools. Even though the path supports network locations, it will cause more delays as each network location is searched for the command. The search and delay will occur for each unqualified command execution. The situation can make for a challenging troubleshooting session.
    • Syncronize contents with Task Manager

      I create a simple task with daily recurrence that copy the contents of Live Sysinternals tools folder with a folder on my machine, like this:
      robocopy \\live.sysinternals.com\tools\ C:\sysinternals
      Well done...
      • Mising paramter

        Off course, including the parameter /MIR in the command above, that copy only the modified content.
  • WSCC

    An alternative is to use WSCC to access Sysinternals ans Nirsoft utilities. It has other advantages, as you can search for the best utility for your needs from both sources and give you the choice to run directely or download to your computer. http://www.kls-soft.com/wscc/index.php
    • WSCC rocks

      I too use WSCC. It manages the updates and has some useful tools too. Recommended!
  • I do prefer to keep a local copy . . .

    Interesting thought - although I do prefer to keep a local copy - because one of those things I might need to diagnose on occasion is my internet connection. Can't very well use those tools via a network path if the network is down.

    That said, I think I could set up GoodSync to automatically update them via the network path.