1. Sysinternals Suite
○ Comprehensive system utility collection
○ Tools include:
§ Process Explorer
§ Process Monitor
§ Autoruns
§ Various diagnostic utilities
○ Essential for advanced Windows system management
From <https://claude.ai/chat/32155873-e13b-461c-ba7b-f4eb0c09aa09>
Sysinternals
onenote:#OTHER§ion-id={F27589B3-DDDB-4EE3-AC53-AAF0284DE4A5}&page-id={6A8CB161-D7FF-4789-A592-9025AB8BABA0}&object-id={3EED6F02-ABBD-4A09-B544-B5155300F11F}&22&base-path=https://d.docs.live.net/4a1e65c19d5d0748/OD%202024/Documentos/MS%20365/MD-100%20Windows%20IT%20Tools.one
In addition to the built-in performance monitoring tools in Windows, you also can download and use the Sysinternals suite of tools. Sysinternals offers a number of advanced system utilities. You can use a number of the following tools to monitor performance some of which include:
Contig. This tool enables you to defragment your frequently used files quickly.
DiskMon. This tool enables the computer to capture all hard disk activity, and acts like a software disk activity light in the system tray.
PageDefrag. This tool enables you to defragment your paging files and registry hives.
Process Explorer. This tool enables you to determine which files, registry keys, and other objects processes have open, which DLLs they have loaded, and more. This tool also displays who owns each process.
Process Monitor. This tool enables you to monitor file system, registry, process, thread, and dynamic-link library (DLL) activity in real time.
Autoruns. Extensive scan of programs, drivers, scripts, and extensions that are configured to run during bootup, sign in or when certain Windows applications launch.
----
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.
This handy command-line utility will show you what files are open by which processes, and much more.
List all the DLLs that are currently loaded, including where they are loaded and their version numbers. Version 2.0 prints the full path names of loaded modules.
Monitor serial and parallel port activity with this advanced monitoring tool. It knows about all standard serial and parallel IOCTLs and even shows you a portion of the data being sent and received. Version 3.x has powerful new UI enhancements and advanced filtering capabilities.
This new command-line utility is aimed at capturing process dumps of otherwise difficult to isolate and reproduce CPU spikes. It also serves as a general process dump creation utility and can also monitor and generate process dumps when a process has a hung window or unhandled exception.
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.
Monitor file system, Registry, process, thread and DLL activity in real-time.
Execute processes remotely.
Displays the SID of a computer or a user.
Terminate local or remote processes.
Show information about processes and threads.
View and control services.
Suspend and resume processes.
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.
Launch programs as a different user via a convenient shell context-menu entry.
See a breakdown of a process's committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types. Identify the sources of process memory usage and the memory cost of application features.
From <https://learn.microsoft.com/en-us/sysinternals/downloads/process-utilities>
From <https://learn.microsoft.com/en-us/training/modules/explore-support-diagnostic-tools/>
>> Explain & Give the Win+ R command to access for each programs:
Explain Reliability Monitor;
Compare Process Explorer and Process Monitor;
Examine the Diagnostics and Recovery Toolset;
Use the Steps Recorder;
Explore the Microsoft Management Console (MMC)
Reliability Monitor: perfmon /rel
Process Explorer: procexp.exe
Process Monitor: procmon.exe
Diagnostics and Recovery Toolset (DaRT): dart.exe
Steps Recorder: stepsrecorder.exe
Microsoft Management Console (MMC): mmc.exe
Autoruns: autoruns.exe
Contig: This tool enables you to defragment your frequently used files quickly.
DiskMon: This tool enables the computer to capture all hard disk activity, and acts like a software disk activity light in the system tray.
PageDefrag: This tool enables you to defragment your paging files and registry hives.
Process Explorer: This tool enables you to determine which files, registry keys, and other objects processes have open, which DLLs they have loaded, and more4. This tool also displays who owns each process.
Process Monitor: This tool enables you to monitor file system, registry, process, thread, and dynamic-link library (DLL) activity in real time4.
Autoruns: This tool performs an extensive scan of programs, drivers, scripts, and extensions that are configured to run during bootup, sign in, or when certain Windows applications launch.
----
Contig: There isn't a specific run command for Contig, but you can run it by opening a Command Prompt and typing contig.exe if it is in your system's PATH, or by navigating to its directory and running it from there.
DiskMon: Similar to Contig, DiskMon does not have a specific run command for the Run dialog, but you can execute it by typing diskmon.exe in the Command Prompt, provided it is in your PATH, or by running it from its directory.
PageDefrag: pagedfrg.exe (Run this from an elevated Command Prompt as it requires administrative privileges.)
Process Explorer: procexp.exe (If it's in your PATH or from its installation directory.)
Process Monitor: procmon.exe (If it's in your PATH or from its installation directory.)
Autoruns: autoruns.exe (If it's in your PATH or from its installation directory.)
What is the service or program to run (Windows + R) for: Reliability Monitor, Process Explorer and Process Monitor, Diagnostics and Recovery Toolset, Steps Recorder, Microsoft Management Console, Autoruns.
Reliability Monitor: perfmon /rel
Process Explorer: procexp.exe
Process Monitor: procmon.exe
Diagnostics and Recovery Toolset (DaRT): dart.exe
Steps Recorder: stepsrecorder.exe
Microsoft Management Console (MMC): mmc.exe
Autoruns: autoruns.exe
Descriptions for each tool:
Contig: This tool enables you to defragment your frequently used files quickly.
DiskMon: This tool enables the computer to capture all hard disk activity, and acts like a software disk activity light in the system tray.
PageDefrag: This tool enables you to defragment your paging files and registry hives.
Process Explorer: This tool enables you to determine which files, registry keys, and other objects processes have open, which DLLs they have loaded, and more4. This tool also displays who owns each process.
Process Monitor: This tool enables you to monitor file system, registry, process, thread, and dynamic-link library (DLL) activity in real time4.
Autoruns: This tool performs an extensive scan of programs, drivers, scripts, and extensions that are configured to run during bootup, sign in, or when certain Windows applications launch.
Contig: There isn't a specific run command for Contig, but you can run it by opening a Command Prompt and typing contig.exe if it is in your system's PATH, or by navigating to its directory and running it from there.
DiskMon: Similar to Contig, DiskMon does not have a specific run command for the Run dialog, but you can execute it by typing diskmon.exe in the Command Prompt, provided it is in your PATH, or by running it from its directory.
PageDefrag: pagedfrg.exe (Run this from an elevated Command Prompt as it requires administrative privileges.)
Process Explorer: procexp.exe (If it's in your PATH or from its installation directory.)
Process Monitor: procmon.exe (If it's in your PATH or from its installation directory.)
Autoruns: autoruns.exe (If it's in your PATH or from its installation directory.)
CMD: For tools like DiskMon, Contig, and Autoruns, which do not have default run commands via the Run dialog, you need to ensure the executable is in your system's PATH or navigate to their directory using Command Prompt to run them.
Let me know if there is anything else you'd like to learn or need assistance with!
Defragment utilities should not be used on solid-state drives (SSD).
From <https://learn.microsoft.com/en-us/training/modules/explore-support-diagnostic-tools/11-explore-additional-tools>