Archive

Posts Tagged ‘autoruns’

Useful Tools–Troubleshooting on a Microsoft Platform

July 30, 2011 1 comment

I spend a great deal of time troubleshooting Windows Servers. I try and use free or open source tools wherever possible. Here are my favourite/most frequently used. I tend to have copies of most of these with me at all times on a USB stick, as you never know when they might be useful.

This is by no means an exhaustive list of troubleshooting tools, but these tend to be the ones that I use the most.

If any other technical support professionals find that they tend to use a utility very frequently, I would be interested to know. I intend to keep this list up-to-date.

Process & Performance

Microsoft Process Explorer – Part of the Sysinternals Suite,  developed by Mark Russinovich, and is currently in it’s 15th major version. It is perhaps the most useful tool in my arsenal. It is what Task Manager should be, with the default view showing a tree structure containing the system processes in a parent-child relationship. It allows you to examine threads, dlls, handles, performance information, the list goes on and on. This is practically a one stop shop for examining running processes and could easily have it’s own instruction manual.

Process_Explorer

Microsoft Process Monitor – Another must have tool from the Sysinternals Suite, developed by Mark Russinovich and Bryce Cogswell. This tool provides real time monitoring of process activities such as process start and stop, file reads and writes, network reads and writes, registry reads and writes and process profiling. You can compare process activities, examine a process’ stack at any point, etc. You can even configure it to start capturing events at boot time- can be very useful.

Procmon

Microsoft Sysinternals Suite – The full collection of Sysinternals tools, including Process Explorer, Process Monitor, PSList, PSExec, PSInfo, handle, ProcDump and many more.

AutoRunsYet another superb utility from the Sysinternals Suite. This one displays everything that gets loaded during the start-up process. It includes everyway I have ever thought of, and then some. Registry ‘Run’ keys, startup groups, explorer shell extensions, IE Browser helper objects, Scheduled Tasks, Services, Drivers, Winsock Providers, Print Monitors, LSA Providers, Network Providers, Sidebar Gadgets, CODECS, Boot Execute, Appinit & Winlogon. It even shows image hijacks. You can disable the items with the tickboxes, jump to that place (either an explorer window or registry editor), delete them, etc.

Autoruns

Windows Performance Monitor – Built into windows, this is a very useful utility for monitoring performance counters collected by the system. Every new version of Windows includes more counters. The tool can be configured to collect performance data in the background, for later review. This can be scheduled to run easily, and has very little impact on system performance.

Performance_Monitor

Xperf & The Windows Performance Toolkit – Included as part of the Microsoft Windows SDK (a very useful collection of utilities and tools), Xperf taps into the ETW and can pull out tons of data-

Xperf_001

Windows Debugging Tools – The latest version is again included in the Microsoft Windows SDK. After configuring symbols, you can analyse crash dumps, process dumps, live processes and live systems. This is the tool that I would most like to learn to use, and the one I find most difficult to master.

Disk Utilities

MyDefrag – Simple to use disk defragmenter. This is not pretty to look at, but is an excellent tool. It can provide a detailed log output, and can defragment however you want it to. It uses simple scripts to perform the defrag, with included scripts for system and non-system disk monthly, weekly and daily scans. You can also find other scripts on the website for more specialist uses.

SpaceSniffer – Visualisation of disks and folders allowing you to easily understand the layout of the disk and where the space is being used. It creates a treemap, where the folders are shown as regions with files and subfolders as subregions.

SpaceSniffer

Network Monitoring

Microsoft Network Monitor – Monitors network traffic, allowing capture, viewing and analysing data from many network protocols. The later versions can work in promiscuous mode and even support wireless networks.

TCPView – Another Sysinternals utility – this provides an easy to use, easy to view interface which will show protocol, connections, connection states, sent and received, local address and port, remote address and port, etc. You can terminate the process responsible, or close the port. Addresses can be auto-resolved and you can perform a whois.

TCPView

Miscellaneous

7-zip – A tiny, simple, open source compression / decompression utility that can extract from and compress to many different compressed file formats. It also includes a 7-zip file format, which has superb compression ratios. Available in 32-bit and 64-bit versions.

7-zip

Notepad++ – An open source text editing application that is incredibly feature rich. It is small and very fast, has superb search facilities and has display abilities for a variety of components such as XML, VBS, C, C++, C#, HTML, VB, Perl, JavaScript, PHP, PowerShell, SQL and more. The Find & Find/Replace features are brilliant, with multiple find methods including using regular expressions. A plugin architecture allows you to install and use extra features (such as the included spell checker)

Notepad

HRPlus – This is a little utility for looking up HResult error codes. It can search within DLL files too, making it rather useful.

HR_Plus