Windows Sysinternals Administrator's Reference

by Mark E. Russinovich, Aaron Margosis

Get in-depth guidance—and inside insights—for using the Windows Sysinternals tools available from Microsoft TechNet. Guided by Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis, you’ll drill into the features and functions of dozens of free file, disk, process, security, and Windows management tools. And you’ll learn how to apply the book’s best practices to help resolve your own technical issues the way the experts do.

Diagnose. Troubleshoot. Optimize.


Analyze CPU spikes, memory leaks, and other system problems Get a comprehensive view of file, disk, registry, process/thread, and network activity Diagnose and troubleshoot issues with Active Directory® Easily scan, disable, and remove autostart applications and components Monitor application debug output Generate trigger-based memory dumps for application troubleshooting Audit and analyze file digital signatures, permissions, and other security information Execute Sysinternals management tools on one or more remote computers Master Process Explorer, Process Monitor, and Autoruns

Genres: Technology, Computers, Computer Science, Reference, Technical, Software

494 pages, Paperback

First published January 1, 2009

About the author

Mark Russinovich is a Technical Fellow in Windows Azure, Microsoft's cloud operating system group. Russinovich is a widely recognized expert in Windows operating system internals as well as operating system architecture and design.

Russinovich joined Microsoft when Microsoft acquired Winternals software, the company he cofounded in 1996 and where he worked as Chief Software Architect. He is also cofounder of Sysinternals.com, where he wrote and published dozens of popular Windows administration and diagnostic utilities including Autoruns, Process Explorer and Tcpview.

Russinovich coauthored "Windows Internals" and "The Sysinternals Administrator's Reference," both from Microsoft Press, authored the cyberthriller Zero Day, is a Contributing Editor for TechNet Magazine and Senior Contributing Editor for Windows IT Pro Magazine, and has written many articles on Windows internals. He has been a featured speaker at major industry conferences around the world, including Microsoft's TechEd, IT Forum, and Professional Developer's Conference, as well as Windows Connections, Windev, and TechMentor, and has taught Windows internals, troubleshooting and file system and device driver development to companies worldwide, including Microsoft, the CIA and the FBI. Russinovich earned his Ph.D. in computer engineering from Carnegie Mellon University.

Reviews

[Chris · Rating 2 out of 5]

Too much time covering command line flags and menu items, not enough time covering case studies of how to use the tools. The final section that does this is really good, but unfortunately rather short compared to the reference portion.

[Juan · Rating 3 out of 5]

This book focuses on explaining how to use Sysinternals tools (options available, command line parameters, etc).
It's not technically hard to understand for a Windows admin. It's good for a begginer and intermediate, but not enough for a pro.
Final chapters are the best ones because deepens into real case scenarios. Unfortunatelly, that section is extremely short. I would appreciate more examples like these.

[Billy · Rating 3 out of 5]

This is a great companion if you’ve got use cases for SysInternals that really require leveraging all the advanced features and everything SysInternals has to offer. If you just want to learn how these tools work, you can get by with searching for blog posts or simply experimenting with them on a test system. So it can be hard to really get a good return on your time and money reading this book cover to cover. I found it much more valuable when I had specific projects that required, for example, diving deep into Autoruns.exe. In which case it was an excellent resource that covers things I was not able to find anywhere on the internet.

[Ivan Vagunin · Rating 3 out of 5]

2/3 of the book is like reading boring user manual, last part is good though.

[Tamahome]

I wish stores would stock it.

This is the shiznit. Although the Administrator account certainly isn't 'unrestricted'. You need the System user for that.

[Joel Tone · Rating 3 out of 5]

It needs more examples and fewer pages just listing off each switch.