search
InicioSuporTech® WebSuporTech® Loja Online SuporTech® Ferramentas

Sysinternals Utilities - Sysinternals | Microsoft Learn

Summary — Sysinternals Utilities Index

Overview

  • Sysinternals is a collection of Windows utilities (standalone tools and suites) for system diagnostics, troubleshooting, and administration.

  • Multiple consolidated downloads are provided:

    • Sysinternals Suite: https://download.sysinternals.com/files/SysinternalsSuite.zip

    • Sysinternals Suite for Nano Server: https://download.sysinternals.com/files/SysinternalsSuite-Nano.zip

    • Sysinternals Suite for ARM64: https://download.sysinternals.com/files/SysinternalsSuite-ARM64.zip

    • Microsoft Store installation/updates: https://www.microsoft.com/store/apps/9p7knl5rwt25

Notable tools (tool name — purpose / short description)

  • AccessChk — view effective permissions on files, registry keys, services, processes, kernel objects.

  • AccessEnum — shows who has access to directories, files, and Registry keys.

  • AdExplorer — Active Directory viewer and editor.

  • AdInsight — LDAP real-time monitoring for AD client troubleshooting.

  • AdRestore — undelete Active Directory objects.

  • Autologon — configure bypass of the password screen on logon.

  • Autoruns — shows programs and Registry/file locations configured to start automatically.

  • BgInfo — generates desktop backgrounds that show system info (IP, computer name, adapters).

  • BlueScreen — Blue Screen simulation screensaver with simulated reboot/CHKDSK.

  • CacheSet — control Cache Manager working set size.

  • ClockRes — view system clock (timer) resolution.

  • Contig — defragment or create contiguous files.

  • Coreinfo — map logical processors to physical CPU, NUMA, caches.

  • Ctrl2Cap — remap Caps Lock to Ctrl.

  • DebugView — capture DbgPrint and OutputDebugString output.

  • Desktops — create up to four virtual desktops and switch between them.

  • Disk2vhd — create VHDs from physical disks for virtualization (P2V).

  • DiskExt — display volume disk-mappings.

  • Diskmon — capture or indicate disk activity.

  • DiskView — graphical disk sector viewer.

  • Disk Usage (DU) — view directory disk usage.

  • EFSDump — view info for encrypted files.

  • FindLinks — report file index and hard links for a file.

  • Handle — show open files and which processes hold them.

  • Hex2dec — convert hex to decimal and vice versa.

  • jcd — enhanced directory navigation (substring matching, smart selection) for Linux and macOS.

  • Junction — create NTFS junction points / symbolic links.

  • LDMDump — dump Logical Disk Manager on-disk database.

  • ListDLLs — list DLLs loaded by processes and their locations/versions.

  • LiveKd — use kernel debuggers to examine a live system.

  • LoadOrder — show device load order on older NT systems.

  • LogonSessions — list active logon sessions.

  • MoveFile / PendMoves — schedule moves/deletes for next reboot; enumerate pending moves.

  • NotMyFault — induce crashes, hangs, kernel leaks for testing.

  • NTFSInfo — detailed NTFS volume information (MFT, meta-data sizes).

  • PipeList — display named pipes and instance counts.

  • PortMon — monitor serial/parallel port activity and IOCTLs.

  • ProcDump — capture process dumps (CPU spikes, hung windows, exceptions).

  • Process Explorer — inspect processes, open handles, loaded DLLs, owners.

  • Process Monitor — real-time monitoring of file system, Registry, process, thread, and DLL activity.

  • PsExec and PsTools (PsFile, PsGetSid, PsInfo, PsKill, PsPing, PsList, PsLoggedOn, PsLogList, PsPasswd, PsService, PsShutdown, PsSuspend) — remote/local process and system administration utilities.

  • RAMMap — advanced physical memory usage analysis.

  • RDCMan — manage multiple Remote Desktop connections.

  • RegDelNull — delete Registry keys with embedded null characters.

  • Registry Usage (RU) — view registry space usage.

  • RegJump — open a registry path directly in Regedit.

  • SDelete — securely overwrite files and free space.

  • ShareEnum — scan network shares and review security settings.

  • ShellRunas — run programs as another user via context menu.

  • Sigcheck — dump file version info and check digital signatures.

  • Streams — reveal NTFS alternate data streams.

  • Strings — search for text in binaries.

  • Sync — flush cached data to disk.

  • Sysmon — monitor and log key system activity to the Windows event log.

  • TCPView — view active TCP/UDP endpoints and sockets.

  • VMMap — analyze process virtual and physical memory.

  • VolumeId — set the volume ID of FAT/NTFS drives.

  • Whois — query ownership of Internet addresses.

  • WinObj — view the Object Manager namespace.

  • ZoomIt — presentation tool for zooming and drawing on-screen.

Additional resources

  • Training module: "Explore support and diagnostic tools - Training" — https://learn.microsoft.com/en-us/training/modules/explore-support-diagnostic-tools/?source=recommendations

Metadata

  • Last updated: 11/17/2025

If you want, I can:

  • Produce a condensed cheat-sheet of the most commonly used Sysinternals tools, or

  • Convert this summary into a GitBook-ready page using stepper/tabs/expandable blocks for selected tool groups.

AnteriorAccessChk - Sysinternals | Microsoft LearnPróximoAD Explorer - Sysinternals | Microsoft Learn