# Sysinternals Utilities - Sysinternals | Microsoft Learn Summary — Sysinternals Utilities Index Overview * Sysinternals is a collection of Windows utilities (standalone tools and suites) for system diagnostics, troubleshooting, and administration. * Multiple consolidated downloads are provided: * Sysinternals Suite: * Sysinternals Suite for Nano Server: * Sysinternals Suite for ARM64: * Microsoft Store installation/updates: Notable tools (tool name — purpose / short description) * AccessChk — view effective permissions on files, registry keys, services, processes, kernel objects. * AccessEnum — shows who has access to directories, files, and Registry keys. * AdExplorer — Active Directory viewer and editor. * AdInsight — LDAP real-time monitoring for AD client troubleshooting. * AdRestore — undelete Active Directory objects. * Autologon — configure bypass of the password screen on logon. * Autoruns — shows programs and Registry/file locations configured to start automatically. * BgInfo — generates desktop backgrounds that show system info (IP, computer name, adapters). * BlueScreen — Blue Screen simulation screensaver with simulated reboot/CHKDSK. * CacheSet — control Cache Manager working set size. * ClockRes — view system clock (timer) resolution. * Contig — defragment or create contiguous files. * Coreinfo — map logical processors to physical CPU, NUMA, caches. * Ctrl2Cap — remap Caps Lock to Ctrl. * DebugView — capture DbgPrint and OutputDebugString output. * Desktops — create up to four virtual desktops and switch between them. * Disk2vhd — create VHDs from physical disks for virtualization (P2V). * DiskExt — display volume disk-mappings. * Diskmon — capture or indicate disk activity. * DiskView — graphical disk sector viewer. * Disk Usage (DU) — view directory disk usage. * EFSDump — view info for encrypted files. * FindLinks — report file index and hard links for a file. * Handle — show open files and which processes hold them. * Hex2dec — convert hex to decimal and vice versa. * jcd — enhanced directory navigation (substring matching, smart selection) for Linux and macOS. * Junction — create NTFS junction points / symbolic links. * LDMDump — dump Logical Disk Manager on-disk database. * ListDLLs — list DLLs loaded by processes and their locations/versions. * LiveKd — use kernel debuggers to examine a live system. * LoadOrder — show device load order on older NT systems. * LogonSessions — list active logon sessions. * MoveFile / PendMoves — schedule moves/deletes for next reboot; enumerate pending moves. * NotMyFault — induce crashes, hangs, kernel leaks for testing. * NTFSInfo — detailed NTFS volume information (MFT, meta-data sizes). * PipeList — display named pipes and instance counts. * PortMon — monitor serial/parallel port activity and IOCTLs. * ProcDump — capture process dumps (CPU spikes, hung windows, exceptions). * Process Explorer — inspect processes, open handles, loaded DLLs, owners. * Process Monitor — real-time monitoring of file system, Registry, process, thread, and DLL activity. * PsExec and PsTools (PsFile, PsGetSid, PsInfo, PsKill, PsPing, PsList, PsLoggedOn, PsLogList, PsPasswd, PsService, PsShutdown, PsSuspend) — remote/local process and system administration utilities. * RAMMap — advanced physical memory usage analysis. * RDCMan — manage multiple Remote Desktop connections. * RegDelNull — delete Registry keys with embedded null characters. * Registry Usage (RU) — view registry space usage. * RegJump — open a registry path directly in Regedit. * SDelete — securely overwrite files and free space. * ShareEnum — scan network shares and review security settings. * ShellRunas — run programs as another user via context menu. * Sigcheck — dump file version info and check digital signatures. * Streams — reveal NTFS alternate data streams. * Strings — search for text in binaries. * Sync — flush cached data to disk. * Sysmon — monitor and log key system activity to the Windows event log. * TCPView — view active TCP/UDP endpoints and sockets. * VMMap — analyze process virtual and physical memory. * VolumeId — set the volume ID of FAT/NTFS drives. * Whois — query ownership of Internet addresses. * WinObj — view the Object Manager namespace. * ZoomIt — presentation tool for zooming and drawing on-screen. Additional resources * Training module: "Explore support and diagnostic tools - Training" — Metadata * Last updated: 11/17/2025 If you want, I can: * Produce a condensed cheat-sheet of the most commonly used Sysinternals tools, or * Convert this summary into a GitBook-ready page using stepper/tabs/expandable blocks for selected tool groups.