Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual techdays INDIA │ 18-20 august 2010 Windows Sysinternals Primer: Process Explorer, Process Monitor & More Tools Aviraj Ajgekar │ Regional Site Manager.

Published byLoraine Mills Modified over 8 years ago

Similar presentations

Presentation on theme: "Virtual techdays INDIA │ 18-20 august 2010 Windows Sysinternals Primer: Process Explorer, Process Monitor & More Tools Aviraj Ajgekar │ Regional Site Manager."— Presentation transcript:

1 virtual techdays INDIA │ 18-20 august 2010 Windows Sysinternals Primer: Process Explorer, Process Monitor & More Tools Aviraj Ajgekar │ Regional Site Manager │ Microsoft Corporation http://blogs.technet.com/avirajhttp://blogs.technet.com/aviraj │ Email i-aviraj@microsoft.com

2  Introduction to Sysinternals  Process Explorer  Process Monitor  PsExec  Additional Sysinternals Utilities - Demo virtual techdays INDIA │ 18-20 august 2010 S E S S I O N A G E N D A

3  High quality, advanced diagnostic and troubleshooting tools  Single executable package, no install needed  Free!  Authored by Mark Russinovich and/or Bryce Cogswell  Quick turnaround/update cycle  Limited support virtual techdays INDIA │ 18-20 august 2010 Introduction To Sysinternals

4  http://www.Sysinternals.com http://www.Sysinternals.com  Redirects to technet.microsoft.com  Sysinternals Suite contains all the tools in one zip file  Site blog announces all updates  http://blogs.technet.com/Sysinternals http://blogs.technet.com/Sysinternals  Run directly from the web: Sysinternals Live  http://live.sysinternals.com/procmon.exe, or http://live.sysinternals.com/procmon.exe  \\live.sysinternals.com\tools\procmon.exe \\live.sysinternals.com\tools\procmon.exe  UNC syntax requires WebClient service  Videos on troubleshooting with the tools virtual techdays INDIA │ 18-20 august 2010 Sysinternals Website Features

5 virtual techdays INDIA │ 18-20 august 2010 Ever See This? Or this?

6 virtual techdays INDIA │ 18-20 august 2010 Tip: Unblock before extracting (Remote Zone Information)

7  What is a process?  Task Manager – The Good, The Bad, The Ugly  Demo’s virtual techdays INDIA │ 18-20 august 2010 Processor Explorer

8 What is a Process? A process is a container for a set of resources, including one or more threads. Threads – not processes – do the work and consume CPU, memory, etc Every process has at least one thread One or More threads Open handles Security Tokens Virtual Memory Address space

9  The good  Great for users of limited technical knowledge.  High level flat list of processes, services, users and system performance.  The bad  Doesn’t show path to executable.  Doesn’t show fractional CPU.  The ugly  Doesn’t show multi purpose processes.  Example: svchost.exe  Doesn’t show what might be causing a process to misbehave.  Doesn’t distinguish the different types of processes.  Doesn’t show threads virtual techdays INDIA │ 18-20 august 2010 Task Manager The good, the bad, the ugly

10  The Good  Parent/Child Relationships  “Peer” into processes  The Better  Options galore  Process Highlighting  The Best  Customized Columns  Threads  CPU, Context Switch Delta, Cycles Delta  Determine which thread is consuming CPU virtual techdays INDIA │ 18-20 august 2010 Process Explorer The good, the better, the best

11 virtual techdays INDIA │ 18-20 august 2010 DEMO: Process Explorer Aviraj Ajgekar │ Microsoft Corporation

12  Process Explorer shows a moving snapshot  Process Monitor is a logging utility  Captures detailed info about:  All registry activity  All file system activity  Process and thread events, including DLL load  Network activity  Periodic process profiling data virtual techdays INDIA │ 18-20 august 2010 Process Monitor

13  Save results for viewing elsewhere  Can log boot activity  Advanced filtering capabilities  Filters can be saved and exported  Analysis tools for data mining  Command-line scriptable  Highly scalable virtual techdays INDIA │ 18-20 august 2010 Process Monitor Features

14 Process Monitor Event Detail

15 virtual techdays INDIA │ 18-20 august 2010 DEMO: Process Monitor Aviraj Ajgekar │ Microsoft Corporation

16  Execute processes on remote computers  Redirected console I/O  Remote-enable console apps  Execute processes as System virtual techdays INDIA │ 18-20 august 2010 PsExec

17 PsExec Syntax psexec [Computers] [Options] command [arguments] Computers = \\computer[,computer2[,...]] or \\* or @file Alternate credentials (optional): -u username [-p password]

18 PsExec Alternate Credentials [-u username [-p password]]  Can omit -p: it prompts you, doesn’t echo Used twice: 1.To authenticate to the remote computer 2.To create a new logon on the remote computer  #2 puts the credentials on the wire in the clear  Required for remote access when:  Current account is not admin on the remote, or  Remote process needs to access network, or  Remote process needs to run interactive

19 PsExec Options (Eye chart) OptionDescription -dDon’t wait for the process to terminate. Process Performance Options -background -low -belownormal -abovenormal -high -realtime Run the process at a different priority. -a n,n…Specify the CPUs on which the process can run. Remote Connectivity Options -c [-f|-v] Copies the specified program from the local to the remote system. If you omit this option, the application must be in the system path on the remote system. Adding -f forces the copy to occur; -v performs a version or timestamp check and copies only if the source is newer. -n secondsSpecifies timeout in seconds connecting to remote computers. Runtime environment options -sRun the process in the System account. -i [session]Run the program on an interactive desktop. -xRun the process on the Winlogon secure desktop. -w directorySet the working directory of the process. -eDoes not load the specified account’s profile. -hUse the account’s elevated context, if available. -lRun the process as a limited user.

20 virtual techdays INDIA │ 18-20 august 2010 DEMO: PsExec Aviraj Ajgekar │ Microsoft Corporation

21 PsExec Tips Don’t forget /accepteula Remoted Sysinternals utilities will hang Things you can’t do in a redirected console: CLS MORE Text coloring Tab completion PowerShell v1

22 Run Procmon Past Logoff Non-interactively, with PsExec -s Must specify a backing file Must not have user interaction Procmon must exit cleanly To start: PsExec -s -d Procmon.exe /AcceptEula /Quiet /BackingFile C:\Procmon.pml To stop: PsExec -s -d Procmon.exe /AcceptEula /Terminate

23 virtual techdays INDIA │ 18-20 august 2010 DEMO: Sysinternals Utilities such as Disk2VHD & More Aviraj Ajgekar │ Microsoft Corporation

24 Additional Resources Mark Russinovich’s blog: – http://blogs.technet.com/b/MarkRussinovich http://blogs.technet.com/b/MarkRussinovich Blog posts and utilities by Aaron Margosis – http://blogs.msdn.com/b/aaron_margosis http://blogs.msdn.com/b/aaron_margosis – http://blogs.technet.com/b/fdcc http://blogs.technet.com/b/fdcc Aviraj Ajgekar’s Blog – http://blogs.technet.com/b/aviraj http://blogs.technet.com/b/aviraj

25 question & answer

26 virtual techdays THANKS │ 18-20 august 2010 Email i-aviraj@microsoft.com │Blog: http://blogs.technet.com/aviraj i-aviraj@microsoft.comhttp://blogs.technet.com/aviraj Thank You

Download ppt "Virtual techdays INDIA │ 18-20 august 2010 Windows Sysinternals Primer: Process Explorer, Process Monitor & More Tools Aviraj Ajgekar │ Regional Site Manager."

Similar presentations

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
15.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
How to use Sysinternals tools to troubleshoot SharePoint/Office

How to use Sysinternals tools to troubleshoot SharePoint/Office
Sysinternals Primer: Gems Aaron Margosis Principal Consultant Microsoft Corporation SIA311.

Sysinternals Primer: Gems Aaron Margosis Principal Consultant Microsoft Corporation SIA311.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
14.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Chapter 14 Chapter 14: Server Monitoring and Optimization.

Chapter 14 Chapter 14: Server Monitoring and Optimization.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Thirteen Performing Network.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Thirteen Performing Network.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 14 Server and Network Monitoring.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 14 Server and Network Monitoring.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Front end GUI for PsExec, A fast and easy remote deployment utility.

Front end GUI for PsExec, A fast and easy remote deployment utility.
CCNA 2 v3.1 Module 2.

CCNA 2 v3.1 Module 2.
Virtual techdays INDIA │ 22-24 November 2010 Windows Virtual PC & Windows XP Mode Aviraj Ajgekar │ Regional Site Manager │ Microsoft Corporation Blog:

Virtual techdays INDIA │ November 2010 Windows Virtual PC & Windows XP Mode Aviraj Ajgekar │ Regional Site Manager │ Microsoft Corporation Blog:
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
1 Semester 2 Module 2 Introduction to Routers Yuda college of business James Chen

1 Semester 2 Module 2 Introduction to Routers Yuda college of business James Chen
Guide to MCSE 70-290, Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.

Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
Virtual techdays INDIA │ 18-20 august 2010 IIS 7/7.5 Tips & Tricks Jaskirat Singh │ Technical Lead [IIS|Asp.Net team], Microsoft.

Virtual techdays INDIA │ august 2010 IIS 7/7.5 Tips & Tricks Jaskirat Singh │ Technical Lead [IIS|Asp.Net team], Microsoft.
Ch 11 Managing System Reliability and Availability 1.

Ch 11 Managing System Reliability and Availability 1.

Similar presentations

Ads by Google