Peter Girnus

View Original

How to Easily Download & Install the Sysinternals Suite on Windows

Sysinternals Suite is a bundle of the Sysinternals utilities including Process Explorer, Process Monitor, Sysmon, Autoruns, ProcDump, all of the PsTools, and many more. Written Mark Russinovich the the Sysinternals Suite helps users, developers, cybersecurity professionals, researchers, and IT professionals to manage, troubleshoot and diagnose Windows and Linux systems and applications.

The full list of features included in the Sysinternals Suite includes: AccessChk, AccessEnum, ADExplorer, ADInsight, ADRestore, Autologon, Autoruns, BGInfo, CacheSet, ClockRes, Contig, Coreinfo, CPU Stress, DebugView, Desktops, Disk2vhd, DiskExt, DiskMon, DiskView, DU (Disk Usage), EFSDump, FindLinks, Handle, Hex2dec, Junction, ListDLLs, LiveKd, LoadOrder, LogonSessions, MoveFile, NotMyFault, NTFSInfo, PendMoves, PipeList, ProcDump, Process Explorer, Process Monitor, PsExec, PsFile, PsGetSid, PsInfo, PsKill, PsList, PsLoggedOn, PsLogList, PsPasswd, PsPing, PsService, PsShutdown, PsSuspend, RamMap, RDCMan, RegDelNull, Regjump, RU (Registry Usage), SDelete, ShareEnum, ShellRunas, Sigcheck, Streams, Strings, Sync, Sysmon, TCPView, Testlimit, VMMap, VolumeID, WhoIs, WinObj, and ZoomIt.

Stay up to date with the latest Sysinternals news directly from the Microsoft Sysinternals blog.

In this blog post we'll go over the steps necessary to download and install the Sysinternals Suite using the Windows Package Manager (WinGet), confirming the installation as well the the path to the various executables that make up the Sysinternals Suite, and finally we will execute a Sysinternals application from a PowerShell terminal.

Where to Download the Sysinternals Suite

The Sysinternals toolset can be downloaded directly from the Microsoft community Sysinternals Utilities Index Page. In addition to downloading directly from the Microsoft Sysinternals resource page, Windows users can download and install the Sysinternals Suite through the Microsoft Store.

The way final and most efficient way to download and install the Sysinternals Suite is by using the Windows Package Manager (WinGet). In this how-to post we will use to winget to search, gather metadata, download, and install the the Sysinternals Suite package using powershell.

First, we need verify that we are able to use winget, and if necessary download and install the Windows Package Manager using the: How To Use Windows Package Manager (WinGet) article.

winget search sysinternals

Once we have confirmed that we can use winget we can move onto searching for the Sysinternals Suite package. We can perform a simple winget search for the sysinternals package.

See this content in the original post

Using this command searchers the winget-pkgs repository as well as the Microsoft App store registry for packages that match our keyword.

Output of the winget search sysinternals command

Bases on the output we can see there are multiple packages that contain the sysinternals keyword. We will focus on the Sysinternals Suite which is sourced from the Microsoft App store since we are interested in the full selection of system tools provided to us by this toolset.

winget show "Sysinternals Suite"

Once we have identified the sysinternals package we are interested in we can explore the the packages metadata to understand some key information concerning this package such as Publisher and URL’s. This can be easily accomplished with the winget show command.

See this content in the original post

This allows us to understand who is maintaining this package and where this package is coming from. Important security questions to ask yourself before downloading and installing software from the internet.

Output of the winget show “Sysinternals Suite” command

Once we’ve confirmed the Publisher and installer source we can proceed to download and install this package with winget.

Installing the Sysinternals Suite

After we’ve reviewed the pertinment package metadata we can install the Sysinternals Suite package using the Windows Package Manager (WinGet) utility.

winget install "Sysinternals Suite"

In order to install the Sysinternals Suite package with winget we can use the winget install command. The following command will handle the downloading and installation of the Sysinternals Suite package for us.

See this content in the original post

Output of the winget install “Sysinternals Suite” command

During the installation process we’ll be asked to accept and agree to the the publisher terms.

We can confirm that the Sysinternals Suite application was successfully installed using the winget list command.

See this content in the original post

Output of the winget list “Sysinternals Suite” command

If successfully installed winget will return the Name, Id, Version, and Source of the application install.

Exploring the Sysinternals Suite

Windows saves Windows Applications to the following directory. This directory is also part of our Users Windows Path environment variable meaning that we can access it’s contents directly from PowerShell and CMD terminals.

See this content in the original post

Listed inside the WindowsApps directory the Microsoft.SysinternalsSuite_8wekyb3d8bbwe directory contains the applications that make up the full Sysinternals Suite.

See this content in the original post

Using PowerShell, we can explore the installed applications that make up the Sysinternals Suite by listing the directory with Get-ChildItem and using Select-Object to filter on the Name property value.

The full command contents of the following.

See this content in the original post

Using this command gives us a full list of applications installed as part of the Sysinternals Suite. We can see notable executables such as procdump.exe and Procomon.exe which make up the core of Sysinternals.

Output of powershell command to list sysinternals applications

We can confirm that we have access to the WindowsApps directory through our path using the the following command.

See this content in the original post

This command will output our $env:Path variable from which we can use Split() method to split the string on semicolons and finally search the output using Select-String for the WindowsApps string which should be included in our User path.

Finding WindowsApps using the $env:Path variable and string splitting operations

Important to note is that the %LOCALAPPDATA%\Microsoft\WindowsApps should be included by default in the Path variable on all modern Windows devices, so this demonstration only serves as a verification exercise.

If our Windows environment Path variables contains the %LOCALAPPDATA%\Microsoft\WindowsApps directory we can simply call one of the Sysinternals executables such as Procmon.exe contained in %LOCALAPPDATA%\Microsoft\WindowsApps\Microsoft.SysinternalsSuite_8wekyb3d8bbwe.

See this content in the original post

Running Procmon.exe from PowerShell

Congratulations! You’ve just successfully downloaded and installed the Sysinternals Suite using the Windows Package Manager (WinGet). Additionally you verified the installation, the Windows Environment Path, as well as executed Procmon using PowerShell.

Learn More

If you’d like to learn more about troubleshooting and detailed usage using the Sysinternals Suite I highly recommend the official Microsoft Sysinternals book authored by the creator of Sysinternals itself, Mark Russinovich. This book will greatly increase your understanding of this powerful toolset.

See this Amazon product in the original post

Conclusion

In conclusion, the Sysinternals Suite stands as an invaluable resource for a diverse range of users, encompassing developers, cybersecurity professionals, researchers, IT professionals, and general users seeking to enhance their system management, troubleshooting, and diagnostic capabilities. This comprehensive bundle contains a plethora of essential utilities such as Process Explorer, Process Monitor, Sysmon, Autoruns, ProcDump, PsTools, and more. Through its diverse toolset, the Sysinternals Suite facilitates the efficient administration, information gathering, and optimization of both Windows and Linux systems and applications.

See this social icon list in the original post