Windows® Sysinternals Administrator's Reference [Paperback]

I was excited to hear that the legendary Mark Russinovich had teamed up with all-around-smart guy Aaron Margosis to put together a guide to the Sysinternals toolset. Titled Windows Sysinternals Administrator's Reference, can get it for your Kindle, or as I did, in old-fashioned dead-tree format, suitable for scribbling in and dog-earing to your heart's content.

Now, for the rare techie who's not already a big fan of the Sysinternals tools, I'll give a bit of background. The collection includes around 70 freeware utilities grouped into six loose categories (Process Utilities, Security Utilities, File and Disk Utilities, Networking Utilities, System Info, and Miscellaneous) the majority of which run on any version of Windows (XP and later). I've been using several of the tools on an almost daily basis for a decade. I use Sysinternals utilities to deeply understand the guts of every product I've ever worked on, and to resolve problems with many pieces of software I otherwise know little about..

One of the perks of working in the Windows division at Microsoft is access to the source code of every version of Windows we've shipped in the last decade, but when I want to understand how our software works, I turn to Fiddler and the Sysinternals tools. Why? Because these utilities tell you the truth and show what's really going on. Source code is super-useful, of course, but it's often much more challenging to dig through--there are tens of millions of lines of code to sift through, and they interact in ways that were never formally documented, and sometimes, we find, ways that were never intended. The advantage of using monitoring utilities is that you get to see what's happening, and that usually brings you 90% of the way to a solution. The ability to "peek inside" software as it runs is astonishingly empowering-- in the same way that xrays and MRIs have had a huge impact on the practice of medicine.

Just booting Fiddler or Process Monitor and watching the events fly by will provide a non-trivial level of insight into how software on your computer works. But there's a difference between toying with these utilities and fully exploiting their power, and this is where Mark and Aaron's new book comes in. The book covers each of the tools and provides a full explanation of each; the two most useful tools (Process Explorer and Process Monitor) each get a chapter all their own, but even the most trivial of the utilities in the collection gets a page of coverage.

As a developer myself, my favorite parts of the book are where the authors reveal some of the tools' "secrets", explaining how they accomplish some interesting task. My other favorite parts of the book are the "Case of the..." sections that comprise the last three chapters--each section explains how the authors (or their colleagues) have used one or more of the Sysinternals tools to solve a real-world problem. These sections are well-written, super-interesting, and provide a fantastic primer for turning what you've learned in the earlier chapters into real-world results.

The book includes tons of facts about Windows itself that I'd forgotten or never picked up on to begin with. Over the years, Windows has added a number of features previously only available in the Sysinternals tools--the authors mention when this is the case, and compare and contrast the new Windows features to those in the Sysinternals utilities.

No book is perfect, of course. The book's structure enables the reader to jump directly to information about each specific tool, so anyone who reads the book cover-to-cover as I did will find some repetition of information between the sections and chapters. The authors' expectations of their readers' technical-savvy also seems uneven at some points--I was amused that a book that discusses kernel debugging and memory-manager design would take the time to footnote the meaning of the word "string" as it is used in software. But, on the whole, the book is very well-written.

If you develop or debug software on the Windows platform, this book will provide a great return on investment (purchase price and reading time).

Fred Sabin (President, New Jersey Computer Club) Review - October 13, 2011

Sysinternals is a free suite of advanced Microsoft Windows troubleshooting utilities, originally available from [...] , which now redirects to Microsoft's TechNet Web site at [...] . Written for IT professional and technical users, many are difficult to understand and use "as-is" without a significant understanding of operating systems.

This is why the "Windows Sysinternals Administrator's Reference" is so valuable. The book gives an overview of each tool, what it does, and how it does it. It provides background concept information with detailed instructions to facilitate learning, and as you use each tool you will gain experience that will allow you to develop a better understanding of the results.

For example, "Task Manager" is included with the Windows operating system to view processes running on your computer. It is relatively simple to use, but it lacks the detailed information necessary to assist in solving anything but the most basic problems. Sysinternals "Process Explorer" (Procexp) is a utility that provides significantly more detailed information, and the initial process tree will make this readily apparent. Unfortunately, as you delve deeper the situation becomes more complex and difficult to understand to those with limited technical training or experience. That is where this book will be a benefit to you. It will assist you in knowing what the information means, and where to go for additional information (or the next step).

If you are not familiar with "Task Manager" and how to use it, then these utilities will probably be of little use to you. If you do understand and use "Task Manager" but find it lacks the more detailed information that you need, then these tools and this book can probably take you to another level of understanding. If you find "Task Manager" too basic and simple to use then you probably already know about sysinternals, but this book might still be a valuable reference.

To supplement this book, Microsoft's TechNet website at [...] has a "Sysinternals Learning Resources" webpage with articles, videos, training, etc., as well as recordings of "Mark's Webcasts". David Solomon has a video library on his [...], and there is a Sysinternals Forum at [...] . All of these websites and more can be found with a Google search for "sysinternals".

To better evaluate if this book would benefit you, I would suggest that you first visit these websites to get a better feel for what utilities are included in sysinternals and what they do. If still interested, I would then download and use the sysinternals suite, and finally consider getting the book if you want to maximize your experience in using them. This book is an excellent learning tool and reference, but it is also a technical guide for technical users for a suite of technical utilities.

If you are a Network Admin, System Admin, or a Programmer you need this book. These tools give you a quick and easy view into Windows and helps you solve problems quickly. The more use these tools the more they will amaze you. What a time saver!!