This collection of 12 server tools has been around for several years, but is not as well known as other Sysinternals products, like registry monitoring tool Process Monitor, for example.
"PsTools are really little hidden gems," said Kevin Beaver, owner of Principle Logic LLC, a security consultant company in Acworth, Ga. "I find when I go onsite to many of my customers, most of the people haven't heard of them."
Beaver uses a PsTool called PsFile to pinpoint open files that have become inaccessible. Without a tool like PsFile, an IT manager would have to manually go through the server's directories to find the locked file.
He also uses PsKill to find processes that are hung up because of malware or other malicious software.
PsTools are a must have for any IT manager in charge of multiple remote sites, said Clyde Johnson, a senior network and systems engineer at HCC Aegis Inc. in New Bedford, Mass. Johnson is responsible for eight sites nationwide and additional international sites.
Without PsTools, Johnson said it is hard to find the root cause of an OS issue such as a corrupted file, which is often undetectable while working in native-mode. System crashes are also avoided with PsTools, while many other tools interact poorly with different operating system versions and applications, he said.
Another benefit of the tools lies in the ability to administer a Windows box like a Unix box, said Greg Shields, a security consultant and author in Denver, Colo. "If you've got a little scripting and command-line experience, these tools let you do tasks that are otherwise very painful," he said. "They're a step up from [Windows] PowerShell commands, and IT administrators are doing themselves a disservice if they don't use them."
Starting with Windows NT, Windows servers gained remote administration capabilities that have progressively improved, but these native tools are not as easy to access or use as PsTools, Johnson said.
Also in this tool set is PsInfo. It provides information about the processes on a given Windows NT or Win 2000 server, such as the type of installation, kernel builds, registered organization and owner, number and type of processors, amount of physical memory and the install date of the system.
Microsoft became the owner of Sysinternals tools in July 2006 when it bought Winternals Software LP, which was founded in 1996 by Mark Russinovich and Bryce Cogswell. Sysinternals was the Web site for Winternals, with forums, articles and software tools for Windows systems. The two men are now part of Microsoft and Russinovich continues to blog about Windows systems issues.