The 3 Most Useful Free Tools for Windows System Administrators (I)

The 3 Most Useful Free Tools for Windows System Administrators (I)
5 min read
10 November 2022

One of the biggest problems that a system administrator faces is the need to continuously “put out fires”, solving problems that require immediate action and spending little time on more relevant activities that allow improving the infrastructure in which they operate. It is not surprising that there are studies that say that the time a system technician spends to solve recurring problems represents more or less 80% of his day, while he spends only 20% of the time on operations, improvement, etc.

From Jotelulu we believe that we can help SysAdmin to optimize your work time, making small recommendations, such as drawing a page: a selection of some of the most useful tools for Windows system administration.

This time, we are going to review some of the tools provided by Microsoft, but not integrated with their versions of Windows. In these cases, it is necessary to download its knowledge base, currently called “Microsoft Docs“, and where large amounts of manuals, documentation, tutorials and tools such as these reside.

The tools we will discuss below are all included in “Microsoft SysInternals“, a set of tools and support for system technicians, created by Mark Russinovich in 1996.

Since we don't have time to analyze them all, we are going to talk about 3 tools that can be quite useful on a day-to-day basis, and that are probably the best among all the SysInternals tools (at least not from our point of view).

The selected tools are:

  • Process Explorer
  • ProcessMonitor
  • PSTools

Process Expor

Process Explorer is a great troubleshooting tool. It allows performing an exhaustive analysis of system performance, being able to find problems that are penalizing performance, in addition to helping us to detect malware or viruses.

This tool shows all processes in system usage, execution structure, and CPU and memory usage for each process. It also allows you to view other information, such as the commands used to start the process, the path to execute the process, and the system services related to the process.

The Process Explorer allows you to see, as in the case of the task manager, basic resource statistics, but also provides the name of the provider that created the process and a description of what the process is or what it executes.


Process Monitor is the perfect complement to the Process Explorer, and was designed to monitor and obtain additional information about each system process, to better understand what is happening.

It allows us to see what registry keys are to be used by a program and, therefore, where it stores its configuration and what changes are made each time an alteration occurs, what processes access different resources (such as file systems, network, connection to the Internet, etc.).

One of the things that makes this tool so powerful and efficient is its filtering capacity, which allows us to refine our searches and obtain extensive information about any process and its activities in the system.


PsTools is not an application, but a set of applications with similar purposes and functions. The functionality we refer to is non-UNIX System V-style process scanning, or rather, process snapshots.

There is a version of PowerShell for each of them, but many administrators will say that these tools are obsolete, or better, they are not necessary, so they can be replaced by corresponding PowerShell cmdlets. But it is much easier to use these commands than PowerShell does, working identically on any version of Windows.

The tools included in this package are:

  • PsExec: Allows you to execute processes remotely.
  • PsFile: Show open files remotely.
  • PsGetSid: Shows the SID of the computer or system.
  • PsInfo: Shows basic and very relevant information about the system.
  • PsKill: Allows to terminate processes in execution.
  • PsList: Shows lists of detailed information about the processes in execution.
  • PsLoggedOn: Shows that it is connected to the system, and reports whether it is facing locally or by shared resources.
  • PsLogList: Allows you to transfer the event log records.
  • PsPassword: Allows you to alter passwords.
  • PsPing: It is used to measure the performance of the network.
  • PsService: Allows you to view and control the system services.
  • PsShutdown: Allows you to force or restart or shut down the system, which is very useful in certain cases of saturation.
  • PsSuspend: Allows to suspend a process in execution.


In case you have found a mistake in the text, please send a message to the author by selecting the mistake and pressing Ctrl-Enter.
Comments (0)

    No comments yet

You must be logged in to comment.

Sign In / Sign Up