Getting the latest version of Sysinternals’ tools

You can easily grab the latest version of any Sysinternals tool pointing your browser to https://live.sysinternals.com

Say you want to run Process Monitor, point your browser to:

https://live.sysinternals.com/procmon.exe

and voila!

All browsers will download the file to your system, but Internet Explorer and Edge will give you the option to run the tool automatically as soon as it finishes downloading.

But here’s a neat trick I learned today while reading the first chapter of Troubleshooting with the Windows Sysinternals Tools (2nd Edition):

You can run any Sysinternals tool directly from a UNC path such as the following:

\\live.sysinternals.com\tools\procmon.exe

Being a UNC share, you can map it as a local drive and use it from Windows Explorer, from the command line or from PowerShell.

The book goes on to tell that for this to work, a Windows Service called WebClient needs to be running.

On recent versions of Windows it is stopped by default. There are a handfull of ways to start the service – both explicitly and implicitly. Some of them require user elevation, others don’t, but the neatest way I didn’t find in the book:

pushd \\live.sysinternals.com\tools

pushd will map the share to the first available drive starting from z: and change the current directory to it.

Although running this way is kind of slow (the files are being downloaded from the internet after all…), it is still usefull for those situations where you wanna get in, do whatever you gotta do, and leave without having to worry about deleting any files later.

When you’re ready to remove the mapping, popd will remove it and change the directory back to the one that was current when you pushd in.

 

Leave a Reply