Archives
-
The Case of the Installer Service Error
This case unfolds with a network administrator charged with the rollout of the Microsoft Windows Intune client software on their network. Windows Intune is a cloud service that manages systems on a corporate network, keeping their software up to date...(read more)
-
Fixing Disk Signature Collisions
Disk cloning has become common as IT professionals virtualize physical servers using tools like Sysinternals Disk2vhd and use a master virtual hard disk image as the base for copies created for virtual machine clones. In most cases, you can operate with...(read more)
-
The Case of the Mysterious Reboots
This case opens when a Sysinternals power user, who also works as a system administrator at a large corporation, had a friend report that their laptop had become unusable. Whenever the friend connected it to a network, their laptop would reboot. The power...(read more)
-
The Case of the Hung Game Launcher
I love the cases people send me where the Sysinternals tools have helped them successfully troubleshoot, but nothing is more satisfying than using them to solve my own cases. This case in particular was fun because, well, solving it helped me get back...(read more)
-
Troubleshooting with the New Sysinternals Administrator’s Reference
Aaron Margosis and I are thrilled to announce that the long awaited, and some say long overdue, official guide to the Sysinternals tools is now available ! I’ve always had the idea of writing a book on the tools in the back of my mind, but it wasn’t until...(read more)
-
How to add comment for a GPO with PowerShell
You might have seen GP MVP Jeremy Moskowitz’s post on how to recycle GPO comments. While Jeremy points out you can do this without a script…. You can also do it with a script! Our tech writer, Judith, walks us through the process:
-
Listing all GPOs in the current forest
This post was written by Judith, a technical writer for Group Policy. This is the second post in a series on ways to use Powershell with Group Policy. See the first post on getting started with RSAT and Group Policy
-
RSAT & GP Cmdlets
This post was written by Judith, a technical writer for Group Policy. This will be the first post in a series on ways to use Powershell with Group Policy
-
Get GPO Backup with Powershell
Jeff Hicks, one of Microsoft’s Powershell MVPs, has written a great script for managing GPO backups:
-
Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3
In the first post of this series , I used Autoruns , Process Explorer and VMMap to statically analyze a Stuxnet infection on Windows XP. That phase of the investigation revealed that Stuxnet infected multiple processes, launched infected processes that...(read more)
-
The Zero Day Book Trailer
I just got back the finished version of the video trailer for my new cyber thriller Zero Day , which I think came out awesome! It’s not hard to imagine what a Zero Day movie trailer would look like. Let me know what you think. Zero Day Book Trailer...(read more)
-
Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 2
In Part 1 I began my investigation of an example infection of the infamous Stuxnet worm with the Sysinternals tools. I used Process Explorer , Autoruns and VMMap for a post-infection survey of the system. Autoruns quickly revealed the heart of Stuxnet...(read more)
-
Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1
Though I didn’t realize what I was seeing, Stuxnet first came to my attention on July 5 last summer when I received an email from a programmer that included a driver file, Mrxnet.sys, that they had identified as a rootkit. A driver that implements rootkit...(read more)
-
Zero Day is Here!
I’m excited to announce that my first novel, a cyber thriller entitled Zero Day , is now available at all major book retailers! Zero Day is a book in the style of Crichton and Clancy, weaving technical fact into the story. If you like the Sysinternals...(read more)
-
The Case of the Unusable System
This post continues in the malware hunting theme of the last couple of posts as Zero Day availability draws near (it’s available tomorrow!). It began when a friend of mine at Microsoft told me that a neighbor of hers had a laptop that malware had rendered...(read more)
-
The Case of the Sysinternals-Blocking Malware
Continuing the theme of focusing on malware-related cases (last week I posted The Case of the Malicious Autostart ) as a lead up to the publication on March 15 of my novel Zero Day , this post describes one submitted to me by a user that took a unique...(read more)
-
The Case of the Malicious Autostart
Given that my novel, Zero Day , will be published in a few weeks and is based on malware’s use as a weapon by terrorists, I thought it appropriate to post a case that deals with malware cleanup with the Sysinternals tools. This one starts when Microsoft...(read more)
-
The Cases of the Blue Screens: Finding Clues in a Crash Dump and on the Web
My last couple of posts have looked at the lighter side of blue screens by showing you how to customize their colors. Windows kernel mode code reliability has gotten better and better every release such that many never experience the infamous BSOD. But...(read more)
-
Announcing Zero Day, the Novel!
You’ve seen the news if you’re my friend on Facebook , follow me on Twitter , or subscribe to the Sysinternals blog : I’m proud to announce that my first novel, a cyberthriller entitled Zero Day , is due to be published by St. Martin’s Press in mid-March...(read more)
-
Copy and Merge GPOs through Powershell
Ashley McGlone has a great script up for merging GPOs together through powershell.
-
“Blue Screens” in Designer Colors with One Click
My last blog post described how to use local kernel debugging to change the colors of the Windows crash screen, also known as the “blue screen of death”. No doubt many of you thought that showing off a green screen of death or red screen of death to your...(read more)