9 SysInternals tools that should be built into Windows

Windows is a popular OS for a reason — the versatility and range of built-in features it provides for users. However, you might often feel it lacks troubleshooting or system monitoring tools required to fix your system issues. That’s where SysInternals tools come into play. It’s a collection of powerful tools developed by the team at Microsoft for power users, IT professionals, or anyone who likes to have more control over their system. Many of these tools offer deep insights into your system, from advanced process monitoring to network activity to managing startup programs and more. While Windows does have tools like Task Manager or Event Viewer, the SysInternals tools are more advanced and better in many ways.

SystInternals is bundled with more than 70 options, but here are the nine that are so useful that I would like them to be included in Windows by default.

Related

10 Windows features you may have forgotten about

Do you remember these?

9

Process Explorer (procexp.exe)

See what’s really running on your system.

Process Explorer is one of the most popular SysInternals tools and is often described as the Windows Task Manager on steroids, and for good reason. While Task Manager gives you a basic overview of running processes, Process Explorer dives much deeper. It provides a detailed, real-time view of all running processes, including their relationships, resource usage, and even the files they’ve opened.

One of the unique features of Process Explorer that I liked the most is its tree view, which shows the parent-child relationships between processes. This is incredibly useful for understanding how processes are interconnected. For example, you can see which processes were launched by another application or service. Other than that, Process Explorer gives you insights into resource usage in real-time, such as CPU, memory, and disk activity. This makes it easy to identify processes that are hogging resources and causing slowdowns. Further, you can check if any process is malicious by simply right-clicking on it and selecting the Check on VirusTotal.com option.

The tool also shows which files or DLLs a specific process is using. This can help you identify and troubleshoot issues like locked files or missing dependencies. For instance, if you’re trying to delete a file, but it’s in use, Process Explorer can tell you which process is holding onto it. It’s much better than the built-in Task Manager.

Related

Should you use a Windows Task Manager alternative?

You might have heard of Task Manager alternatives for Windows 11, but should you use one?

8

Process Monitor (procmon.exe)

Monitor system activity in real-time

Process Monitor, or ProcMon, is another indispensable tool in the SysInternals suite. It seems similar to Process Explorer but has different usability. It’s basically a real-time monitoring tool that records file system, registry, and process activity. Essentially, it takes note of every action happening on your system, from file reads and writes to registry changes and network activity.

The powerful ProcMon tool lets you filter the results to narrow down the log to focus on a specific process, file type, or registry key. This helps me diagnose problems with my system, like slow performance, application errors, or unusual behavior. For example, if a program crashes, ProcMon will help you see what it was doing right before the crash. ProcMon also highlights operations that result in errors, making it easier to pinpoint the root cause of a problem. For instance, if an application fails to read a file, ProcMon will show you exactly where and why the error occurred.

While Windows has built-in tools like Event Viewer, it doesn’t offer the same level of real-time, granular detail as ProcMon. Integrating this tool into Windows would make troubleshooting much more efficient and accessible for all users.

7

Autoruns (autoruns.exe)

Take control of your startup programs and processes

Autoruns is a tool that shows you every program, service, and driver that starts with Windows. It’s far more comprehensive than the Startup tab in Task Manager, which only lists a fraction of the items that actually run at startup.

With Autoruns, you can see startup entries from the registry, startup folders, scheduled tasks, browser extensions, and more. This level of detail is crucial for identifying and removing unwanted programs that slow down your boot time or compromise your system’s security. For example, you might discover a piece of bloatware or even malware that’s set to run at startup.

Autoruns also allows you to disable or delete unwanted entries with a single click. You can also check whether a startup program is malicious by checking it through Virustotal.com. It also highlights the entries that are malicious through color code, making it easier for you to spot potential malware. All these features collectively improve your system’s performance, speed up the boot time, and reduce the risk of security vulnerabilities. Given how important startup management is for system performance and security, Autoruns should be a built-in feature of Windows.

6

TCPView (tcpview.exe)

See all active network connections

TCPView is a network monitoring tool that gives you detailed information about TCP and UDP connections on your Windows device. It shows which processes are using network connections on your system, the remote IP addresses and ports they’re communicating with, and the state of each connection.

The network details have become incredibly useful in monitoring network activities and identifying potential security and privacy threats. If you notice a connection to an unfamiliar IP address, you can investigate further to determine whether it’s legitimate or malicious. TCPView also lets you close connections if needed, giving you control over your system’s network activity.

While Windows has basic network monitoring tool in the form of Resource Monitor, it doesn’t provide the detailed and same real-time view of network connections as TCPView. Integrating this tool into Windows would make it easier for users to monitor and secure their network activity.

5

SDelete (sdelete.exe)

Securely delete files and free up space

SDelete (secure delete) is a command-line tool that securely deletes files and cleans free space on your drive. Unlike the standard delete function on Windows, which simply marks files as deleted, SDelete overwrites the data to prevent recovery.

This is especially important for protecting sensitive information. For example, if you’re selling or donating a computer, you’ll want to ensure that no residual data remains on the drive. SDelete can also clean free space, ensuring that previously deleted files can’t be recovered.

While Windows has a built-in disk cleanup tool, it doesn’t offer secure deletion. Integrating SDelete into Windows would provide users with a simple, effective way to protect their data.

4

ZoomIt (zoomit.exe)

Enhance presentations and screen sharing

ZoomIt is a screen zoom and annotation tool designed for presentations and troubleshooting. It allows you to zoom in on specific areas of the screen, draw on the screen for emphasis, and even include a timer for presentations.

This tool is incredibly useful for educators, presenters, and IT professionals. For example, if you’re giving a presentation, you can use ZoomIt to highlight key points or demonstrate a process. If you’re troubleshooting an issue, you can use it to draw attention to specific parts of the screen.

While Windows has some basic screen magnification tools, they don’t offer the same level of functionality as ZoomIt. Integrating this tool into Windows would make it easier for users to create engaging presentations and troubleshoot issues effectively.

3

RamMap (rammap.exe)

Understand how your memory is being used

RamMap provides a detailed view of how your system’s physical memory is allocated. It shows memory usage by process, driver, and file, helping you identify memory leaks or inefficient memory usage.

This tool is particularly useful for diagnosing performance issues. For example, if your system is running slowly, you can use RamMap to see which processes are using the most memory. You can also clear unused memory to improve system performance. While Windows Task Manager shows basic memory usage, RamMap is a dedicated tool and offers a deeper analysis and can be more useful if available built-in.

2

PendMoves (pendmoves.exe)

See pending file operations

PendMoves is one of the tools that I dearly want to be included in the Windows ecosystem. It basically lists files that are scheduled to be moved or deleted on the next reboot. This is useful for troubleshooting issues where files can’t be modified or deleted. For example, if you’re trying to delete a file but it’s in use, PendMoves can show you whether the operation is pending and what program is holding the file. You can also use it to clear pending operations if needed. While Windows doesn’t provide a built-in way to view pending file operations, PendMoves solves this problem.

1

BgInfo (bginfo.exe)

Display system information on your desktop.

BgInfo is a simple yet powerful tool that automatically generates a desktop background displaying key system information. This can include details like your IP address, computer name, available memory, and more.

The tool can be customized to your liking. You can choose which information to display and how it’s formatted. You can add or remove fields, change the font and colors, and even include custom text. BgInfo updates automatically as system details change, ensuring the information is always accurate.

The tool is particularly useful for IT professionals who need quick access to system details, but it’s also handy for casual users who want to monitor their system’s status. While Windows doesn’t offer a built-in way to display system information on the desktop, BgInfo fills this gap perfectly.

Microsoft, please pay attention

SysInternals tools have long been widely popular among power users for their ability to enhance system troubleshooting, security, and performance monitoring. However, despite being so much more useful than many current in-built Windows features, SysInterals tools are required to be manually downloaded, installed, and run separately. I agree that not all of them are useful and accessible for regular users. Still, if the ones listed above are integrated with Windows OS, users will get so much benefit in diagnostic and troubleshooting without additional effort.

Having these tools would make Windows OS even more functional and enhance its usability for both everyday users and power users. As a Windows user, I would love to have such tools at my fingertips without installing or purchasing any additional software package. Microsoft, please have a note.

Related

5 things I wish Windows tried to do better

Windows 11 has a lot of negatives, but here are the ones Microsoft should focus on the most