Utilizing SysteInternals (Channel 9 Course : http://channel9.msdn.com/Series/sysinternals/01)

Mod 1 : Introduction (http://channel9.msdn.com/Series/sysinternals/01)

• Imp SysInternals tools 

1. ProcessExplorer (Most Popular)
2. ProcessMonitor  (Most Popular)
3. PSTools
4. AutoRuns

• Mod 3 - Process Explorer (http://channel9.msdn.com/Series/sysinternals/03)

Could be used

1. as Advance (IT Pro) version of Task Manager.
2. to see all Threads associated with a Process
3. to see Stack Trace, Number of Context Switches of a Thread
4. to check which Process is having handle for a File.
5. to check if a Process has open TCP-IP connections. Shows to which IP addresses current Process is connected to.
6. Process Explorer (like many other SysInternals tools) can connect to a remote machine and show Process information for that machine.
7. Process Explorer could be configured so that whenever user sees Process Explorer instead of System Task Manager.
8. When an error message is shown and its source is not known. Bullet Eye functionality could be used  could be used to see which Process is associated with that message.
9. SvcHost.exe is service host process. Process Explorer shows additional tab called Services in Properties window for Process Explorer. Process Explorer could be used to see which services are hosted by given instance of SvcHost.exe
10. Good practice to Add columns Version, Integrity and Virtualized to Process Explorer.
11. Microsoft doesn't Test Windows with disabling IPv6. So do not disable it without thorough testing.

• Mod 4 - Process Monitor (http://channel9.msdn.com/Series/sysinternals/04)

1. This tool is combination of FileMon (File Monitor) and RegMon(Registry Monitor).
2. When to use Process Monitor : DLL corruptions, Configuration issues, Performance Diagnostics,
3. By default Process Monitor displays Activities in Registry,File System, Processes (Process, Thread, DLL and Device Driver load operations) and Profiling (User and Kernal CPU time consumed, Number of context switches).  Networking (TCP and UDP network activity including source and destination address).
4. 'Boot Monitoring' : Enabling this start Process Monitor on boot. Process Monitor will collect Trace since boot. 
5. Process Activity Summary : 

• Mod 5 - PsTools(http://channel9.msdn.com/Series/sysinternals/05)
• PsExec : This command line tool is used to run remote commands.

"PSExec.exe \\RemotePC cmd" This command will start command prompt on remote machine named RemotePC. Subsequent commands entered in command propmt will actually be run against RemotePC.

• PSInfo : Gives information of the system. Could be run remotely.
• PSFile :
• PSKill : Enables killing process on remote machines 
• PSService : Displays Configuration,Dependencies and Status of Windows services.

• Mod 6 - AutoRuns(http://channel9.msdn.com/Series/sysinternals/06)

1. Very useful application to run automatically running application. Shows Applications which run on Logon, Services which run on Startup, Scheduled Tasks and many more.