MVA Workshop: Troubleshooting Windows Systems with SysInternals Tools

Code: 40076
Course duration: 1 days

40076 - MVA Workshop: Troubleshooting Windows Systems with SysInternals Tools (1 Day)

About This Workshop
In this one-day MVA Workshop, students will get hands-on practice diagnosing, analyzing, and troubleshooting systems with the Windows Sysinternals suite of tools. This workshop is designed to enhance and extend the learning from theUtilizing Sysinternals Tools for IT ProsMicrosoft Virtual Academy (MVA) video series. In this workshop, students will explore the most commonly used tools from the Sysinternals suite, including Process Explorer, Process Monitor, PsTools, and Autoruns. As a requirement for the workshop, students are expected to view the MVA videos to prepare for participation in the workshop. In the workshop sessions, a facilitator will lead students through short presentations that review the MVA material, hands-on labs, and class discussions. The majority of the time is spent on hands-on practice and exploration of the tools.
Audience Profile
This workshop is intended for IT Professionals that provide Tier 2 support to users running Windows-based desktops and devices in small business environments to large enterprise organizations. In general, these enterprise and small business desktop support professionals focus on a broad range of technical issues related to Windows operating systems, devices, cloud services, applications, networking, and hardware support. These IT Professionals are responsible for the maintenance and support of desktops and devices, installing and testing line-of-business applications on these devices, and physically making changes to user devices or re-imaging devices as required.

The workshop is also designed for learners who prefer a compact and self-directed learning experience. The lab sessions will help learners gain an understanding of the features and capabilities of the key diagnostic tools in the Sysinternals suite.
At Workshop Completion
After completing this workshop, students will be able to:
  • Examine the benefits of the Sysinternals suite of tools.
  • Describe the capabilities of the most commonly used tools in the Sysinternals suite.
  • Use the Sysinternals tools to effectively troubleshoot Windows client performance issues.

Workshop OutlineSession 1: Introducing the Sysinternals Tools for Windows Client

This unit provides a brief introduction to the Sysinternals Suite of tools and allows students to download and configure the tools for use in subsequent labs.

Lab : Preparing for the Labs

  • Configuring Your System to Run the Sysinternals Tools
After completing this unit, students will be able to:
  • Download, configure, and run the Sysinternals tools.
  • Disable the security warning.
  • Explore the Sysinternals tools that they will be using in this workshop.

Session 2: Understanding Windows Core ConceptsThis unit covers basic Windows Internals concepts such as memory management and how threads and processes interact. Students use tools such as Process Explorer, Performance Manager, and Task Manager to explore the various data structures discussed in this unit.Lab : Making Visible the Invisible

  • Analyzing Process Creation by Using Process Explorer
  • Looking at Processes and Threads
After completing this unit, students will be able to:
  • Use Process Explorer v16.04 to view the relationship between the parent and child processes.
  • Use Performance Monitor v3.1 and Task Manager to examine processes.
  • Use Process Explorer to examine threads and context switching.

Session 3: Exploring Process ExplorerThis unit provides students with a closer look at Process Explorer. In the lab, students have the opportunity to work with Process Explorer to obtain information such as the program that has a particular file or folder open and the associated dynamic-link libraries (DLLs) that the processes have opened or loaded.Lab : Working with Process Explorer

  • Using Process Explorer to View DLLs, Handles, Device Drivers, and Thread Priorities
After completing this unit, students will be able to:
  • Use Process Explorer v16.04 as the default program for viewing process information.
  • View DLLs and handles to open processes.
  • Map a system thread to a device driver.
  • View and adjust thread priorities.

Session 4: Process MonitorThis unit introduces Process Monitor for performing real-time monitoring of the file system, registry, and process and thread activity. Students will learn how to use Process Monitor to help troubleshoot Windows devices and find related diagnostic information.Lab : Working with Process Monitor

  • Tracking the System Loader Search for DLLs
  • Using Process Monitor to Find Application Registry Settings
  • Tracing a Process's Startup
  • Tracing Internet Explorer's Use of Windows Integrity Mechanisms
  • Viewing SRPs
After completing this unit, students will be able to:
  • Examine how the Windows operating system loader searches for dynamic-link libraries (DLLs).
  • Locate application registry settings.
  • Trace the startup of a process.
  • Trace how Internet Explorer uses Windows integrity mechanisms.
  • View software restriction policy (SRP) enforcement.

Session 5: PsToolsThis unit introduces some of the commonly used PsTools command-line utilities that can be used to manage remote and local computers. In the lab, students will use PsTools to obtain information about system components, folder permissions, number of processors, and disk volumes. They will also use PsTools to terminate processes and to translate machine and user account names to their security identifiers (SIDs).Lab : Working with PsTools

  • Obtaining System Information by Using PsTools
After completing this unit, students will be able to:
  • Find system information interactively across local or remote systems by using PsExec.
  • Obtain information about folder permissions by using Accesschk.
  • Obtain information about system components, number of processors, and disk volumes by using PsInfo.
  • Use PsKill to terminate a process.
  • Translate machine and user account names to their equivalent security identifiers (SIDs).

Session 6: AutorunsThis unit focuses on the enhanced Task Manager in Windows 8.1 and Autoruns, which is one of the Sysinternals tools. These tools help in identifying the apps and services that start automatically when a computer starts.Lab : Managing Autostart Apps

  • Working with Apps by Using Task Manager and Task Scheduler
  • Exploring Autoruns Options
After completing this unit, students will be able to:
  • Examine autostart processes.
  • Add an app to the autostart process.
  • Remove an app from the autostart process.
  • Use Autoruns to manage autostarts.
Before attending this course, students must have:
  • Have viewed theUtilizing Sysinternals Tools for IT ProsMVA video course. (The course can be accessed for free athttp://go.microsoft.com/fwlink/?LinkID=519353&clcid=0x409)
  • Familiarity with the basics of the Windows architecture
  • Working experience and background knowledge of Windows 7 and Windows 8-based systems
  • Interest in improving the performance of Windows-based devices and solving associated problems

Guaranteed to Run

2018-03-20 09:00 to 2018-03-23 17:00
Palm Beach County Florida (Instructor-Led)
2018-03-19 09:00 to 2018-03-23 17:00
Secaucus, New Jersey (Virtual Instructor-Led)
2018-03-01 09:00 to 2018-03-02 17:00
Palm Beach County Florida (Instructor-Led)

Course Reviews

No reviews found for this course.

Be the first to write a review