MVA Workshop: Troubleshooting Windows Systems with SysInternals Tools (40076A)

In this one-day MVA Workshop, students will get hands-on practice diagnosing, analyzing, and troubleshooting systems with the Windows Sysinternals suite of tools. This workshop is designed to enhance and extend the learning from the Utilizing Sysinternals Tools for IT Pros Microsoft Virtual Academy (MVA) video series. In this workshop, students will explore the most commonly used tools from the Sysinternals suite, including Process Explorer, Process Monitor, PsTools, and Autoruns. As a requirement for the workshop, students are expected to view the MVA videos to prepare for participation in the workshop. In the workshop sessions, a facilitator will lead students through short presentations that review the MVA material, hands-on labs, and class discussions. The majority of the time is spent on hands-on practice and exploration of the tools.

Audience Profile
This workshop is intended for IT Professionals that provide Tier 2 support to users running Windows-based desktops and devices in small business environments to large enterprise organizations. In general, these enterprise and small business desktop support professionals focus on a broad range of technical issues related to Windows operating systems, devices, cloud services, applications, networking, and hardware support. These IT Professionals are responsible for the maintenance and support of desktops and devices, installing and testing line-of-business applications on these devices, and physically making changes to user devices or re-imaging devices as required.
The workshop is also designed for learners who prefer a compact and self-directed learning experience. The lab sessions will help learners gain an understanding of the features and capabilities of the key diagnostic tools in the Sysinternals suite.

Before attending this course, students must have:
  • Have viewed the Utilizing Sysinternals Tools for IT Pros MVA video course. (The course can be accessed for free at
  • Familiarity with the basics of the Windows architecture
  • Working experience and background knowledge of Windows 7 and Windows 8-based systems
  • Interest in improving the performance of Windows-based devices and solving associated problems
After completing this workshop, students will be able to:
  • Examine the benefits of the Sysinternals suite of tools.
  • Describe the capabilities of the most commonly used tools in the Sysinternals suite.
  • Use the Sysinternals tools to effectively troubleshoot Windows client performance issues.
Show details
Course Outline

Module 1: Introducing the Sysinternals Tools for Windows Client

This unit provides a brief introduction to the Sysinternals Suite of tools and allows students to download and configure the tools for use in subsequent labs. 

Module 2: Understanding Windows Core Concepts
This unit covers basic Windows Internals concepts such as memory management and how threads and processes interact. Students use tools such as Process Explorer, Performance Manager, and Task Manager to explore the various data structures discussed in this unit.

Module 3: Exploring Process Explorer
This unit provides students with a closer look at Process Explorer. In the lab, students have the opportunity to work with Process Explorer to obtain information such as the program that has a particular file or folder open and the associated dynamic-link libraries (DLLs) that the processes have opened or loaded.

Module 4: Process Monitor
This unit introduces Process Monitor for performing real-time monitoring of the file system, registry, and process and thread activity. Students will learn how to use Process Monitor to help troubleshoot Windows devices and find related diagnostic information.

Module 5: PsTools
This unit introduces some of the commonly used PsTools command-line utilities that can be used to manage remote and local computers. In the lab, students will use PsTools to obtain information about system components, folder permissions, number of processors, and disk volumes. They will also use PsTools to terminate processes and to translate machine and user account names to their security identifiers (SIDs).

Module 6: Autoruns
This unit focuses on the enhanced Task Manager in Windows 8.1 and Autoruns, which is one of the Sysinternals tools. These tools help in identifying the apps and services that start automatically when a computer starts.