The Dude’s Greatest Hits

As requested by several customers, I’m putting up a list of tools I find useful in troubleshooting, etc…

First up….

Data Gathering

I use the following tools to gather data from systems.  Each has its own place, much like a mechanic has many tools, so does the average engineer…

PFE MPS Reports.  I use these a lot to get a full snapshot of what a system looks like.  It bundles up all the data into a compressed cabinet file for easy transport and review.

The Windows System State Analyzer comes in handy for analyzing clusters or systems that are supposed to be the same…(updated version for 7 here

Process Monitor is good for a verbose bootlog of a system (amongst other things).

Process Explorer is a bit more verbose than Task Manager.

UserEnv Logging is handy for troubleshooting Group Policy application problems.

Verbose vs Standard logging of the transition states is something I recommend for all Enterprise environments.

 Microsoft Hyper-V VM State to Memory Dump Converter is quite handy at times.

Performance Issues

Performance Analyzer of Logs written by my buddy in Washington State, the very own Clint Huffman!  PAL was recently named one of the top 15 open-sourced tools for Windows troubleshooting, and the honor is deserved.  PAL will turn your perfmon files into works of art (if your idea of art is a HTML file with graphs anyway).  I can’t say enough about this tool, it’s the corner stone of sane troubleshooting.

I use xperf a bit from the Windows Performance Toolkit in the Windows 7 SDK.


DebugDiag 1.2 of course.

WinDBG from the Debugging Tools for Windows.

Network Issues

Network Monitor 3.4.  I use this quite a bit, partly because it can consume the etl network results of a netsh boot trace of the network stack.

I also use some Netmon Experts located on codeplex here.

This one can be used to decrypt SSL traffic.

And I sometimes use this one as well.

Memory Issues

RAMMAP can be used to see what is consuming RAM.

Poolmon I use to analyze the Non-Paged and Paged Pool Memory in the Kernel mode memory space.

VMMAP can be used to see what is consuming memory in the Virtual Memory of a process.

Security Tools

Microsoft Standalone System Sweeper Beta

Malicious Software Removal Tool

Microsoft Safety Scanner


I use FCINFO to analyze HBA issues.

I use ERR all the time.  Use it to translate those pesky hex code errors.

I use Disk2VHD to convert physical machines to Hyper-V VMs.  It would also be a good tool for making an image of a machine for legal discovery perhaps.

Mouse without Borders is a cool Garage project that bubbled up to the real world.  Software KVM

RDCMAN is another cool tool for managing lots of machines.

Microsoft Shared View is pretty cool too.

Finally, never configure GPOs without consulting: or Microsoft Security Compliance Manager.


Leave a comment

Your email address will not be published. Required fields are marked *

Exit mobile version