Defrag Tools: #81 - Aaron Margosis

Play Defrag Tools: #81 - Aaron Margosis
Sign in to queue


In this episode of Defrag Tools, Andrew Richards and Chad Beeder are joined by Aaron Margosis to talk about the Sysinternals book he co-authored, and demos an Application Installation Recorder that leverages Process Monitor and PowerShell.

Windows Sysinternals Administrator's Reference
Aaron Margosis' Non-Admin, App-Compat and Sysinternals WebLog
Microsoft's USGCB Tech Blog


[00:00] - Aaron Margosis!
[01:50] - Windows Sysinternals Administrator's Reference
[03:15] - New edition. It's v2, but not called v2
[04:35] - Mark's Case of the Unexplained... talks
[08:03] - Aaron's Sysinternals Primer talks
[10:56] - Installing a 32bit application with a 16bit installer
[12:20] - Capture the 16bit installer's execution with Process Monitor
[15:10] - Sysinternal Sigcheck confirms that it is a 16bit app
[21:21] - [Side track] Parent Process
[23:00] - Save as XML in Process Monitor
[24:26] - PowerShell script to report the file and registry operations
[26:52] - System32 vs SysWOW64 vs SysNative
[29:53] - PowerShell script to harvest the file and registry operations
[33:33] - Moving folders from C:\ to C:\Program Files
[36:15] - Email us your issues at




The Discussion

  • User profile image
    Vincent Murphy

    Great stuff. I await Aaron's code with interest to build a Powershell script for automated provisioning on Azure VMs.

  • User profile image
    David McDonald

    Great show! All I can say is WOW, or is it WOW64?

  • User profile image

    Ah crap - I just bought a copy of Sysinternals Admin Reference... and now there's a new version coming out! No mention of date though (unless I missed it). Hope the majority of info in the current version still applies to the new tools.

  • User profile image

    Marc, don't worry -- it'll be a while before the next edition comes out.

Add Your 2 Cents