Defrag Tools: #81 - Aaron Margosis

Sign in to queue

Description

In this episode of Defrag Tools, Andrew Richards and Chad Beeder are joined by Aaron Margosis to talk about the Sysinternals book he co-authored, and demos an Application Installation Recorder that leverages Process Monitor and PowerShell.

Resources:
Windows Sysinternals Administrator's Reference
Aaron Margosis' Non-Admin, App-Compat and Sysinternals WebLog
Microsoft's USGCB Tech Blog

Timeline:

[00:00] - Aaron Margosis!
[01:50] - Windows Sysinternals Administrator's Reference
[03:15] - New edition. It's v2, but not called v2
[04:35] - Mark's Case of the Unexplained... talks
[08:03] - Aaron's Sysinternals Primer talks
[10:56] - Installing a 32bit application with a 16bit installer
[12:20] - Capture the 16bit installer's execution with Process Monitor
[15:10] - Sysinternal Sigcheck confirms that it is a 16bit app
[21:21] - [Side track] Parent Process
[23:00] - Save as XML in Process Monitor
[24:26] - PowerShell script to report the file and registry operations
[26:52] - System32 vs SysWOW64 vs SysNative
[29:53] - PowerShell script to harvest the file and registry operations
[33:33] - Moving folders from C:\ to C:\Program Files
[36:15] - Email us your issues at defragtools@microsoft.com

 

Embed

Download

The Discussion

  • User profile image
    Vincent Murphy

    Great stuff. I await Aaron's code with interest to build a Powershell script for automated provisioning on Azure VMs.

  • User profile image
    David McDonald

    Great show! All I can say is WOW, or is it WOW64?

  • User profile image
    Marc

    Ah crap - I just bought a copy of Sysinternals Admin Reference... and now there's a new version coming out! No mention of date though (unless I missed it). Hope the majority of info in the current version still applies to the new tools.

  • User profile image
    Aaron​Margosis

    Marc, don't worry -- it'll be a while before the next edition comes out.

Add Your 2 Cents