Sysinternals

Windows Sysinternals is a website that offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Originally, the Sysinternals website (formerly known as ntinternals ) was created in 1996 and was operated by the company Winternals Software LP, which was located in Austin, Texas. It was started by software developers Bryce Cogswell and Mark Russinovich. Microsoft acquired Winternals and its assets on July 18, 2006.

The website featured several freeware tools to administer and monitor computers running Microsoft Windows. The software can now be found at Microsoft. The company also sold data recovery utilities and professional editions of their freeware tools.

Winternals Software LP
Winternals Software LP was founded by Bryce Cogswell and Mark Russinovich, who sparked the 2005 Sony BMG CD copy protection scandal in an October 2005 posting to the Sysinternals blog.

On July 18, 2006, Microsoft Corporation acquired the company and its assets. Russinovich explained that Sysinternals will remain active until Microsoft agrees on a method of distributing the tools provided there. However, NT Locksmith, a Windows password recovery utility, was immediately removed. Most of the source that Sysinternals provided was also removed. Currently, the Sysinternals website is moved to the Windows Sysinternals website and is a part of Microsoft Docs.

In late 2010, Bryce Cogswell retired from Sysinternals.

Products
Windows Sysinternals supplies users with numerous free utilities, most of which are being actively developed by Mark Russinovich and Bryce Cogswell, such as Process Explorer, an advanced version of Windows Task Manager, Autoruns, which Windows Sysinternals claims is the most advanced manager of startup applications, RootkitRevealer, a rootkit detection utility, Contig, PageDefrag and a total of 65 other utilities. NTFSDOS, which allowed NTFS volumes to be read by Microsoft's MS-DOS operating system, is now discontinued and is no longer available for download. A larger number of these utilities are nowadays bundled by the publishers for the sake of simpler downloading of all, or most, current versions in the so-called Sysinternals Suite.

Previously available for download was the Winternals Administrator Pak which contained ERD Commander 2005, Remote Recover 3.0, NTFSDOS Professional 5.0, Crash Analyzer Wizard, FileRestore 1.0, Filemon Enterprise Edition 2.0, Regmon Enterprise Edition 2.0, AD Explorer Insight for Active Directory 2.0, and TCP Tools.

On May 18, 2010 Sysinternals released its first new utility since its acquisition by Microsoft. Named RAMMap, it is a diagnostic utility similar to the memory tab of Windows Resource monitor, but more advanced. RAMMap runs only on Windows Vista and later. A system event monitoring tool, Sysmon, was released in 2014, which can collect and publish system events that are helpful for security analysis into the Windows Event Log.

In November 2018, Microsoft confirmed it is porting Sysinternals tools, including ProcDump and ProcMon, to Linux.

Licensing issue with Best Buy
In April 2006, Geek Squad, a tech support company working in cooperation with Best Buy, was accused of using unlicensed versions of the ERD Commander software. Winternals supplied Best Buy with copies of its software so that Best Buy could evaluate the software while conducting contract negotiations for using it on a permanent basis. When contract talks broke down Best Buy did not notify its Geek Squad Agents to stop using the software and discard all copies. A judge granted a restraining order on April 14, requiring that use of all unlicensed software be stopped, and forcing Best Buy to turn over all copies of Winternals software within 20 days. After settlement, a version of the Winternals software was released to be used by Geek Squad.