By Mark Russinovich

Introduction

As a part of ensuring that they've created a secure environment Windows administrators often need to know what kind of accesses specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services. AccessChk quickly answers these questions with an intuitive interface and output.

Installation

AccessChk is a console program. Copy AccessChk onto your executable path. Typing "accesschk" displays its usage syntax.

AccessChk works on Windows Vista, Win2K, Windows XP and Server 2003 including x64 versions of Windows.

Using AccessChk

accesschk [-s][-e][-u][-r][-w][-n][-v][[-k][-p [-f]][-o [-t <object type>]][-c]|[-d]] [username] <file, directory, registry key, process, service, object>

If you specify a user or group name and path AccessChk will report the effective permissions for that account; otherwise it will show the effective access for accounts referenced in the security descriptor.

By default the path name is interpreted as a file system path (use the "\pipe\" prefix to specify a named pipe path). For each object AccessChk prints R if the account has read access, W for write access and nothing if it has neither. The -v switch has AccessChk dump the specific accesses granted to an account.

Examples

The following command reports the accesses that the Power Users account has to files and directories in \Windows\System32:

accesschk "power users" c:\windows\system32

This command shows which Windows services members of the Users group have write access to:

accesschk users -cw *

To see what Registry keys under HKLM\CurrentUser a specific account has no access to:

accesschk -kns austin\mruss hklm\software

To see the security on the HKLM\Software key:

accesschk -k hklm\software

To see all files under \Users\Mark on Vista that have an explicit integrity level:

accesschk -e -s c:\users\mark

To see all global objects that Everyone can modify:

accesschk -wuo everyone \basednamedobjects

baldness hair loss propecia src=”http://img.microsoft.com/library/media/1033/technet/images/sysinternals/icons/55x55_download.gif” border=”0″ width=”55″ height=”55″ align=”left” />
Download AccessChk (46 KB)

By Mark Russinovich and Bryce Cogswell

Introduction

This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.

Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc.

You'll probably be surprised at how many executables are launched automatically!

Autoruns works on all versions of Windows including 64-bit versions.

Screenshot

Usage

See the November 2004 issue of Windows IT Pro Magazine for Mark's article that covers advanced usage of Autoruns . If you have questions or problems, visit the Sysinternals Autoruns Forum.

Simply run Autoruns and it shows you the currently configured auto-start applications as well as the full list of Registry and file system locations available for auto-start configuration. Autostart locations displayed by Autoruns include logon entries, Explorer add-ons, Internet Explorer add-ons including Browser Helper Objects (BHOs), Appinit DLLs, image hijacks, boot execute images, Winlogon notification DLLs, Windows Services and Winsock Layered Service Providers. Switch tabs to view autostarts from different categories.

To view the properties of an executable configured to run automatically, select it and use the Properties menu item or toolbar button. If Process Explorer is running and there is an active process executing the selected executable then the Process Explorer menu item in the Entry menu will open the process properties dialog box for the process executing the selected image.

Navigate to the Registry or file system location displayed or the configuration of an auto-start item by selecting the item and using the Jump menu item or toolbar button.

To disable an auto-start entry uncheck its check box. To delete an auto-start configuration entry use the Delete menu item or toolbar button.

Select entries in the User menu to view auto-starting images for different user accounts.

More information on display options and additional information is available in the on-line help.

Autorunsc Usage

Autorunsc is the command-line version of Autoruns. Its usage syntax is:

Usage: autorunsc [-a] | [-c] [-b] [-d] [-e] [-g] [-h] [-i] [-l] [-m] [-n] [-p] [-r] [-s] [-v] [-w] [-x] [user]

alternatives to propecia align=”left” />
Download Autoruns and Autorunsc
(490 KB)

By Mark Russinovich and Bryce Cogswell

Introduction

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.

Process Monitor Enhancements over Filemon and Regmon

Process Monitor's user interface and options are similar to those of Filemon 5 mg propecia and Regmon, but it was written from the ground up and includes numerous significant enhancements, such as:

• Monitoring of process and thread startup and exit, including exit status codes
• Monitoring of image (DLL and kernel-mode device driver) loads
• More data captured for operation input and output parameters
• Non-destructive filters allow you to set filters without losing data
• Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation
• Reliable capture of process details, including image path, command line, user and session ID
• Configurable and moveable columns for any event property
• Filters can be set for any data field, including fields not configured as columns
• Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
• Process tree tool shows relationship of all processes referenced in a trace
• Native log format preserves all data for loading in a different Process Monitor instance
• Process tooltip for easy viewing of process image information
• Detail tooltip allows convenient access to formatted data that doesn't fit in the column
• Cancellable search
• Boot time logging of all operations

The best way to become familiar with Process Monitor's features is to read through the help file and then visit each of its menu items and options on a live system.

Screenshots

Download Process Monitor (1.1 MB)

So, tell me, have you ever tried typing out a long message like this:

Now, while you were doing that, did you have enough time to spell check each word individually? Probably not, right? If that sounds familiar to you, I have the perfect Internet Explorer add on for you today! It’s called ieSpell and it acts just like the spell check function in Microsoft Word. It's awesome!

To make sure we're all on the same page, here’s an example of how you can use ieSpell:

1.) You're typing out a comment to the Webmaster of your favorite Web site, telling them how much you like their site.

2.) You accidentally spell the word "definitely" wrong, but you don’t realize it and just when you're about to hit the Submit Comment button, you have second thoughts. If you think you may have spelled something wrong, you can check it with ieSpell (as long as you have it installed!) To do that, just right click within the comment box and choose this:

3.) ieSpell will find your spelling mistake and give you some alternative spellings.

If you agree with the change ieSpell suggests, go ahead and click on Change.

It will then make the change and tell you "The spelling check is complete!"

It’s basically just like using the F7 spell check function in Microsoft Word, but now, you won’t have to copy and paste your text from Internet Explorer to Word anymore!

To install ieSpell, head on over to http://www.iespell.com/, click Download on the left sidebar and then choose the Primary Mirror download (this is a CNET download, so you know it’s free of spyware). Once ieSpell is finished downloading, simply open a new IE browser window and go about your business. If you happen to make any more spelling errors, ieSpell will come to your rescue. Yes!

[Note: ieSpell allows you to add custom dictionaries. Your MS Office viagra substitutes Dictionary is located at:

How can you fault a company for pushing the fee-based version of its free programs? After all, everybody's got to make a living. Still, it starts to look a lot like bait-and-switch when you see a free program promoted on one site and then, when you go to what you think is the program's download page, you're prompted to purchase the commercial version.

That's what happened when readers Robert Eden and Armin Fields tried to find the free Foxit PDF Reader utility and were directed to the $35 Foxit Reader Pro Pack. Armin was even offered an odorous "bargain" from Foxit Software:

• "Foxit Reader is not free and does not belong on your list of free stuff. I just checked; they charge $35 unless I buy some product (say $29 for cigars; I don't smoke)."
  

No need to pick up any habits just to secure a discount on a "free" software program. You can get it from Download.com's Foxit PDF Reader page without the vendor's runaround.

This puts a new twist on an old axiom: "If at first you don't see the free-download link, viagra history try, try another site."