Episode
Defrag Tools: #81 - Aaron Margosis
In this episode of Defrag Tools, Andrew Richards and Chad Beeder are joined by Aaron Margosis to talk about the Sysinternals book he co-authored, and demos an Application Installation Recorder that leverages Process Monitor and PowerShell.
Resources:
Windows Sysinternals Administrator's Reference
Aaron Margosis' Non-Admin, App-Compat and Sysinternals WebLog
Timeline:
[00:00] - Aaron Margosis!
[01:50] - Windows Sysinternals Administrator's Reference
[03:15] - New edition. It's v2, but not called v2
[04:35] - Mark's Case of the Unexplained... talks
[08:03] - Aaron's Sysinternals Primer talks
[10:56] - Installing a 32bit application with a 16bit installer
[12:20] - Capture the 16bit installer's execution with Process Monitor
[15:10] - Sysinternal Sigcheck confirms that it is a 16bit app
[21:21] - [Side track] Parent Process
[23:00] - Save as XML in Process Monitor
[24:26] - PowerShell script to report the file and registry operations
[26:52] - System32 vs SysWOW64 vs SysNative
[29:53] - PowerShell script to harvest the file and registry operations
[33:33] - Moving folders from C:\ to C:\Program Files
[36:15] - Email us your issues at defragtools@microsoft.com
In this episode of Defrag Tools, Andrew Richards and Chad Beeder are joined by Aaron Margosis to talk about the Sysinternals book he co-authored, and demos an Application Installation Recorder that leverages Process Monitor and PowerShell.
Resources:
Windows Sysinternals Administrator's Reference
Aaron Margosis' Non-Admin, App-Compat and Sysinternals WebLog
Timeline:
[00:00] - Aaron Margosis!
[01:50] - Windows Sysinternals Administrator's Reference
[03:15] - New edition. It's v2, but not called v2
[04:35] - Mark's Case of the Unexplained... talks
[08:03] - Aaron's Sysinternals Primer talks
[10:56] - Installing a 32bit application with a 16bit installer
[12:20] - Capture the 16bit installer's execution with Process Monitor
[15:10] - Sysinternal Sigcheck confirms that it is a 16bit app
[21:21] - [Side track] Parent Process
[23:00] - Save as XML in Process Monitor
[24:26] - PowerShell script to report the file and registry operations
[26:52] - System32 vs SysWOW64 vs SysNative
[29:53] - PowerShell script to harvest the file and registry operations
[33:33] - Moving folders from C:\ to C:\Program Files
[36:15] - Email us your issues at defragtools@microsoft.com