Per the Sysinternals website, "Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>."
Let's take a look at how we can do this.
Based on the instructions, to launch Process Monitor from the web the syntax is \\\\live.sysinternals.com\\tools\\procmon.exe.
And it fails.
To resolve this issue the WebDAV client must be installed and running on the machine. The WebDAV protocol is what allows a local machine to access a remote machine running a WebDAV share and perform actions in it.
On a Windows 10 client, the WebDAV client is installed but the client is most likely not running. If you try to run a Sysinternals tool it will fail with a message "The network path was not found."
The service needs to be started before attempting to call any Sysinternals tool in this fashion.
Verify it's running before proceeding.
Also, Network Discovery needs to be enabled as well. This setting can be enabled in the Network and Sharing Center.
There are a few ways to open the Network and Sharing Center. Here is a neat command line to launch it.
Click on Change advanced sharing settings and select Turn on network discovery for your current network profile.
The attached VM is a Windows Server 2019 edition. The WebDAV client is not installed by default.
The feature to install on Windows Server is WebDAV Redirector. This feature can be installed via Server Manager or using PowerShell.
To install with PowerShell, Install-WindowsFeature WebDAV-Redirector –Restart. The server needs to reboot for the installation to complete.
After reboot, the installation can be verified with the following PowerShell command, Get-WindowsFeature WebDAV-Redirector | Format-Table –Autosize.
The same process as with a Windows 10 client applies from this point:
- Make sure the WebClient service is running
- Make sure Network Discovery is enabled
- Run the tool from the command line (as shown above from the Windows 10 machine)
- Create a network drive and run the tool from the mapped drive
Now with all the necessary components installed and enabled the local machine is ready to run Sysinternals tools from the web.
There are 2 ways the tools can be run:
Method 1 - Run tool from command line
Method 2 - Run tool from a mapped drive
Note: The asterick will auto-assign a drive letter. The asterick can be replaced with an actual drive letter instead.
The website is now browsable within the local machine.
Now that we got that out of the way time to start exploring some of these tools.
Answer the questions below
What service needs to be enabled on the local host to interact with live.sysinternals.com?
How to: The answer can be found above, if you scroll up till you get to the command get-services. The service you are calling on is the answer to this question.
Answer: webclient
No comments:
Post a Comment