What is PSTools?

Why to use it?

Does it replace invoke-command? Or get-ciminstance? Or Should we stick to powershell 3,4,5,6…

It’s just another tool for the tool belt. Your answer really depends on what you’re trying to accomplish in which circumstance.

It is a set of tools developed by, now a wholly owned subsidiary of Microsoft. Includes both command line and gui applications. Some require to be run as administrator.

Many cool tools, some of my favorites are:

  • Autoruns - to get a comprehensive look at all of the things that run automically (services, registry keys RUN and RUNONCE, etc)
  • Streams.exe - a command line tool that can list alternative streams in NTFS file, which is how Windows knows that a file was downloaded from a remote site. Streams can also delete (or Unblock) a file or files.

Even though the name starts with “PS” PsTools is not related to Powershell at all. It’s a collection of specialized command line tools for admins launched in a time where Windows did not have reasonable tools included.

Oh wow, he could have looked it up first. It could be PostScript Tools… but yes, PSTools came from SysInternals.

