Skip to content

Installing Sysinternals Suite on Windows 11

Overview

This guide covers installing the Sysinternals Suite, a collection of advanced Windows utilities created by Mark Russinovich and maintained by Microsoft.

What you'll do

  • Download and extract Sysinternals Suite
  • Run tools directly (GUI + CLI)
  • Add Sysinternals to PATH for easier access

Before you start

Take a VM snapshot before installing new tools.

Prerequisites

  • Windows 11 VM running
  • Internet access
  • Administrator permissions

Helpful links

Steps

1. Download Sysinternals Suite

  1. Open a browser in your VM.
  2. Go to the official Microsoft page:
    https://learn.microsoft.com/sysinternals/
  3. Click Download Sysinternals Suite (ZIP archive).
  4. Example: SysinternalsSuite.zip
  5. Save to your Downloads or Tools folder.

2. Extract the Suite

  1. Right-click the ZIP → Extract All…
  2. Extract to:
C:\Tools\SysinternalsSuite\

3. (Optional) Add to PATH

Adding Sysinternals to PATH makes commands accessible from any shell.

  1. Open Start → Environment Variables.
  2. Edit the Path variable.
  3. Add:
C:\Tools\SysinternalsSuite\
  1. Save changes → restart shell/VM if needed.

Now you can run procexp, autoruns, etc. directly from PowerShell or CMD.

4. Run Key Tools

Run directly from PowerShell (if PATH added) or by double-clicking executables in Explorer.

Process Explorer 

procexp

Autoruns 

autoruns

PsExec (remote execution) 

psexec \\target cmd

Verification

  • Open Process Explorer (procexp) → shows running processes
  • Run: 
    whois.exe -?

Expected output: 

Usage: whois [options] domain-name

  • Confirm PATH works (tools run without needing full path).

It worked if…

  • Process Explorer launches
  • Autoruns opens successfully
  • Commands like whois.exe -? return output

Troubleshooting

  • Command not recognized → PATH not updated → add folder to PATH or run with full path
  • Blocked EXEs → Right-click EXE → Properties → Unblock (sometimes SmartScreen flags them)
  • Permission issues → Run shell as Administrator (many Sysinternals tools require elevation)

Common issues

  • PATH not saved → verify environment variable update
  • EXE blocked → manually unblock file properties

References