The four must-have Windows troubleshooting tools
Troubleshooting in Windows? Make sure you have these tools in your arsenal: Event Viewer, Resource Monitor, Microsoft Sysinternals Suite, and Powershell.
Sep 5, 2024 • 12 Minute Read
It’s been one of the great ironies of the last twenty years that as versions of Microsoft Windows have become more stable, more and more tools have been introduced to help troubleshoot and repair problems.
All of this began with the fantastic Problem Steps Recorder, which was introduced during the beta of Windows 7. This tool proved so popular with testers that Microsoft kept it around (Sadly, this is one tool that’s finally seeing an end of life as Microsoft have announced it will soon be removed from Windows 11.)
Still, a great many tools still exist to help you to diagnose, troubleshoot, and repair absolutely any type of problem in the Windows operating system. In this article, I'll detail the most significant and important tools, and why you should be using them for your role in IT Support.
1. Event Viewer
No list of Windows troubleshooting tools would ever be complete without the inclusion of the Event Viewer. Nothing happens in Windows without being recorded and logged, and while these logs are scattered around the disk in different files---some in plain text, some in unreadable binary---the Event Viewer is where all of this comes together.
Events are categorised by their severity, from Audit Failures and Successes, which log events such as anti-malware scans and update installations, all the way through to warnings, errors, and critical events.
The Event Viewer comes into its own in several ways. Firstly, and at its most basic, it will provide error codes that you can search for online to look for problem causes and solutions. It’s fair to say that whatever problem you encounter in Windows or on a PC, you will never have been the first person to see it. These error codes appear in the format 0x000… which make them very easily identifiable.
Also very usefully, the Event Viewer allows you to log specific areas of the PC and the OS operation. Let’s say, for example, that you suspect there’s an intermittent problem with a RAID driver. You can create a custom log that just stores events related to that device. Additionally you can then attach a task to specific events---such as a critical stop---that allow you to run a repair script, or alert the user that something has happened (and they need to stop what they’re doing and call Amy in support.)
2. Resource Monitor
If you need to see what the PC is doing in real time, then there’s no better place to be than the Resource Monitor. While the Windows Task Manager will show you graphs and details of running processes and services, the Resource Monitor takes this up a gear and displays real-time data on everything from memory usage to network port and packet utilization.
Being able to drill down into a specific app to see what external IP address it is connecting to can help diagnose connections issues, and seeing exactly which process it is on the PC that’s monopolising the disk usage, or that has an active memory leak is invaluable.
3. Microsoft Sysinternals Suite
Not part of Windows, but a free download from the Microsoft website, this suite consists of a huge variety of invaluable tools for diagnosing, troubleshooting, and repairing problems. Everything is here from utilities to see which process has locked a file, to creating a virtual machine of a full Windows installation so it can be examined and used elsewhere.
Some of the best and most useful tools in the suite include…
Autoruns
The Autoruns tool is a major step up from Task Manager. Whereas the built-in tool will show you which processes start when the user signs into the PC, Autoruns goes further to show you which services, codecs, drivers, scheduled tasks, registry keys and more are loaded or started.
Many items in Autoruns are color-coded to help you identify problems more easily, this can help make it straightforward to spot everything from malware processes to faulty audio and video codecs. You can disable an item by simply unchecking it, safe in the knowledge that if you have disabled something you shouldn’t have it will still be there to re-check when you run Autoruns again.
Process Explorer
If Resource Monitor takes Task Manager and ups it’s game, then Process Explorer does the same for the Resource Monitor. Focusing purely on running processes and services, Process Explorer lets you drill down into everything running on the PC, again helpfully color-coded.
You can get information on processes and service to find out exactly what each of them are, examine their version numbers and authors, and see which processes have dependent processes running beneath them, able to shut down the entire process tree with the single click if needs be.
You can also suspend processes and services temporarily, enabling you to determine if that was the right process to stop, or to see if doing so will have an adverse effect on other aspects of the OS and the user-experience.
PSTools
PSTools is a collection of command-line utilities that perform specific tasks including executing, managing, and terminating processes on both the local or a remote PC, viewing information about processes and services, and suspending problematic ones. It’s the ability for PsTools to operate across networks though and control other PCs that makes it so incredibly useful.
This isn’t limited to just PsTools though, with many of the Sysinternals tools and utilities able to operate on remote PCs, managing everything from security credentials to file and system integrity. Sysinternals is regularly updated by Microsoft’s best engineers and I would always suggest anybody serious about a role in IT Support to familiarize themselves with the tools available.
4. PowerShell (+ Windows Terminal, GitHub and CoPilot)
PowerShell has been around in Windows now for many years, and it is always under development. While the GUI tools in Windows would have been previously used to diagnose and repair problems, PowerShell is now capable of far more than can be achieved with just the GUI tools alone.
The best way to use PowerShell is from the Windows Terminal, which is part of Windows 11 and available as a separate free download for Windows 10. Terminal gives you a tabbed interface in which you can program in PowerShell, the Command-Line, Azure Cloud Shell, and into which you can also plug third-party scripting tools such as the popular Bash shell from Linux.
PowerShell is a skill well worth learning, but even for the uninitiated it’s possible to do amazing things with this scripting language. If you search on GitHub you will find thousands of freely available, open-source PowerShell scripts to help you perform everything from routine to more esoteric tasks on local or whole collections of remote PCs on a network, or where people are signed in using a Microsoft Entra ID.
This then brings us to Microsoft CoPilot, the company’s (I’m not going to call it Artifical Intelligence, because it’s really not) large language model assistant. CoPilot is capable of creating PowerShell scripts on the fly. Now you might be slightly wary of this, and you’d be quite correct to be so, as some if not many of the results these LLM assistants produce can be very prone to containing errors. They are getting better, and within a year or two will likely be mostly error-free.
In the mean time though, Microsoft provide a free PowerShell module that can test and check your PowerShell scripts for errors. You can find and learn more about these tools from the Microsoft documentation.
Summary
These are just a few of the most commonly used and most useful free tools available to help you diagnose, troubleshoot, and repair any type of problem with a local or remote PC running Windows 10 or Windows 11.
If you want to learn more about how troubleshooting Microsoft Windows, head to my Windows 11 Troubleshooting path at Pluralsight, and also my Windows 10 Troubleshooting path.
