Examine Task Manager3 min
Examine Event Viewer5 min
1. Task Manager: Monitor processes, startup programs, and resource usage.
2. Event Viewer: Analyze logs to identify system, app, and security issues.
3. Reliability Monitor: View system stability trends and failure details.
4. Diagnostics and Recovery Toolset (DaRT): Advanced recovery and repair tools.
5. Steps Recorder: Record step-by-step actions to document issues.
6. Microsoft Management Console (MMC): Manage Windows tools via snap-ins.
7. Windows Registry: Edit system settings carefully for troubleshooting.
8. Sysinternals Suite: Advanced diagnostics with Process Explorer and Autoruns.
9. Windows Performance Toolkit: Analyze detailed performance metrics.
Contig. This tool enables you to defragment your frequently used files quickly.
DiskMon. This tool enables the computer to capture all hard disk activity, and acts like a software disk activity light in the system tray.
PageDefrag. This tool enables you to defragment your paging files and registry hives.
Process Explorer. This tool enables you to determine which files, registry keys, and other objects processes have open, which DLLs they have loaded, and more. This tool also displays who owns each process.
Process Monitor. This tool enables you to monitor file system, registry, process, thread, and dynamic-link library (DLL) activity in real time.
Autoruns. Extensive scan of programs, drivers, scripts, and extensions that are configured to run during bootup, sign in or when certain Windows applications launch.
From <https://learn.microsoft.com/en-us/training/modules/explore-support-diagnostic-tools/11-explore-additional-tools>
----
Help from Microsoft
https://support.microsoft.com/en-us/windows/runtime-broker-is-using-too-much-memory-ca6ed4e3-2a36-964c-4d2e-8c93980d8a98
Runtime Broker is using too much memory
Runtime Broker is a Windows process in Task Manager that helps manage permissions on your PC for apps from Microsoft Store. It should only use a few megabytes of memory, but in some cases, a faulty app might cause Runtime Broker to use up to a gigabyte of RAM or more.
If your RAM use is high and your PC is running slowly, an app may be the cause of the problem. Press Ctrl+Shift+Esc to open Task Manager and then, on the Processes tab, check to see how much memory Runtime Broker is using. If its using more than 15% of your memory, you probably
From <https://www.bing.com/WS/Init>
Windows Performance Toolkit
From <https://learn.microsoft.com/en-us/training/modules/explore-support-diagnostic-tools/11-explore-additional-tools>
1. Task Manager: Monitor processes, startup programs, and resource usage.
2. Event Viewer: Analyze logs to identify system, app, and security issues.
3. Reliability Monitor: View system stability trends and failure details.
4. Diagnostics and Recovery Toolset (DaRT): Advanced recovery and repair tools.
5. Steps Recorder: Record step-by-step actions to document issues.
6. Microsoft Management Console (MMC): Manage Windows tools via snap-ins.
7. Windows Registry: Edit system settings carefully for troubleshooting.
8. Sysinternals Suite: Advanced diagnostics with Process Explorer and Autoruns.
9. Windows Performance Toolkit: Analyze detailed performance metrics.
Windows System Information and Utilities: A Comprehensive Guide
Source 1: Excerpts from "sysinternals.pdf"
1. Access Control and Security
This section provides command-line tools and techniques for analyzing and managing access control in Windows, focusing on file system and registry permissions. It covers tools like accesschk and explores concepts like explicit integrity levels and global objects.
2. Disk Monitoring and Usage
This section delves into utilities for monitoring and analyzing disk activity and space usage. Tools like Diskmon and du are presented, enabling users to track disk operations and assess directory sizes with various reporting options.
3. NTFS Internals and File Manipulation
This section explores the inner workings of the NTFS file system. It introduces the NTFSInfo tool for examining NTFS metadata and discusses advanced techniques like securely deleting files using Sdelete and understanding MFT (Master File Table) structure.
4. Network Monitoring and Diagnostics
This section focuses on network utilities, particularly psping for advanced ping testing and listdlls for analyzing DLLs loaded into processes. It highlights customization options for analyzing ping responses and filtering loaded DLLs based on criteria like unsigned status.
5. Process Management and Debugging
This section covers tools like procdump for generating process memory dumps with various options for customization and analysis. It also introduces ShellRunas for launching programs with different credentials, a vital tool for security and troubleshooting.
6. System Information and Resource Monitoring
This section explores utilities for gathering system information and monitoring resource usage. It introduces VMMap for visualizing and analyzing virtual and physical memory usage, PsInfo for retrieving comprehensive system details, CpuStres for simulating CPU load, and Ctrl2Cap for capturing keyboard input.
7. Registry Management and Analysis
This section presents tools for managing and analyzing the Windows registry. It introduces RU (registry usage) for reporting space usage by registry keys and delves into advanced concepts like filter driver development for monitoring registry activity.
Source 2: Excerpts from "windows-win32-sysinfo.pdf"
1. GDI Objects and Resource Management
This section delves into GDI (Graphical Device Interface) objects, their limits, and how to manage them effectively. It covers object types, creation and destruction functions, and configuring per-process handle quotas through registry settings.
2. Registry Manipulation and Enumeration
This section provides an in-depth look at working with the Windows Registry using C++ code examples. It covers querying registry keys, enumerating subkeys and values, retrieving registry size information using PDH (Performance Data Helper), and accessing registry data with functions like RegQueryInfoKey and RegEnumValue.
3. Initialization File Handling and Registry Interaction
This section explores the use of initialization (.ini) files and their interplay with the Windows Registry. It covers functions for retrieving section names (GetPrivateProfileSectionNames), retrieving data from sections (GetPrivateProfileStruct), and managing registry keys with functions like RegCreateKeyA and RegOpenKeyExA.
4. Advanced Registry Operations and Transactions
This section covers advanced registry operations, including enumerating values (RegEnumValueA), querying multiple values (RegQueryMultipleValuesA), understanding registry value types, and working with registry hives. It also introduces transacted registry access using functions like RegCreateKeyTransactedA and RegOpenKeyTransactedA for ensuring data integrity.
5. System Information Retrieval and Version Checking
This section focuses on retrieving various system information, including computer name, user name, system directory, environment variables, and operating system version. It demonstrates the use of functions like GetComputerName, GetUserName, ExpandEnvironmentStrings, GetVersion, GetVersionEx, and VerifyVersionInfo for detailed system analysis.
6. Hardware and System Feature Detection
This section explores methods for detecting hardware features and system capabilities. It discusses the use of functions like EnumSystemFirmwareTables, GetSystemInfo, GetSystemRegistryQuota, and IsProcessorFeaturePresent for understanding system configuration and processor capabilities.
7. Low-Level System Information and Time Management
This section delves into lower-level system information retrieval and time management techniques. It covers the use of NtQuerySystemInformation for accessing system details, querying auxiliary counter frequency, managing system time, retrieving tick counts, and working with unbiased interrupt time.
8. System Time and File Time Management
This section focuses on managing system time and file time information. It discusses the use of functions like GetSystemTime, SetSystemTime, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, and GetLastWriteTime for working with various time formats and converting between them.
9. System Time Functions and Utilities
This section explores additional system time functions, including GetTickCount64, QueryUnbiasedInterruptTimePrecise, and GetTimeSample. It provides code examples for calculating time intervals and working with time-related data structures like SYSTEMTIME and TimeSample.
TaskMan 1 — Processes
Resmon 2
eventvwr.msc 3
Perfmon 4
Reliability Mon 5
Process Explorer 6
ProcMon 7
Diag & Recov Toolset 8
Steps REC 9
MMC —MS MAN CONS 10
SysInternals 11
WPA (Perf) Toolkit 12
https://claude.ai/chat/32155873-e13b-461c-ba7b-f4eb0c09aa09
MD-IOO for Remote IT Support Technician Role
TaskMan 1 Processes
Resmon 2
eventvwr.msc 3
Perfmon 4
Reliability Mon 5
Process Explorer
ProcMon
Diag & Recov Toolset
Steps REC
MMC —MS MAN CONSOLE
Syslnternals
WPA (Perf) Toolkit
----
Here's a summary of the key functionalities of each Windows diagnostic tool.
Task Manager (Taskmgr.exe) [1-5]:
Monitors real-time system processes, CPU, memory usage, and allows for process termination. [4]
Provides an overview of system performance and resource usage. [1, 2]
Resource Monitor (perfmon /res) [6, 7]:
Monitors system performance and resource utilization of CPU, disk, network, and memory. [7]
Identifies reliability problems, like excessive use of system resources or unresponsive apps. [7]
Provides a detailed real-time view of hardware resource usage by the operating system, services, and running applications. [8]
Event Viewer (eventvwr.msc) [2, 9, 10]:
Analyzes logs to identify system, app, and security issues. [2]
Provides a categorized list of Windows log events, including application, security, setup, system, and forwarded events. [9]
Offers detailed event information such as description, ID, source, status, time, user, computer, and links to additional resources. [11]
Allows for custom views, filtering, and event subscriptions for remote computer monitoring. [12, 13]
Performance Monitor (perfmon) [2, 8, 14]:
Provides a visual display of real-time or historical performance data using built-in counters. [14]
Offers the creation of data collector sets to configure and schedule performance counter, event trace, and configuration data collection. [8]
Generates reports from data collector sets for analysis. [15]
Reliability Monitor (perfmon /rel) [2, 16, 17]:
Shows system stability trends and failure details. [2, 16]
Process Explorer (procexp.exe) [18, 19]:
Determines active processes on a Windows computer. [19]
Shows open handles, loaded DLLs, memory-mapped files, and process ownership. [18, 19]
Process Monitor (procmon.exe) [16, 19, 20]:
Monitors real-time file system, registry, process, and thread activity. [16, 19]
Provides advanced filtering capabilities for specific events. [19, 20]
Combines features from older Sysinternals tools like Filemon and Regmon. [21]
Diagnostics and Recovery Toolset (DaRT) (dart.exe) [22, 23]:
Troubleshoots, diagnoses, and repairs computers that won't start or have errors during startup. [23]
Includes tools for system recovery, problem diagnosis, file restoration, malware removal, and creating bootable recovery images. [23, 24]
Steps Recorder (psr.exe) [2, 25]:
Records step-by-step actions to document issues visually. [2, 25]
Creates MHTML files that can be saved and analyzed for troubleshooting or user demonstrations. [25]
Microsoft Management Console (MMC) (mmc.exe) [1, 26, 27]:
Manages Windows tools through snap-ins, simplifying system administration. [1, 26, 27]
Allows creation of custom tools for delegating specific administrative tasks. [27]
Provides a standardized interface for managing various system components and applications. [27]
Sysinternals Suite [1, 26, 28, 29]: Offers a collection of advanced system utilities for monitoring and troubleshooting Windows, including tools like:
Contig: Defragments frequently used files quickly. [18, 30]
DiskMon: Captures and displays all hard disk activity. [18, 30]
PageDefrag: Defragments paging files and registry hives. [18, 30]
Autoruns: Scans for programs configured to run automatically during system boot, login, or application launch. [16, 29]
Windows Performance Toolkit [31, 32]:
Produces in-depth performance profiles of Windows operating systems and applications. [32]
Provides deep analysis of application and service resource consumption. [32]
The sources highlight these key functionalities of various diagnostic tools, emphasizing their roles in system monitoring, troubleshooting, performance analysis, and repair.
From <https://notebooklm.google.com/notebook/fcae6433-fe8b-476e-8218-e6b5323db33b?_gl=1*ud9qsa*_up*MQ..*_ga*ODAzODYxNTguMTczNDM4OTI2Mg..*_ga_W0LDH41ZCB*MTczNDM4OTI2MS4xLjAuMTczNDM4OTI2MS4wLjAuMA..>
----
I want to learn MD-100 Tools for Remote IT Support Technician Role. Here are quick notes on how to use each tool, drawing from the provided sources below.
TaskMan 1 Processes
Resmon 2
eventvwr.msc 3
Perfmon 4
Reliability Mon 5
Process Explorer
ProcMon
Diag & Recov Toolset
Steps REC
MMC —MS MAN CONSOLE
Syslnternals
WPA (Perf) Toolkit.
These notes provide a starting point for using each tool. For more in-depth information, consult the provided sources and Microsoft documentation.
1.
TaskMan (Taskmgr.exe): Press Ctrl+Shift+Esc to open. View running processes, resource usage (CPU, memory, disk, network), and end tasks. Useful for identifying resource-heavy applications or unresponsive processes.12
2.
Resmon (perfmon /res): Open Run (Windows+R) and type "perfmon /res". Monitor real-time resource usage for CPU, memory, disk, and network. Helpful for identifying bottlenecks and performance issues.34
3.
Eventvwr.msc: Open Run (Windows+R) and type "eventvwr.msc". Analyze system, application, and security logs. Filter events, create custom views, and configure event subscriptions to collect logs from remote computers for centralized analysis.25678
4.
Perfmon: Open Run (Windows+R) and type "perfmon". Monitor system performance using counters, create data collector sets for scheduled data collection, and generate performance reports. Useful for in-depth performance analysis and identifying trends.291011...
5.
Reliability Mon (perfmon /rel): Open Run (Windows+R) and type "perfmon /rel". View system stability history, track errors, application failures, and hardware problems to identify recurring issues affecting system reliability.2141516
6.
Process Explorer (procexp.exe): Download from Sysinternals Suite. Provides a more detailed view of processes compared to Task Manager, including open handles, loaded DLLs, and process ownership. Useful for advanced troubleshooting and identifying process relationships.1718192021
7.
ProcMon (procmon.exe): Download from Sysinternals Suite. Real-time monitoring of file system, registry, process, and thread activity. Advanced filtering options to focus on specific events. Helpful for deep-dive analysis of system activity and troubleshooting file or registry related issues.1617202223
8.
Diag & Recov Toolset (DaRT) (dart.exe): Advanced troubleshooting and recovery toolkit for non-booting or problematic systems. Create bootable recovery media. Includes tools for disk repair, file recovery, malware removal, and more.12152425
9.
Steps REC (psr.exe): Open Run (Windows+R) and type "psr.exe". Record step-by-step user actions with screenshots for issue documentation and reproduction. Save as a MHTML file for analysis or sharing.215262728
10.
MMC —MS MAN CONSOLE (mmc.exe): Open Run (Windows+R) and type "mmc.exe". A framework for managing Windows tools and administrative tasks. Provides a consistent interface for various snap-ins, enabling customized management consoles.2152629...
11.
SysInternals: A suite of powerful system utilities available for download from Microsoft. Includes various tools for system analysis, troubleshooting, and diagnostics, including Process Explorer, Process Monitor, Autoruns, and more.17212632...
12.
WPA (Perf) Toolkit: Part of the Windows Assessment and Deployment Kit (ADK). Offers in-depth performance profiling and analysis for Windows operating systems and applications. Advanced tool for identifying performance bottlenecks and resource consumption issues.2323637
From <https://notebooklm.google.com/notebook/fcae6433-fe8b-476e-8218-e6b5323db33b?_gl=1*ud9qsa*_up*MQ..*_ga*ODAzODYxNTguMTczNDM4OTI2Mg..*_ga_W0LDH41ZCB*MTczNDM4OTI2MS4xLjAuMTczNDM4OTI2MS4wLjAuMA..>