Top 10 free troubleshooting tools for Windows 10
Into every Windows 10 user’s life a little rain must fall. Sometimes it comes down in buckets.
Windows itself has many built-in troubleshooting tools, but they can be tricky to find and even trickier to harness in ways that’ll help you solve a problem—instead of simply sitting there looking pretty and/or perplexed.
Here we introduce 10 tools you’re going to need, sooner or later, no matter how you use or abuse Win10. They’re free—either built into Windows, downloadable from Microsoft, or free as a breeze from a third party. Most of all, they get the job done ... and done well.
Windows has a secret command post that can be invaluable in a pinch, assuming you get familiar with its powerful offerings. It’s called Task Manager, and to fire it up, right-click the Start button and choose Task Manager, or press Ctrl-Alt-Del and choose Task Manager. If this is the first time you’ve invoked the genie, you will see an abbreviated list of programs. Click the More Details button and Taskman’s power unfolds.
The Task Manager Processes tab allows you to do the following:
Kill a program. If, say, Edge refuses to stop—a well-known bug in the Win10 Anniversary Update—you can kill it here. It doesn’t matter if your issue is with a Universal Windows app or a Windows Desktop app. Click the app name, click End task, and zap! Windows will try to shut down the application without destroying any data. If it’s successful, the application disappears from the list. If it isn’t successful, it presents you with the option of summarily zapping the application (called End Now) or simply ignoring the shutdown and allowing the app to go its merry way.
See which processes are hogging your CPU. There’s a bouncing list of program pieces—called processes—and an up-to-the-second ranking of how much computer time each one is taking. That list is invaluable if your PC is slugging along and you can’t figure out which program is the problem.
See which processes take up most of your memory, hit your disk, or gab over the network. Sometimes, it’s hard to figure out which program is at fault. Task Manager knows all, sees all, and tells all.
Over on the Performance tab, you can get running graphs of CPU, memory, disk, or network usage. They’re cool and informative, and they may even help you decide whether you need to buy more memory.
On the App history tab you see which tiled Universal Windows apps use the most resources over a specified period of time. Did the Camera take up the most time on your PC in the past month? Pinball?
The Startup tab lets you turn off autostarting programs, but there’s a better solution called Autoruns, which I discuss later.
The Services tab in Taskman lets you start and stop individual services, but there’s a more flexible way to take control of the services. See the Component Services app, which I discuss later.
You can tap or click a column heading (such as CPU, Memory, Disk, or Network), and Task Manager sorts on that particular value. To update the report, choose View, Refresh Now. As you start new programs, they appear on the Apps list; any background programs they bring along appear on the Background processes list. Universal apps go to sleep when they aren’t being used, so they drop off the Task Manager list. One glance at the Processes tab should give you a good idea if any programs are hogging resources—for CPU processor cycles, memory, disk access, or tying up the network.
If you want to see much more detailed information—including utilization of each of the cores of a multicore CPU—tap or click the Open Resource Monitor link at the bottom of Taskman’s Performance tab. (Alternatively you can type
Resmon in the Cortana search box.)
The graphs are color-coded, and in some cases they’re hard to interpret:
In the CPU box, the blue line on top is the current processor speed, expressed as a percentage of the maximum (nominal) processor speed. The green line represents how hard your CPU is actually working.
In the Disk box, the green line shows how much data is being shuffled to or from your drives. The blue line shows you the percentage of time that the disk is busy, measured as a maximum value in each time slice. If your blue line stays at or near 100 percent, you may have problems with the drive (in File Explorer, right-click on the drive, choose Properties > Tools and under Error-checking, click Check). Otherwise, you’re seeing a phantom from earlier versions of Windows; don’t worry about it.
In the Memory graph, keep in mind that a Hard Fault is only an indication that Windows had to run out to your hard drive, to retrieve stuff that could’ve been stored in memory. If the green line bobs up and down near the top of the graph and stays that way while you wait, consider adding more RAM.
There are two little-known tricks up Resmon’s sleeve. On the left (see screenshot), you can limit the reporting to specific processes. For example, if I checked the boxes to the left of all three chrome.exe processes, the graphs would show me what Chrome is doing with/to my machine. Second, if you have a file that’s been locked—typically it’s open in a running program—you can find which program has a hold on the file. In Resmon, on the CPU tab, copy the file name into the Associated Handles box and hit Enter. The tenacious program shows up on the left.
I keep the Resource Monitor scrunched down, the Overview tab resized, so only the graphs show, and running on my desktop all the time. It tells me about my current sorry state of affairs at a glance.
Bambi, meet Godzilla.
If Task Manager doesn’t tell you all you want to know and Resmon’s limited view into locked files has you scrambling, Process Explorer will help. It sets the standard for monitoring absolutely everything running on your computer.
Mouse over a process, even a generic svchost, and you can see the command line that launched the process, the path to the executable file, and all of the Windows services in use. Right-click and you can go online to get more information about the executable.
You can even right-click to send a hash of the process to VirusTotal (a subsidiary of Alphabet/Google), which will tell you whether the program has been flagged by any major antivirus manufacturer as infected.
Process Explorer started as a free product from a small company called Sysinternals. Mark Russinovich and Bryce Cogswell, two of the most knowledgeable Windows folks on the planet, formed Sysinternals, which Microsoft bought in July 2006. Mark became a Microsoft Fellow. Microsoft promised that all free Sysinternals products would remain free. Wonder of wonders, that’s exactly what happened. You can get Process Explorer, free, from Microsoft.
To run Process Explorer, download it, and inside the downloaded Zip file, run procexp.exe. No need to install anything. To get started with Process Explorer, check out the Windows Sysinternals forum. For down-and-dirty real-world examples, download Russinovich’s presentation to the 2015 RSA conference (PDF) and strap on your hip waders.
No doubt you know that Windows automatically runs certain programs every time you start it and that those programs can prove cantankerous at times. The Task Manager Startup tab, shown previously, lists your startup applications, their helper programs, and sometimes problematic programs that use well-known tricks to run every time Windows starts. Unfortunately, really bad programs frequently find ways to squirrel themselves away, so they often don’t appear on this list.
Microsoft distributes a free program called Autoruns that digs in to every cranny of Windows, ferreting out autorunning programs—even Windows programs. Like Process Explorer, it’s a very well-maintained product from the Sysinternals team. To get Autoruns working, download it and run Autoruns.exe or Autoruns64.exe—no installation required.
Autoruns lists an enormous number of autostarting programs. Some appear in the most obscure corners of Windows. The Everything list shown in the screenshot shows every single autostarting program in the order they’re run.
Autoruns has many options. You can get a good overview on the Microsoft Ask the Performance Team blog. The option I use most is the ability to hide all the autostarting Microsoft programs. It’s easy. Choose Options, Filter Options, and select the Hide Microsoft Entries box. The result is a clean list of all the foreign stuff launched automatically by Windows.
Autoruns can suspend an autostarting program. If you see a program you want to block, deselect the box to the left of the program and reboot Windows. If you zap an autostarting program and your computer doesn’t work right, run Autoruns again and select the box—easy.
Which programs deserve to die? Any that provide services you don’t want—although I’d recommend against killing any processes from Microsoft. The bad guys go by various names, which change from time to time. Look for the Apple update checker, any utilities you no longer need or want, and perhaps the sync routines for cloud data services you no longer use. I’ve seen leftovers of antivirus programs that had been terminated with extreme prejudice long ago, game program helpers, communication tools for messaging systems long forgotten, and much more.
Every Windows user needs to know about Event Viewer, if only to protect themselves from scammers and con artists who make big bucks preying on peoples’ fears. Repeat after me: “An Error in Event Viewer is not necessarily a big deal.” If somebody calls and tells you they can help get rid of errors on your computer for a nominal fee, tell ‘em to call your friend who owns a support office in Nigeria.
At its heart, Event Viewer looks at a small handful of logs that Windows maintains on your PC. The logs are simple text files, written in XML format. Although you may think of Windows as having one Event Log file, in fact, there are many: Administrative, Operational, Analytic, and Debug, plus application log files.
Every program that starts on your PC posts a notification in an Event Log, and every well-behaved program posts a notification before it stops. Every system access, security change, operating system twitch, hardware failure, and driver hiccup all end up in one or another Event Log. Event Viewer scans those text log files, aggregates them, and puts a pretty interface on a deathly dull, voluminous set of machine-generated data. Think of Event Viewer as a database reporting program, where the underlying database is only a handful of simple flat text files.
In theory, Event Logs track “significant events.” In practice, “significant” is in the eyes of the programmer. Under normal circumstances, few people ever need to look at any Event Logs. But if your PC turns sour, Event Viewer may give you important insight into the source of the problem.
To fire up Event Viewer, right-click on the Start button (or push Windows Key-X) and choose Event Viewer. Once there, on the left, click Custom Views > Administrative Events. The Administrative Events overview shows events that may pique your interest. In the screenshot, I hit an event that shut down Word. If you want to pursue the problem, don’t bother with the link to Event Log Online Help at the bottom. Instead, Make note of the ID number and look it up at EventID.net. They may be able to point you in the right direction or at least translate the event ID into something resembling plain English.
Other Windows Logs that may be of interest:
- Application events: Programs report on their problems.
- Security events: Aka “audits,” they show the results of a security action. Results can be either successful or failed depending on the event, such as when a user tries to log on.
- Setup events: This primarily refers to domain controllers, which you don’t need to worry about.
- System events: Most of the errors and warnings you see in the Administrative Events log come from system events. They’re reports from Windows system files about problems they’ve encountered. Almost all of them are self-healing.
- Forwarded events: These are sent to this computer from other computers.
If you are trying to track down a specific problem and notice an event that may relate to the problem, use Google to see whether you can find somebody else who’s had the same problem. Event Viewer can also help you nail down network access problems because the Windows programs that control network communication spill a large amount of details into the Event Logs. Unfortunately, translating the logs into English can be a daunting task, but at least you may be able to tell where the problem occurs—even if you haven’t a clue how to solve it.
As the door to the Windows Underworld, Registry Editor should be inscribed with Dante’s “Lasciate ogne speranza, voi ch’intrate.” The Registry is a big, spooky place full of peril and hidden pitfalls. If you aren’t very careful, you can bring Windows crashing down, and you’ll never get it to work again—ever. Click once in the wrong place, and your machine freezes so tight you have to send it back to Boise. At least, that’s what some people think. Personally, I think of the Registry as a big time sink. But scary? Nah. Sure, you have to be careful, but if you don’t go around changing everything in sight, you can dive into the Registry and come back unscathed.
The main problem with the Registry? As Microsoft gets better at focusing its options, and giving you more control over the options that should be controllable, the number of really useful Registry tweaks has fallen off. For most people, the Registry is a place of last resort for changing setting for apps, not Windows itself.
The worst part of the Registry isn’t the Registry itself—it’s the lousy terminology. The Windows Registry has grown in a hodgepodge manner, and terms that (arguably) made sense back in the days of Windows 3.1 don’t mean diddly now. But we’re stuck with them.
Historically, Microsoft has put no emphasis on maintaining consistency inside the Registry. It’s kind of like a teenager’s closet: You never know what you’ll find in there, and any resemblance to organization is entirely coincidental.
The Registry is organized by keys, much as your disk is organized in folders. Just as a folder may have other folders and files inside, Registry keys may have other keys and values inside. Just as Windows Explorer helps you move from a higher-level folder down to a lower-level folder, and down and down before you finally find the file you want, the Registry Editor helps you move from a higher-level key down to a lower-level key, and down and down until you get to the value you seek.
Just as you can add or delete folders in Windows Explorer, you can add or delete keys in the Registry Editor. When you delete a folder in Explorer, you delete all the files and folders inside the folder. When you delete a key in the Registry Editor, you delete all the keys and values inside the key.
That’s where the similarities end. You can move a folder in Explorer, but you can’t move a key in the Registry Editor. And when you delete a key in the Registry Editor, there’s no Recycle Bin sitting there helping you recover from your mistakes. After you delete a key, it’s gone—for good.
Almost all the changes you make to the Registry involve modifying values—changing, adding, or deleting values—although once in a very blue moon you may need to add a key. Each value in the Registry has a name and data.
Before you change a key, it’s a good idea to export the key. Keep it handy in case something goes kablooey. (You can double-click on the exported file to restore the original settings.) The general procedure looks like this:
- Make sure you know exactly what you want to change and why. It’s not a good idea to skip through the Registry making changes simply to see what you can break.
- Down in the Cortana search box, type
regeditand press Enter.
- On the left, navigate to the key you want to change. Right-click on the key and choose Export. At the bottom, click the button marked Selected branch. At the top, navigate to a good location. Click Save. You’ll get a text file in a particular format—a .REG file—that you can use to restore the key if something goes south quickly.
- If the Value you want is in the Registry, double-click on it and make changes, then click OK. If you need to add a key, navigate to the right location and click Edit > New > Key. If you need to add a value, click Edit > New > Value. If you aren’t sure whether you want a String, Binary, DWORD, or other kind of value, you’re in over your head. “X” out of regedit and see Step 1.
Regedit is cool, dashing, potentially dangerous, and rapidly becoming obsolete.
GPEdit, the Windows Group Policy Editor, has been around since the days of Windows XP. Originally envisioned as an avenue for administrators to manage settings on groups of machines, it’s become an invaluable tool for controlling how Windows machines behave, whether they’re attached to a corporate network or not. You can think of it as a decent interface built on the carcasses of thousands of Registry settings.
One problem: GPEdit does not ship with Windows 10 Home. Of all the complaints about troubleshooting tools on Windows, that’s the one I hear the most. Since Windows 7, GPEdit.msc is in the Pro, Enterprise, and Academic versions of Windows. It isn’t in the Home versions. You can find instructions all over the web for ways to put GPEdit on a Win10 Home machine, but if you try to shoehorn it into a Home machine, you’re playing with fire—and it’ll probably break the next time you update Windows (if it doesn’t break your machine first).
Why would you want GPEdit? It gives you much more control, compared to editing the Registry by hand. With GPEdit, it’s easy to tell Windows 10 to notify you before downloading patches. In the Anniversary Update of Win10 (version 1607), there are two separate “Defer Windows Updates” settings that let you specify the number of months you want to wait before installing Feature Updates (max 180 days, see screenshot) and, separately, Quality Updates (max 30 days).
In Win10 Pro, you can Defer Upgrades in the Settings app: Start > Settings > Update & security > Advanced options, check the box marked “Defer upgrades” in the Fall Update version 1511, “Defer feature updates” in the Anniversary Update version 1607. (Yes, I’m painfully aware of the scrambled terminology, but such is Windows.)
If you use GPEdit to defer updates, there’s a big difference between the GPEdit settings in the Fall Update (version 1511) and the Anniversary Update (version 1607). If you have to straddle the line between both on different machines, check out Robert Pearman’s explanation on 4sysops.
There’s a long and sordid history of well-meaning geeks telling people to turn off specific Windows services. What started as a part-time hobby with Windows XP (kill a service and save a millisecond!) evolved into a painful collection of half-truths and broken machines.
Unfortunately, particularly with Microsoft’s insistence on pushing half-baked patches on Win10 Home machines, you may find yourself in the position of wanting to turn off specific services. Many people think that you need Win10 Pro—and GPedit—to turn off services. Not so: Windows itself has the ability, if you know where to find it.
In the particular case of the Windows Update service, you can get to the critter by clicking on Start, Windows Administrative Tools, then Component Services. On the left, click Services (Local), then double-click on Windows Update. The Windows Update service—the program that actually runs updates—can be set to Disabled or Manual.
Many people have reported that their Component Services settings were changed in the upgrade from the Fall Update to the Anniversary Update. Don’t be too surprised if you have to go in and change things around manually after a major upgrade—er, feature update.
Unless you put all of your data—absolutely everything—in the cloud, one of the first steps when setting up a new Win10 PC should involve turning on File History. Windows File History not only backs up your data files, it also backs up many versions of your data files and makes it very easy to retrieve the latest version and multiple earlier versions.
By default, File History takes snapshots of all the files in your libraries (including the Documents, Photos, Music, and Videos libraries), your desktop, your Contacts data, and both Internet Explorer and Edge favorites. It does not take snapshots of anything in OneDrive; that’s the cloud’s duty. The snapshots get taken once an hour and are kept until your backup drive runs out of space.
To use File History, Windows demands that you have an external hard drive, a second hard drive, or a network connection that leads to a hard drive. To get started, either plug a new external drive into your computer and follow the instructions, or go to Start > Settings > Update & security > Backup, and choose Add a drive. If Windows can find a suitable backup drive, it’ll be offered; if not you may have to click More options, Use Network Location, then Add Network Location, and point to the drive.
To get at earlier versions of a file, right-click on it and choose Properties > Previous Versions. Windows takes you through a simple interface to find and restore older copies. If you want to restore an entire folder, right-click on the folder, and choose Previous Versions. If that isn’t sufficient—say, you deleted an entire folder—File History stores backup copies on the backup drive under FileHistory\username\PC name\Data\the drive you backed up (probably C:)\Users\username (again). Go find it.
If you’ve installed a new hard drive in your computer, chances are good you’ve seen the Disk Management program. If you’ve sworn at drive letters that don’t work right or wondered why big blocks of drive space have gone missing, you’ve probably seen Disk Management, too.
To see what’s really happening with your hard drives, right-click Start (or Win-X) and choose Disk Management. You see a list of all of your volumes (drives, or partitions if you’ve partitioned a drive, as is the case with Disk 0 in the screenshot) on the top, and a graphical representation of the volumes on the bottom.
Right-click on a partition—either on the top or the bottom—and you can assign a new drive letter, shrink or expand a volume, format, delete, or add a volume (partition) to unassigned space on a drive. While Disk Management’s repertoire isn’t as sophisticated as many third-party disk partitioners, it’s more than adequate for most normal disk tasks.
Wushowhide, HWInfo, Secunia PSI and more
Those are my 10 favorite go-to troubleshooting programs, but there are many more you could add to your Windows 10 bucket list. I talked about several of them in the slideshow “Top 25 free apps for Windows 10.” In particular:
Wushowhide lets you hide Win10 updates and upgrades until you’re good and ready to install them. The big trick: You have to wait until Windows Update says the upgrade/update is ready before you can hide it. Detailed instructions are here.
Secunia Personal Software Inspector (free for personal use) scans your computer and tells you if there are awaiting patches.
HWiNFO tells you every imaginable detail about every nook and cranny of your PC.
Today's Best Tech Deals
Picked by PCWorld's Editors