The Microsoft Management Console provides a framework for creating the perfect troubleshooting toolkit. In this video, you’ll learn about Event Viewer, Disk Management, Task Scheduler, Device Manager, Performance Monitor, and more.
If you use Windows for office applications or to browse the internet, you may not realize there is a management console that you can run that allows you to build a customized view of utilities that can help you when you’re troubleshooting. This is accessed by running mmc.exe. And obviously, the MMC stands for the Microsoft Management Console. When you start the console, it’s empty. But you can add additional utilities into this view so that everything is listed on this one screen.
So from here, you can see I’ve added Event Viewer, Disk Management, Task Scheduler, and other utilities. Let’s start the Management Console on my computer. We’ll simply type mmc, and we will run that command. It asks us if we would like this app to make changes to the device, and we would. And here is our empty Microsoft Management Console. This, of course, starts as an empty console, but it’s very easy to add additional functions by going to the file pulldown menu and choosing the option to Add and Remove a Snap-in. The snap-in is the list of these different utilities that you can add into the Microsoft Management Console.
And there are a number of utilities to add. Let’s add Computer Management, and we’ll click Add. When we add this particular snap-in, it asks if we would like to use this to manage our local computer or a different computer that may be on our network. In this case, we’ll choose our local computer, and choose finish. And you can see that it has moved Computer Management Local into that right window. Let’s also add Device Manager. And we can see that’s added to the right side. And we’ll also load Disk Management as well. And again, we’re going to choose this computer for disk management. And then we’ll click OK.
And you can see on the left side, we’ve now populated those three utilities into the Microsoft Management Console. And we can easily access any one of them by clicking on that particular utility and accessing all of the features of each one of those functions. I’ve now built a customized view of the different functions that I would like to have available, and I would like to save this console by again choosing the file pulldown menu, choosing the Save option. And then we’ll simply call this pmv1 and save this particular console.
We can now pull up this management console at any time, and I can move from one configuration to another by loading that configuration from disk. One of the utilities we can add into this list is the Event Viewer. This gives you a consolidated view of everything that’s happening inside of your Windows operating system. This is effectively your Windows log viewer, and it separates things into different categories. You’ll probably see categories for Application, Security, Setup, and System.
You’ll see that some of these events are marked as informational, but they could be marked as a warning, error, critical, successful audit, or failure audit. If you wanted to start up the Event Viewer individually, you could start it as its own application by running eventvwr.msc.
In our Management Console, if we click the Event Viewer, you’ll see the number of events that we’ve had over time. There are administrative events, what we may have recently viewed, and a summary of the log information. If you want to quickly view a category of logs, you can choose them from the left menu. Let’s choose the Application Windows logs, and it lists all of the applications that are running on our system, and we can view the current status of a particular log.
For example, this is a log for a source called VSS. This is the Volume Shadow copy Service. And it tells us that we had an error associated with that service. It gives us details on what that error may be. But you’ll notice that there are thousands and thousands of logs that are contained within this Windows Event Viewer. So we can filter the current log to specify a particular event level, a particular type of log, or details about the category keywords, a specific user, or an individual computer.
This allows you to find exactly what you’re looking for very quickly, without having to page through many different log entries. A useful tool for examining information about your storage system is the Disk Management utility. Disk Management allows you to see all of the different storage drives that are installed into your computer and how those drives may be partitioned and what file systems they might be running. You can run this directly from your Management Console or open it separately using diskmgmt.msc.
One important thing to keep in mind when you’re working with Disk Management or any function dealing with our storage drives is that you could potentially delete data. So make sure if you’re making any significant changes inside of Disk Management that you always have a backup of that data.
Here’s the Disk Management function on my local computer. You can see I have a single drive, and it is split into three separate partitions. Two of these partitions do not have drive letters associated with them. This would be our recovery partition and an EFI system partition. This is used by the operating system during the startup process or when you’re trying to install new software on your computer. There’s also a partition that contains the bulk of our operating system.
This is our C drive. You can see there is a drive letter associated with it. This is a drive that is formatted with NTFS, and it is encrypted with BitLocker, which is a full disk encryption utility. This also tells us that this is a healthy partition. It is used for boot. We have our page file on this drive. Crash dumps are stored to this partition. And this is a basic data partition.
If you have other storage drives and partitions on this system, they will also appear in this Disk Management front end. If you right mouse click on this partition, you’ll notice you have options to make changes. You can change the drive letter and the paths that are used. You can shrink this particular volume. And if you have additional space on this drive or if you have additional drives, you can choose to extend the volume or mirror the information across separate physical drives. Again, you want to be very careful about making any changes inside of this utility because you could potentially lose data on that storage drive.
The Task Scheduler utility allows you to run applications at a particular date, time, or on a recurring basis. There are also a number of predefined tasks and schedules that are built into Task Scheduler, which makes it very easy to automate functions inside of Windows. And if you have a large number of different tasks that you’re running, you can separate them into folders to keep everything organized inside of Task Scheduler. If you run Task Scheduler by itself, you can run taskschd.msc.
The main screen of Task Scheduler will show you all of the tasks that have run in the last 24 hours. And you can change that time frame to widen it to the last seven days or the last 30 days. If you choose the option for your Task Scheduler library, it shows you all of the tasks that are currently configured. For example, I have one configured, which is the Microsoft update task, that it runs at 10:50 AM every day, and it gives you information about how that task is configured.
You can modify these by changing the Triggers tab, the actions that occur, the conditions that this is waiting for, and any detailed settings about this task. If you’d like to add your own task that runs at a particular time and day, you simply create a task on the right side menus and put in the name of the utility that you’d like to run, what day and time you’d like to run it, and make sure that any of the conditions or settings are configured for that particular task.
Most operating systems have some type of device driver that allows the operating system to talk to the hardware of your computer. To be able to see this device driver and understand the relationship between the operating system and the hardware, you can use the Device Manager option within your Microsoft Management Console. Generally, the drivers that you’ll find inside of this list have been created specifically for the operating system that you’re using. So if you’re running Windows 10, these will be Windows 10 device drivers. If you’re using Windows 11, these are probably Windows 11 device drivers.
There might be some situations where a device driver has been specifically written to work across multiple operating systems, but most of the time, you’re downloading and installing a device driver that is specific to this operating system. If you want to run Device Manager by itself, you run devmgmt.msc.
Device Manager organizes all of your hardware into different groups. For example, if you wanted a list of all of the printers associated with your computer, you can right mouse click on printer to expand that category and see all of the device drivers for printers. Let’s do the same thing for display adapters. We’ll also expand the keyboard options that we’re using and the option for monitors. If we double-click on any one of these, it brings up the device driver properties, and we can see the name of the driver that’s being used, any details associated with the driver, any recent events associated with this device driver, and what resources are being used inside of our system to support this hardware.
Many device drivers also have their own process for installation and update. There are also options if you right mouse click on a driver to update, disable, or uninstall this device driver.
We rely on certificates to provide information about ownership of a computer or to enable encryption functions within our operating system. If you’d like to view all of the certificates associated with your computer, you’ll find that under the Certificate Manager. You’ll notice that you can run this from the certmgr.msc option.
Here’s a view of the Certificate Manager. Inside of the Cert Manager, we can add, remove, or view the certificates that are already installed. For example, you might want to see all of the trusted Certification Authorities, or CAs, that are used by your browser. So if you double-click on the trusted root certification authorities and choose the option for certificates, you will see all of those certificates listed. We can right mouse click on any one of these to open the cert and look at the details of this particular certification.
Windows is a multi-user operating system, and you can configure multiple users to be able to use your computer or connect to your computer across the network. You can configure rights and permissions for those users and group them together into separate groups using the local users and groups utility. There are a number of users that are built into Windows, for example the administrator user and the guest user. Everyone else is considered a regular user inside of Windows.
There are also a number of predefined groups such as administrators, users, backup operators, power users, and others. And you can, of course, add additional users and additional groups into this list.
From the local users and groups option, we can double-click on any of these to see what the options might be. This is a relatively new Windows build, so there are very few users that are listed. You can see the administrator user, the default account, and the guest are listed, along with my user, professor, on this particular computer. If you’d like to add more users, you can right mouse click and choose New User and fill in the details to add another user to your computer.
One of the challenges we often have with troubleshooting problems is many of those issues occur in the past. And by the time we’re looking at that computer, the problem is long gone. One of the ways to track resource utilization over time would be with the Performance Monitor utility. We can gather a great deal of statistics from a single computer by using the Performance Monitor. And if you want to launch performance monitor by itself, you simply run perfmon.msc.
We’re able to collect metrics over a very long time frame with Performance Monitor, and you can collect hundreds of different resource metrics inside of Windows, including operating system metrics for disk, memory, CPU. And then we can also set alarms and alerts. So if we exceed a particular resource level, we can have a notification sent directly to us. We can also collect this information and store it on this computer over hours, days, or weeks.
This allows us to go back in time and see everything that may have occurred with that particular resource. You can also create reports that allow you to view that information over time so that you can instantly see a graphical view of exactly what’s occurred on this computer. Here’s the default view of Performance Monitor. You can see it’s looking at memory information, network interface details, physical disk information, and processor information.
We can also add additional monitoring tools into this view by starting the Performance Monitor Graph. Here’s the default view of Performance Monitor. You can see that it’s not currently collecting any particular metrics. To add additional metrics into this list, we’ll click the plus sign. And you will see that a large number of categories of counters show up on the left-hand side. This is a huge amount of information. You certainly wouldn’t want to add all of them to your computer at one time.
But in this list, let’s scroll down under the Processor section. And if I highlight this, we can view all of the different metrics that are collected. Let’s choose all of them by default. We’ll click the Add option, and it puts the Processor option on the right side. And we’ll click OK. Now we’re going to start gathering metrics about how the processor of this system happens to be performing. And you can see that all of these different options are being collected and displayed on this graph in real time.
This means that we can begin collecting this data. We can go away. And if the problem on this computer occurs again, we can come back and look at the historical view of these metrics to see if we might be able to break down where the problem might be occurring on this computer. As the administrator of your Windows system, you can have granular control over what features might be available to different users.
The way to manage this process is through the Group Policy Editor. If you’re editing policies for an individual system, then you would be using the Local Group Policy Editor, or gpedit.msc. But if you’re part of a larger organization that has Active Directory infrastructures, then you’re probably going to use Group Policy Management Console that integrates with that centralized Active Directory management. You’ll find that under gpmc.msc.
Here’s the Local Computer Policy on my computer. And from here, you can see there are two main categories of computer configuration and user configuration. If we select User Configuration and look at the administrative templates, we could view options, for example, the desktop. Here are the options that we have available to manage what people can do on the desktop of this computer. For example, if you want to hide and disable all items on the desktop, you can configure that inside of the policy manager so that when someone logs in, they don’t see anything on the desktop of their computer.