Windows system health, monitoring, hacks

· Windows · #note/sink · #sys/health · #sys/winregistry · #code/batch · #code/powershell ·

TOC

• Updates
  • Software update
• File System
  • Check system health
  • Remove protected folders
• Services
  • Remove service
• Drivers
  • Remove drivers
  • Disable automatic driver updates
  • Disable specific driver updates
  • AMD chipset drivers
• Power
  • Power plan
  • Power trace
  • Standby modes support
  • Power requests
• Windows Apps
  • Re-register
  • Remove
• Memory
  • Bad memory
• Policies
  • Enable Gpedit.exe in Windows 10/11 Home edition
• Interface
  • Video thumbnails
  • Disable Widget preload
  • Expanded context menu in Win 11
    • Add
    • Remove
• System Info
  • PowerShell
    • List drives
    • PDO drive
  • WMIC
    • To get a brief overview of an alias
    • Full alias overview can be displayed:
    • Get Information About Operating System
    • Get Information About BIOS
    • Get Serial Numbers of Hard Drives
  • Winsat

Updates

Software update

REM check for all updates
winget upgrade

REM update everything
winget upgrade --

REM update particular app, use 'winget upgrade' to get the ID
winget upgrade <ID>

File System

Check system health

DISM.exe /Online /Cleanup-image /Scanhealth

DISM.exe /Online /Cleanup-image /Restorehealth

DISM.exe /online /cleanup-image /startcomponentcleanup

sfc /scannow

Chkdsk C: /f /r

Remove protected folders

takeown /F "Z:\Program Files" /A /R /D Y
icacls "Z:\Program Files" /T /grant administrators:F
rd /s /q "Z:\Program Files"

Services

Info

Get-Service

Remove service

sc delete servicename

Drivers

Remove drivers

pnputil /enum-drivers
pnputil /delete-driver oemXXX.inf

Disable automatic driver updates

Using gpedit.msc as admin

1. Browse the following path:Computer Configuration > Administrative Templates > Windows Components > Windows Update
2. On the right side, double-click the Do not include drivers with Windows Update policy. Set to Enable. Apply

Disable specific driver updates

Source

1. In the hardware properties window, navigate to the “Details” tab and then select “Hardware IDs” from the drop-down menu under “Property.” Select all the listed IDs, right-click and then select the option “Copy.”
   
2. Opening the Group Policy Editor and navigate to “Computer Configuration -> Administrative Templates -> System -> Device Installation -> Device Installation Restrictions.”
3. Once you are here, find the “Prevent installation of devices that match any of these devices IDs” policy, and double-click on it to change its properties.
4. In the policy properties window, select the “Enabled” radio button, and then click on the “Show” button appearing under the Options category.
   

AMD chipset drivers

Amd drivers download
this seems to be more actual than one on the motherboard download page

PSP - Device (SecurityDevices) driver
SMBus - System management bus - installed by default
PCI - installed by default
GPIO - installed by default

Power

Power plan

Get list of plans

powercfg /list 

Switch plan (current Ryzen Balanced)

powercfg /setactive 9897998c-92de-4669-853f-b7cd3ecb2790

Switch plan (current system Power Saver)

powercfg /setactive a1841308-3541-4fab-bc81-f71556f20b4a

Power trace

You can get a power trace by opening an admin CMD and doing:

powercfg /energy /trace /d c:\temp /duration 120

Replacing C:\temp with a folder of choice (must exist already) and 120 with the duration you want to trace in seconds. Keep track of the time(s) that the monitor comes on.

This will create an .etl file you can open in Windows Performance Analyzer. Look at Device Dstate around the times the monitor turned on and see if there are any D-state transitions from your display.

This will at least tell you if Windows is responsible for the screen turning on or if it's something from the hardware.

Performance Analyzer app is in MS Store.

Standby modes support

powercfg -a

Power requests

powercfg -requests

powercfg -SYSTEMSLEEPDIAGNOSTICS

Builds nice graphs with reports of power requests during system idle

Windows Apps

Re-register

Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

and maximum version

Get-appxpackage -packageType bundle |% {add-appxpackage -register -disabledevelopmentmode ($_.installlocation + "\appxmetadata\appxbundlemanifest.xml")}

$bundlefamilies = (get-appxpackage -packagetype Bundle).packagefamilyname

get-appxpackage -packagetype main |? {-not ($bundlefamilies -contains $_.packagefamilyname)} |% {add-appxpackage -register -disabledevelopmentmode ($_.installlocation + "\appxmanifest.xml")}

Remove

Remove Web Media Extensions

Get-AppxPackage Microsoft.WebmediaExtensions | Remove-AppxPackage

Memory

Bad memory

Enable memory blacklisting

bcdedit /set {badmemory} badmemoryaccess no

Event 1001 : Windows removed bad memory regions from this PC.
Bad memory found, to see what memory has been marked by the OS as bad:

bcdedit /enum {badmemory}

Alternatively, you may use the RAMMap tool from Microsoft

To clear the list of page numbers that have been blacklisted

bcdedit /deletevalue {badmemory} badmemorylist

Policies

Enable Gpedit.exe in Windows 10/11 Home edition

Using CMD as Admin

FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~*.mum") DO ( DISM /Online /NoRestart /Add-Package:"%F" )

FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~*.mum") DO ( DISM /Online /NoRestart /Add-Package:"%F" )

Interface

Video thumbnails

Disabling the reel borders on the video/image files

HKEY_CLASSES_ROOT\SystemFileAssociations\image
and
HKEY_CLASSES_ROOT\SystemFileAssociations\video
Treatment item:
0 = No border
1 or 2 = Shadow border (default)
3 = Video reel border

Disable Widget preload

to get rid of EdgeWebView process, that east too much VRAM

First disable Widgets and Teams from starting up
Then go to registry Computer\HKEY_USERS\S-1-5-21-3078088237-2142244905-4044066433-1002\Software\Microsoft\Windows\CurrentVersion\Dsh and set IsPrelaunchEnabled to 0

Expanded context menu in Win 11

Source

Add

reg.exe add -HKEY_CURRENT_USER\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 /f /ve

Remove

???

reg.exe delete -HKEY_CURRENT_USER\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}

System Info

PowerShell

List drives

Get-PhysicalDisk | Select -Prop DeviceId,FriendlyName,SerialNumber

PDO drive

Get drive info by PDO identifier like PDO name: \Device\00000086

Get-CimInstance -ClassName Win32_PnPSignedDriver | ? { $_.PDO -match '00000089' } | select *

WMIC

Get windows system info using WMI

To get a brief overview of an alias

wmic <alias> list brief

Full alias overview can be displayed:

wmic <alias> list full

Get Information About Operating System

wmic OS get Caption,CSDVersion,OSArchitecture,Version

Get Information About BIOS

wmic BIOS get Manufacturer,Name,SMBIOSBIOSVersion,Version

Get Serial Numbers of Hard Drives

wmic path win32_physicalmedia get SerialNumber

Winsat

winsat assesses various features, capabilities, and attributes of a computer

winsat formal

Formal - Runs a set of pre-defined assessments and saves the data in an XML file in %systemroot%/\performance/\winsat/\datastore