Join Martin Guidry for an in-depth discussion in this video Using log files to troubleshoot Windows 10, part of Windows 10: Administration.
- In this section, we're going to talk about troubleshooting Windows 10 by looking at some different logs. So off the start menu I'll just go ahead and type in event. I'll click on that and pull up event viewer. This hasn't changed too much in Windows 10, it's still very similar to the way it worked in previous versions of Windows. In the left hand side I'm going to open up Windows Logs. The three most common logs we look at are application, which would have events from any of the desktop applications we run.
The security log which will have information about logging in and logging out. It's particularly interesting when we see failed login attempts that could be a security concern. And then the third log that we looked at often is the system log. With all of these logs we have the option on the right hand side in the action menu to filter the current log. And I very commonly filter it to just critical and error events.
And maybe warnings maybe not, but in general I'm not real interested in the information or the verbose events. So once I've done that I'll click okay, and I'll see a filtered version of the log that has some warnings and some errors and those are the things I want to check out first. I'm a big proponent of reviewing logs as the first step in a troubleshooting procedure. Now granted, looking at the log is never going to fix anything, but it will almost always give us more information about what's going on and it will almost never make things worse.
One of the worst things we can do in a troubleshooting situation is to jump into some steps where we're trying to resolve a problem but we have misdiagnosed the problem and therefore we end up making it worse. So by looking at the logs, reviewing the logs, and thoroughly understanding the information in the logs we can hopefully avoid misdiagnosing a problem. In the filter current log interface, we also have the option to filter by keyword.
However you can't just type in any keyword. You have to use the check boxes to select some predetermined keywords. I've always felt this feature was a bit limiting, I would really prefer if I could type in any keyword that I wanted but you just simply can't. So I'll hit cancel there. We do have a similar feature in that we have find and we can find a particular word. And it will cycle through the records one at a time, for records that have the word we just typed in.
And I can keep hitting find next to advance to the next record. I'm going to clear the filter now and go back to the original. Notice some of the things in my system log are around Windows update. Windows 10 does do a more detailed logging of Windows update than previous versions. We can't get to that through this interface, we have to complete some other steps to see the Windows update log.
So I'm going to close event viewer and open up a PowerShell window. So off the start menu, I'll type in power and I'll open up Windows PowerShell. The command I'm going to issue is get-windowsupdatelog. And that's all one word. I'll enter that command and we'll see that the machine is processing some detailed logs it stores in an ETL format.
ETL is a format that allows the logging to happen with lower overhead. But an ETL log is not human readable. And by running the command get windows update log, we turn it into something human readable. You'll notice the last line of the output says windowsupdate.log written to the desktop. So I'll minimize this window and I'll see that I have a new text file on my desktop called windowsupdate.log.
I can click on that, it will open in Notepad by default and it will give me very detailed information about Windows updates that have run both success and failure. So one of the things I typically do with this is immediately search for the keyword failed or the keyword error, which will get me to the interesting points. So if I hit control F that brings up the find dialogue.
I'll type in error and it will take me to the first error code I get. I can then take that error code and do some further researching either on the Microsoft website or on some general search engine. So again this is a new log in Windows 10, a much more detailed account of Windows update. We don't view it through event viewer, instead we issue a PowerShell command and then we're given a text file.
Martin first reviews the various editions of both the desktop and mobile versions of Windows 10. This section covers the special features included with the Enterprise edition, and the hardware requirements for some of the new Windows 10 features. Martin also explains installing and updating drivers and configuring and optimizing the OS, including system properties and power options. Then it's a deep dive into Group Policy, including working with local groups, configuring preferences, and troubleshooting Group Policy. Martin also looks at Windows security—authentication and encryption—as well as the boot process, and concludes the course with a brief look at virtualization, networking, and backup and recovery.
- Understanding the different versions of Windows 10
- Installing and updating drivers
- Administering multitasking
- Working with Windows Group Policy
- Adding domain users and accounts to a Windows 10 PC
- Administering BitLocker and EFS
- Understanding the boot process
- Installing Client Hyper-V for Windows virtualization
- Managing Windows Firewall
- Backing up and restoring Windows 10
- Troubleshooting Windows 10