Windows System Diagnostics
Comprehensive Windows 11 system diagnostics using PowerShell. This skill helps diagnose crashes, freezes, unexpected reboots, disk problems, memory issues, hardware errors, and performance bottlenecks.
Table of Contents
-
Quick Start - Immediate diagnostic commands
-
Platform Requirements - Windows 11, PowerShell 7+
-
Diagnostic Categories - What this skill covers
-
Quick Health Check - Fast system overview
-
Reference Loading - Progressive disclosure
-
Safety Model - Read-only vs suggested repairs
-
Common Issues - Troubleshooting patterns
Overview
This skill provides read-only diagnostic capabilities to gather system health information. It does NOT execute repair commands - those are provided as suggestions for the user to run manually.
Capabilities:
-
Event log analysis (crashes, errors, warnings)
-
Disk health monitoring (SMART data, filesystem errors)
-
Memory diagnostics (usage, leaks, hardware issues)
-
Hardware error detection (device failures, drivers, WHEA)
-
Performance analysis (CPU, memory, disk bottlenecks)
-
System stability metrics (uptime, restart reasons)
When to Use This Skill
Use this skill when:
-
Computer is crashing, freezing, or rebooting unexpectedly
-
Blue Screen of Death (BSOD) errors occur
-
Disk health concerns (slow performance, errors)
-
Memory issues suspected (high usage, crashes under load)
-
Hardware errors or driver problems
-
Need to analyze Windows Event Viewer logs
-
System performance degradation
-
Investigating application crashes
Platform Requirements
Required:
-
Windows 11 (this skill is optimized for Windows 11 Pro)
-
PowerShell 7+ (pwsh ) for best compatibility
Verify PowerShell version:
$PSVersionTable.PSVersion
Note: Most commands also work with Windows PowerShell 5.1, but PowerShell 7+ is recommended for consistent behavior.
Quick Start
Immediate System Health Check
Run these commands to get a quick overview of system health:
System info and uptime
Get-Uptime Get-ComputerInfo | Select-Object OsName, OsVersion, OsBuildNumber, CsProcessors, CsTotalPhysicalMemory
Recent critical/error events (last 7 days)
Get-WinEvent -FilterHashtable @{LogName='System';Level=1,2;StartTime=(Get-Date).AddDays(-7)} -MaxEvents 20 | Select-Object TimeCreated, Id, ProviderName, Message | Format-Table -Wrap
Disk health
Get-PhysicalDisk | Select-Object FriendlyName, MediaType, Size, HealthStatus, OperationalStatus
Top memory consumers
Get-Process | Sort-Object WorkingSet64 -Descending | Select-Object -First 10 ProcessName, Id, @{N='MB';E={[math]::Round($_.WorkingSet64/1MB,0)}}
Device errors
Get-PnpDevice -PresentOnly | Where-Object { $_.Status -in 'Error','Degraded','Unknown' } | Select-Object Class, FriendlyName, Status
Diagnostic Categories
Category Description Reference
Event Logs Windows Event Viewer analysis event-logs.md
Disk Health SMART data, filesystem, storage disk-health.md
Memory RAM usage, leaks, hardware memory-diagnostics.md
Stability Uptime, restarts, BSOD system-stability.md
Hardware Device errors, WHEA, drivers hardware-errors.md
Performance CPU, memory, disk bottlenecks performance-analysis.md
Crashes Minidumps, WER, BSOD analysis crash-analysis.md
Elevation Admin requirements, graceful degradation admin-elevation.md
Quick Health Check
System Information
Basic system info
Get-ComputerInfo | Select-Object OsName, OsVersion, OsBuildNumber,
CsName, CsDomain, CsProcessors, CsNumberOfLogicalProcessors,
@{N='RAM_GB';E={[math]::Round($_.CsTotalPhysicalMemory/1GB,1)}}
System uptime
Get-Uptime Get-Uptime -Since # Last boot time
Recent System Errors
Critical and Error events from System log (last 7 days)
Get-WinEvent -FilterHashtable @{ LogName = 'System' Level = 1,2 # 1=Critical, 2=Error StartTime = (Get-Date).AddDays(-7) } -MaxEvents 50 | Select-Object TimeCreated, Id, ProviderName, LevelDisplayName, Message
Disk Quick Check
Physical disk health
Get-PhysicalDisk | Select-Object FriendlyName, MediaType, Size, HealthStatus, OperationalStatus
SMART-like reliability data
Get-PhysicalDisk | ForEach-Object { $disk = $_ $counters = $_ | Get-StorageReliabilityCounter [PSCustomObject]@{ Disk = $disk.FriendlyName Health = $disk.HealthStatus Temperature = $counters.Temperature ReadErrors = $counters.ReadErrorsTotal WriteErrors = $counters.WriteErrorsTotal PowerOnHours = $counters.PowerOnHours } }
Memory Quick Check
System memory overview
Get-CimInstance Win32_OperatingSystem | Select-Object ` @{N='Total_GB';E={[math]::Round($.TotalVisibleMemorySize/1MB,2)}}, @{N='Free_GB';E={[math]::Round($.FreePhysicalMemory/1MB,2)}}, @{N='Used_Pct';E={[math]::Round((1 - $.FreePhysicalMemory/$.TotalVisibleMemorySize)*100,1)}}
Top 10 memory-consuming processes
Get-Process | Sort-Object WorkingSet64 -Descending | Select-Object -First 10 ProcessName, Id, @{N='WS_MB';E={[math]::Round($.WorkingSet64/1MB,0)}}, @{N='PM_MB';E={[math]::Round($.PrivateMemorySize64/1MB,0)}}
Hardware Quick Check
Devices with errors
Get-PnpDevice -PresentOnly | Where-Object { $_.Status -in 'Error','Degraded','Unknown' } | Select-Object Class, FriendlyName, InstanceId, Status
WHEA hardware errors (last 30 days)
Get-WinEvent -FilterHashtable @{ LogName = 'System' ProviderName = 'Microsoft-Windows-WHEA-Logger' StartTime = (Get-Date).AddDays(-30) } -MaxEvents 20 -ErrorAction SilentlyContinue | Select-Object TimeCreated, Id, Message
Reference Loading Guide
References are loaded on-demand based on the diagnostic category being investigated. This progressive disclosure keeps token usage efficient.
Always Load (Core)
The main SKILL.md provides quick commands for initial triage (~4k tokens).
Conditional Load
Load specific references based on what you're investigating:
Trigger Reference to Load
Event logs, errors, warnings event-logs.md
Disk, storage, SMART, chkdsk disk-health.md
Memory, RAM, paging, leaks memory-diagnostics.md
Uptime, restarts, reliability system-stability.md
Hardware, drivers, WHEA, devices hardware-errors.md
CPU, performance, bottlenecks performance-analysis.md
BSOD, minidump, crashes, WER crash-analysis.md
Admin, elevation, permissions admin-elevation.md
Token Estimates
-
Quick health check: ~4k tokens (SKILL.md only)
-
Single category deep dive: ~7k tokens (SKILL.md + 1 reference)
-
Full diagnostic: ~25k tokens (SKILL.md + all references)
Safety Model
This skill follows a read-only diagnostics model. All commands executed by the skill only gather information - they do not modify the system.
Read-Only (Skill Can Execute)
These commands are safe to run:
Category Commands
Event Logs Get-WinEvent
Disk Health Get-PhysicalDisk , Get-StorageReliabilityCounter , Get-Volume
Memory Get-Process , Get-CimInstance Win32_OperatingSystem
Devices Get-PnpDevice
Performance Get-Counter
System Info Get-Uptime , Get-ComputerInfo
Suggested Only (User Runs Manually)
These repair/diagnostic commands modify the system or require reboot. The skill will provide instructions but NOT execute them:
Command Purpose Notes
chkdsk /f /r
Disk repair Requires reboot for system drive
sfc /scannow
System file repair Requires admin
DISM /Online /Cleanup-Image /RestoreHealth
System image repair Requires admin, internet
mdsched.exe
Memory diagnostic Requires reboot
Repair-Volume -SpotFix
Quick disk repair Requires admin
Driver reinstall Fix driver issues Manual process
Elevation Notes
Some read-only operations require administrator privileges:
-
Get-WinEvent -LogName Security (Security log)
-
Repair-Volume -Scan (even read-only scan)
-
Some WMI queries
The skill will note when elevation is needed and provide graceful degradation for non-admin scenarios.
Common Diagnostic Scenarios
Scenario: Computer Keeps Crashing/Rebooting
-
Check uptime and recent restart events
-
Look for Kernel-Power Event ID 41 (unexpected shutdown)
-
Check for BSOD minidumps
-
Review hardware errors (WHEA)
-
Check disk and memory health
Key commands:
Recent restart events
Get-WinEvent -FilterHashtable @{LogName='System';Id=41,1074,6008} -MaxEvents 20
BSOD events
Get-WinEvent -FilterHashtable @{LogName='System';ProviderName='Microsoft-Windows-WER-SystemErrorReporting'} -MaxEvents 10
Check for minidumps
Get-ChildItem C:\Windows\Minidump -ErrorAction SilentlyContinue
Scenario: Slow Performance
-
Check CPU/memory/disk utilization
-
Identify resource-hungry processes
-
Check for disk health issues
-
Look for hardware throttling
Key commands:
Current resource usage
Get-Counter -Counter '\Processor(_Total)% Processor Time','\Memory% Committed Bytes In Use','\PhysicalDisk(_Total)% Disk Time'
Top CPU consumers
Get-Process | Sort-Object CPU -Descending | Select-Object -First 10 ProcessName, CPU, @{N='MB';E={[math]::Round($_.WorkingSet64/1MB)}}
Scenario: Disk Errors Suspected
-
Check physical disk health status
-
Review SMART reliability counters
-
Look for disk-related events
-
Check filesystem dirty bit
Key commands:
Disk health
Get-PhysicalDisk | Select-Object FriendlyName, HealthStatus, OperationalStatus
Reliability counters
Get-PhysicalDisk | Get-StorageReliabilityCounter | Select-Object DeviceId, Temperature, ReadErrorsTotal, WriteErrorsTotal
Recent disk events
Get-WinEvent -FilterHashtable @{LogName='System';ProviderName='disk','ntfs'} -MaxEvents 20
Scenario: Memory Issues
-
Check current memory usage
-
Identify memory-hungry processes
-
Look for memory-related events
-
Check for previous memory diagnostic results
Key commands:
Memory usage
Get-CimInstance Win32_OperatingSystem | Select-Object @{N='Used%';E={[math]::Round((1-$.FreePhysicalMemory/$.TotalVisibleMemorySize)*100,1)}}
Top memory processes
Get-Process | Sort-Object WorkingSet64 -Descending | Select-Object -First 10 ProcessName, @{N='MB';E={[math]::Round($_.WorkingSet64/1MB)}}
Memory diagnostic results
Get-WinEvent -FilterHashtable @{LogName='System';ProviderName='Microsoft-Windows-MemoryDiagnostics-Results'} -ErrorAction SilentlyContinue
Anti-Patterns
Do NOT:
-
Execute repair commands (chkdsk /f, sfc /scannow, etc.) - only suggest them
-
Run commands that require reboot (mdsched.exe) without explicit user consent
-
Assume admin privileges are available
-
Ignore elevation errors - report them and suggest running as admin
-
Make hardware recommendations without diagnostic evidence
Do:
-
Start with quick health checks before deep dives
-
Load references progressively based on investigation needs
-
Report findings with severity (Critical, Warning, Info)
-
Provide actionable next steps for the user
-
Explain what each suggested repair command does
Version History
- v1.0.0 (2025-12-03): Initial release with Windows 11 diagnostics
Last Updated
Date: 2025-12-03 Model: claude-opus-4-5-20251101