Learn about Windows PowerShell
Summary: Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell to troubleshoot defrag issues in Windows 8.1.
Microsoft Scripting Guy, Ed Wilson, is here. This week, I begin a week-long series about looking at the Windows event and diagnostic logs via Windows PowerShell. I have previously written about this, and you may want to look at some of the previous posts.
With the operating system becoming more complicated, and with more demands placed on it, it is inevitable that things will go wrong. However, Windows (especially Windows 8.1) is very robust. This means that a computer may appear to run well, yet there might be tons of things going on in the event log.
In the old days, back when it was typical for a network administrator to be in charge of less than 20 servers, it was a best practice to review the event logs (there were only three: Security, Application, and System) on a daily basis. Now, I have more than 20 virtual machines ON MY LAPTOP, and the number of event logs and diagnostic logs has exploded. It could take a person all week to properly review the logs for a single day. And in the end, it would be like painting the Golden Gate Bridge (that is, it needs painting before it is completely painted).
The neat thing is that Windows PowerShell makes it very easy to review event logs.
I opened the Event Viewer tool (I typed eventvwr inside the Windows PowerShell console), and I filtered the Application log to show only errors. I had a quick glance, and I saw something I was not expecting...a couple of Defrag errors. Hmm…
These errors are shown in the following image:
Well, I certainly was not expecting to see that. I was actually going to look at the application hangs. But I also noticed several other “problems.” Looks like I am going to be busy fixing my laptop this week.
So what is going on with the defrag?
The error says the volume recovery was not optimized because an error was encountered, and it gives a nice hex number. Unfortunately, this particular number only means that a parameter is incorrect, and a quick search reveals that it happens to be thrown by lots of applications.
My first concern is that am I getting any defragging. I mean, my drive C: is SSD, but the modern defrag utility is supposed to detect this and perform a trim operation to optimize the drive. But what about my other drives? Clearly I need to investigate this.
I decide to use the Get-EventLog cmdlet to search the application log for messages from microsoft-windows-defrag. I sort by the TimeGenerated, and then I produce a list with only the TimeGenerated property and the Message properties. I know that the Get-WinEvent cmdlet is more powerful than the older Get-EventLog cmdlet, but for working with the application log, I did not think I needed to use Get-WinEvent. Here is the command (it is a single-line command that I broke at the pipe character to make it easier to read):
Get-EventLog -LogName Application -Source "microsoft-windows-defrag" |
Sort-object timegenerated -desc | Format-List timegenerated, message
When I run the command, the output in the following image appears:
I see that at least some of the drives are being defraged. Drive E: and drive D: are both defragmented. In drive C:, my SSD is optimized via the retrim operation. So all is groovy, right?
Well, no. The volume recovery is generating an error. Also, drive D: is a portable drive, and I really do not want to worry about having it defragmented. So clearly, I need to look at some stuff.
I could probably do what I need to do by using Windows PowerShell and maybe WMI or something else. But dude, it is my laptop, and as I indicated earlier, there are a lot of issues I need to look at. So I cheat and open the Defrag utility. But I don’t cheat too badly because, at least I open it via Windows PowerShell and not the GUI.
To be honest, I am not even sure what the utility is called, where I might find the icon to launch the utility, or any of that. But I do know the executable name is dfrgui (as in defrag user interface). So I type that into my Windows PowerShell console, and about a minute later, the user interface appears. I learn that the program is actually called Optimize Drives now, because that is what appears in the title bar. Here is what I see when it finally opens:
I see that the three drives (C, D (or FourTB_BU_Drive), and E) are all optimized. I also see that the utility correctly identifies my drive C: as an SSD. In addition, I now see what my problem is. There are two things I am concerned about:
I do not want to defrag my four gigabyte portable backup drive because it will take forever. And I do not want to defrag my recovery drive. It is a special partition on my SSD. So I need to look at the settings. Obviously, I click the Change settings box. Next I click the Choose button. The dialog box is shown here:
So all I need to do is clear the check boxes for the back-up drive (FourTB_BU_Drive) and the Recovery partition. I also see that I can tell it to not automatically optimize new drives. So by clearing this box, I can keep it from trying to optimize other portable USB drives that I plug in from time-to-time.
Sweet. So Windows PowerShell pointed me to a problem that I did not even know I had. Nice.
That is all there is to using Windows PowerShell to troubleshoot defrag issues in Windows 8.1. Windows Event Log Week will continue tomorrow when I will talk about more cool things.
I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at email@example.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Ed Wilson, Microsoft Scripting Guy
With Get-WinEvent it is easy:
Get-WinEvent -ProviderName microsoft-windows-defrag
This is useful if you want to refine your search more than possible in Get-EventLog.