Windows Administrative Tools & Utilities

Task Manager (Ctrl+Shift+Esc)

Task Manager is the fastest path to a slow-PC diagnosis. Opening it directly with Ctrl+Shift+Esc skips the security screen you reach via Ctrl+Alt+Del. Its tabs each answer a different question.

Scenario: A machine boots fine but feels sluggish all day. Open Task Manager, sort the Processes tab by CPU or Disk, and identify the runaway process before assuming a hardware fault.

Core MMC Snap-ins

The Microsoft Management Console (MMC) hosts modular snap-ins, each with a memorizable .msc launch command — a guaranteed exam item.

Device Manager icons are a frequent question: a yellow triangle with ! means a driver problem or resource conflict, a down-arrow marks a device the user disabled, and a missing/unknown device shows under "Other devices." Right-click to update, roll back, disable, or uninstall a driver.

Disk Management & MBR vs. GPT

Disk Management (diskmgmt.msc) initializes new disks, creates and formats volumes (NTFS/FAT32/exFAT), and resizes partitions. Extend Volume needs adjacent unallocated space to its right; Shrink Volume frees space without data loss.

Event Viewer Severity Levels

Event Viewer (eventvwr.msc) is where you confirm what failed and when. Logs split into Application, System, Security (logon/audit events), and Setup.

msconfig Clean Boot

System Configuration (msconfig) controls boot and startup for troubleshooting. The clean boot procedure isolates a misbehaving third-party service or startup app:

1. Run msconfig.
2. Services tab: check Hide all Microsoft services, then Disable all.
3. Startup tab: open Task Manager and disable every startup item.
4. Reboot. If the symptom disappears, re-enable items in halves to bisect the culprit.

Registry Editor (regedit)

The Registry is a hierarchical settings database edited with regedit. Memorize the five hives and back up via File > Export before any change — a bad edit can leave Windows unbootable.

Choosing the Right Tool by Symptom

Where the exam earns its difficulty is mapping a symptom to the one best tool, since several utilities overlap. When a machine is slow right now, go to Task Manager for a live snapshot; when you need historical counters or to log usage over hours, escalate to Performance Monitor (perfmon) with a data collector set. When a service or driver causes instability only at startup, the answer is the msconfig clean boot procedure, not Task Manager, because clean boot disables third-party services before the desktop loads.

When the question is "why did the PC reboot unexpectedly last night?", the answer is Event Viewer, where a Critical entry (often Kernel-Power Event ID 41) records the abrupt shutdown.

Disk problems split the same way. Disk Management is the graphical tool for partition layout, drive-letter changes, and converting between MBR and GPT, but it cannot repair file-system corruption — that is chkdsk's job, and bad sectors point at failing media that should be replaced. A blank or missing drive in File Explorer that does appear in Disk Management usually just needs to be initialized, formatted, and assigned a drive letter — three actions all performed inside Disk Management.

Account and policy questions hinge on edition. Local Users and Groups (lusrmgr.msc) and the Group Policy Editor (gpedit.msc) exist only on Pro and above; on Home edition you manage accounts through Settings and substitute Registry edits for policy. A classic distractor offers gpedit.msc as the fix on a Home machine — it is wrong because the snap-in is simply absent there.

Registry caution: Before any regedit change, use File > Export to back up the affected branch (or the whole Registry). A malformed value in HKLM can prevent boot, and unlike a file you can undo, a bad Registry write may require Safe Mode or System Restore to recover. System Restore itself snapshots the Registry and protected system files, which is why creating a restore point before risky changes is a recommended habit on the exam.