Microsoft has made Windows Vista as reliable as possible - but things still sometimes go wrong: a program hangs, you start getting bizarre error messages about some strangely named component not having done something it should, or Windows starts to slow down, behave oddly, or become unstable. This article discusses how to use the tools that Windows provides for dealing with such problems. It also discusses some steps you may want to take to optimize Windows in the hope of keeping it running smoothly and as swiftly as your hardware permits. And it shows you how to set up a dual-boot arrangement so that you can use both Windows and another operating system on your computer.

Dealing with Program Hangs

When a program hangs, the problem is usually obvious. The program stops responding to direct stimuli keystrokes and mouse commands issued in its window and indirect stimuli for example, commands issued via the Taskbar or via another program. If you move another program window in front of the hung program’s window and then move it away, the hung program’s window fails to redraw correctly, leaving either parts of the window that you’ve moved or a blank, undrawn area on the screen.

Ending a Program

Sometimes Windows notices when a program has hung and displays the End Program dialog box automatically so that you can choose whether to end the program. Other times, you’ll need to use Task Manager to tell Windows to end the program. To do so, take the following steps:

1. If you have Task Manager running already, switch to it. If not, press Ctrl+Alt+Delete, and then click the Start Task Manager button. Windows displays Task Manager with the Applications page foremost.

A Dialog Box Gets Stuck behind Other Windows

If the End Program dialog box claims that “The system cannot end this program because it is waiting for a response from you,” as in the next illustration, click the Cancel button, and see if the program has come back to life. Press Alt+Tab to attempt to access any application-modal dialog box that may be stuck behind the program that doesn’t seem to be responding.

2.Select the task you want to end.

3. Click the End Task button. If Windows can end the task easily, it does so. Otherwise, Windows displays the End Program dialog box.

4. Click the End Now button. Windows ends the program. You lose any unsaved data in the program.

5. After shutting down the program and recovering the memory it was using, Windows may display a message box such as that shown next, inviting you to tell Microsoft about the problem. If you pass on this information to Microsoft, you can be sure that they’re aware of the problem you’ve experienced; if enough people report the same problem, chances are that Microsoft will respond sometime in the future with a fix that Windows Update can download for you. But understand that this error reporting isn’t a personal service - Microsoft won’t be contacting you directly with apologies for the problem you’ve suffered and a quick fix for it.

6. To view the details of the problem, click the View Details button. Windows enlarges the dialog box, as shown here.

7. Click the Send Information button or the Cancel button as appropriate. You can turn off or adjust this error reporting if you want. See the section “Using Problem Reports and Solutions,” later in this article.

Preventing Task Manager from Staying on Top of Other Windows

By default, Task Manager appears with its Always on Top attribute on, so that it always appears as the topmost window on the Desktop, no matter which program window is active. Always having Task Manager on top makes it easy to keep track of Task Manager, but it means that Task Manager often blocks dialog boxes or error messages in the programs you’re using, particularly at low screen resolutions such as 800  600.

If you find Task Manager useful and often keep it open to see what’s happening with your programs, choose Options Always on Top to remove the check mark from the Always on Top menu item and make the Task Manager window behave like a normal program window. To turn Always on Top back on, repeat the command.

Ending a Process or a Process Tree

Instead of ending a program, you can end a process. A process is the executing environment in which program components called threads operate. Many programs run as a single process much of the time, but others involve multiple processes. Ending a process may make your computer unstable, so it’s a last resort rather than a routine action.

Finding Out which Process to End

Process names can be hard to interpret - and you don’t want to end the wrong process. Use any of these ways to find out which process represents a program:

Task Manager Right-click a program on the Applications page in Task Manager and then choose Go to Process from the context menu. Windows selects the corresponding process on the Processes page. This command is useful when your computer is running properly, but you can’t use it if the program you want has disappeared from the Applications page without closing its process.

Open the Properties dialog box for the process Right-click the process on the Process page, and then choose Properties from the context menu. Windows displays the Properties dialog box for the process, as shown here. Look at the Description line to find out what the file is. If the description is unhelpful, look at the Location line, which tells you the folder that contains the file.

Search on the Web Search for the process by name on the Web using a search engine such as Google http://www.google.com. For many searches, the first or second hit is often to the LIUtilities website http://www.liutilities.com , which provides details on processes and software for managing Windows. To end a process, select it on the Processes page and then click the End Process button. Windows displays the Task Manager dialog box shown here, warning you that ending the process may make your system unstable or lose your data. If you’re prepared to risk such consequences, click the End Process button. Windows terminates the process. To end all the processes associated with a process, right-click the process, and then choose End Process Tree from the context menu. Windows displays the Task Manager Warning dialog box shown next with a variation of its message about the possible undesirable results of stopping processes. Click the End Process Tree button if you want to continue. Windows stops the processes.

Using Event Viewer to Identify Problems

If your computer seems to be behaving strangely, you can use Event Viewer to try to pinpoint the source of the problem. To open Event Viewer, take the following steps:

1. Choose Start Control Panel. Windows displays Control Panel.

2. Click the System and Maintenance link. Windows displays the System and Maintenance window.

3. Click the Performance Information and Tools link. Windows displays the Performance Information and Tools window. You’ll use the tools in this window later in this article.

4. In the left panel, click the Advanced Tools link. Windows displays the Advanced Tools window.

5. Click the View Performance Details in Event Log link, and then authenticate yourself to User Account Control.

6. Click the Administrative Tools link. Windows displays the Administrative Tools screen.

7. Double-click the Event Viewer shortcut. Windows starts Event Viewer . Event Viewer contains a mass of information, much of which is complex - so if you find it confusing, you’re not alone.

Understanding the Event Viewer Window

The Event Viewer window consists of four main areas:

Console Tree The pane on the left of the Event Viewer window is the console tree. At the top of the tree is Event Viewer Local, indicating that you’re using Event Viewer to look at events on the local computer rather than events on a remote computer. The tree contains major categories such as Custom Views, Windows Logs, Applications and Services Logs, and Subscriptions. You can click the triangle to the left of an item to expand or collapse its contents.

Events List In the upper-middle part of the window, the Events list shows recent events that fall into the view you’re currently using. For example, Windows opens Event Viewer showing the Operational log in the Diagnostics-Performance category of Windows logs.

Preview Pane Below the Events list, in the lower-middle part of the window, the Preview pane shows the information about the event selected in the Events list. You can toggle the Preview pane on and off by choosing View Preview Pane. Usually, having the Preview pane displayed is useful.

Actions Pane The pane on the right contains actions you can take on the current log and on the current event if the Preview pane is displayed.

Understanding Logs

Event Viewer contains two types of event logs:

Windows Logs The Windows logs are the Application log, the Security log, the Setup log, the System log, and the Forwarded Events log. When you’re getting started with Event Viewer, you’ll probably want to start with these logs.

Application and Services Logs The Application and Services logs include logs for DFS Replication, Hardware Events, Internet Explorer, Key Management Service, Media Center, Microsoft Office Diagnostics, and Microsoft Office Sessions. The Console tree also contains a Microsoft folder that contains logs for individual Windows components.

The System Log

The System Log contains information about Windows processes. The System Log uses the following three types of events:

Error events A notification that an error has occurred. Errors can be anything from mildly serious for example, “The device U.S. Robotics 56K FAX EXT disappeared from the system without first being prepared for removal” to truly serious for example, “Machine Check Event reported is a fatal TLB error”.

Warning events A notification that something has gone wrong, but not disastrously so. For example, you might see a warning that “The browser was unable to retrieve a list of servers from the browser master on the network.” This isn’t bad - it just means that the browser a service that finds out which resources are available on the network has to find another browser master a computer that’s coordinating information on available resources.

Information events Events worth noting in the System Log but that are not considered errors and do not merit warnings. For example, when you start Windows, it starts the event log service and logs this as an Information event. Other examples include Windows’ starting to use a network adapter that it has detected is connected to the network, or that the browser has forced an election on the network because a master browser was stopped. Windows stores the System Log in the System.evtx file in the %SystemRoot%\System32\ Winevt\Logs folder.

The Application Log

The Application Log contains information about programs running on the computer. Like the System Log, the Application Log supports three types of events: Error events, Warning events, and Information events. Program developers specify the events that their programs raise and which event type each event has. Windows stores the Application Log in the Appevent.evtx file in the %SystemRoot%\ System32\Winevt\Logsfolder.

The Security Log

The Security Log contains information on security-related events. In Windows Vista Home, these events are limited to Account Logon actions, Logon/Logoff actions, Policy Change actions initiated by the System object, and System Events such as the loading of authentication packages. Windows Home audits these events automatically. In the Business and Ultimate versions of Windows Vista, you can enable auditing on files and folders, which lets you track which users take which actions on those files and in those folders. Windows stores the Security Log in the Security.evtx file in the %SystemRoot%\System32\ Winevt\Logsfolder.

The Setup Log

The Setup Log contains information about applications you’ve installed. You may find that this log is empty. Windows stores the Setup Log in the Setup.evtx file in the %SystemRoot%\System32\Winevt\ Logsfolder.

The ForwardedEvents Log

The ForwardedEvents Log contains information about events that Windows has collected from other computers you’re monitoring using this computer. Normally, you won’t need to use this capability on a home or home-office network, as you should be able to run Event Viewer on each of your computers easily enough. This capability is mostly used by network administrators who need to be able to monitor computers remotely. To monitor a computer remotely and receive forwarded events, you create a subscription to the computer. The subscription appears in the Subscriptions category in the console tree. Unless you create a subscription, the ForwardedEvents Log will be empty. Windows stores the ForwardedEvents Log in the ForwardedEvents.evtx file in the %SystemRoot%\System32\ Winevt\Logsfolder.

The Applications and Services Logs

The Applications and Services Logs contain events related to a single Windows component or a single application rather than systemwide events. These logs enable you to examine closely what a particular component or application has been doing. The Applications and Services Logs come in four different types:

Admin Logs Admin Logs contain events that indicate a problem. Windows assigns each event a code that you can look up for instructions on how to fix the problem.

Operational Logs Operational Logs contain events that indicate an occurrence rather than a problem. For example, when you download a file successfully, the Background Intelligent Transfer Service BITS records four events: BITS creates a new job, starts to transfer the file, stops transferring the file, and closes the job as being complete.

Analytic Logs Analytic Logs contain events that describe how programs and components are operating. Windows generates large numbers of these events.

Debug Logs Debug Logs contain events related to debugging troubleshooting programs and are of interest to programmers rather than end users. Admin Logs and Operational Logs are the ones you’ll normally work with. Because most people won’t need to use the Analytic Logs and Debug Logs, Event Viewer hides these logs. To display these logs, choose View Show Analytic and Debug Logs. Issue the command again to hide the logs once more.

Understanding Views

Windows collects data on so many events that it can be hard to find the events you need to examine. For example, say your computer is behaving erratically. Should you look in the Application Log in case there’s a problem with a program, in the Security Log in case the problem is a security issue, or in the System Log because it might be a system problem? To help you find events, Event Viewer lets you view events from different event logs at the same time. You can also filter events to create custom views, which you can then save for reuse in the future.

Viewing an Event Log

To view one of the Windows event logs, select it in the console tree. Event Viewer displays the events in the log in the Events list. To view the details of an event, click it so that you can see its contents or some of them in the Preview pane. To see the details more easily, open the Event Properties dialog box by taking one of these actions:

• Double-click the event.

• Right-click the event and choose Event Properties from the context menu.

• Click the event, and then click Event Properties in the Actions pane.

The General page in the Event Properties dialog box shows the date, time, type, user if applicable, computer, source, category, and ID number of the event. The Details page lets you view an XML representation of the event which is useful if you need to copy the event’s details into a database using Extensible Markup Language, as administrators may do or a “Friendly View” that provides the same information in an easy-to-read table. Click the Copy button to copy the details of the event to the Clipboard. To view other events, you can leave the Event Properties dialog box open and click the Previous Event button the up-arrow button and the Next Event button the down-arrow button to display the details for the previous event or next event.

Managing the Event Logs

Event logs grow in size, particularly when many events occur that need logging. Windows offers features to keep the size of your event logs under control. To manage the event logs, take the following steps:

1. Right-click the event log you want to manage and choose Properties from the context menu. Windows displays the Properties dialog box for the log.

2. In the Maximum Log Size text box, you can specify the maximum size to which the file can grow. Windows sets a default size of 20,480KB 20MB for the Application, System, Security, and ForwardedEvents logs, and 1,028KB for the Setup log. These sizes are large enough to collect plenty of events for identifying problems; you probably won’t need to increase the maximum sizes.

3. In the When Maximum Log Size Is Reached area, select one of the option buttons to specify what Windows should do when the log file reaches its maximum size:

Overwrite Events as Needed Select this option button to have Windows delete the oldest event to make room for the newest event, thus keeping the log file around its maximum size.

Archive the Log When Full, Do Not Overwrite Events Select this option button to make Windows automatically archive the log when it becomes full. This is a good option if you need to be able to go back a long way in your logs to track persistent problems.

Do Not Overwrite Events Select this option button if you want to prevent Windows from overwriting any events. This means that you’ll need to clear the event log manually. Until you clear the log by clicking the Clear Log button, Windows writes no more events to the log once it has reached its maximum size.

4.If you need to clear the log, click the Clear Log button. Event Viewer displays the dialog box shown next. Click the Save and Clear button if you want to save the log before clearing it; specify the filename in the Save As dialog box, and then click the Save button. Otherwise, click the Clear button to clear the log without saving its contents.

5. Click the OK button. Windows applies your changes and closes the Properties dialog box for the event log.

Filtering the Event Log

To find the events in which you’re interested, you can filter an event log. Take the following steps:

1. In the console tree, click the event log you want to filter.

2. Choose Action Filter Current Log. Windows displays the Filter Current Log dialog box .

3. In the Logged drop-down list, choose the time frame for the events you want: Any Time, Last Hour, Last 12 Hours, Last 24 Hours, Last 7 Days, Last 30 Days, or a Custom Range you specify.

4. In the Event Level area, select the check box for each type of event you want to see: Critical, Error, Warning, Information, or Verbose.

5.In the Includes/Excludes Event IDs text box, you can type particular event ID numbers or ranges of numbers that you want to find. This is expert usage; for normal usage, leave the <AllEvent IDs> item selected.

6. If you want to specify particular keywords for the filtering, click the drop-down list button, and then select the check box for each keyword you want to include. Here’s an example of the options:

7. In the User text box, you can type a particular username if you want to see only events related to that user. Otherwise, leave the <All Users> item selected.

8. In the Computers text box, you can type a particular computer name if you’re monitoring remote computers and you want to see only the events related to a particular computer. Otherwise, leave the <All Computers> items selected.

9.Click the OK button. Windows closes the Filter Current Log dialog box and filters the contents of the current log to show only matching entries. To remove the filtering, choose Action Clear Filter.

Clearing the Event Log

To clear a log, right-click it in Event Viewer and choose Clear Log from the context menu. Event Viewer displays an Event Viewer dialog box asking if you want to save the log before clearing it. Click the Save and Clear button if you want to save the log before clearing it; specify the filename in the Save As dialog box, and then click the Save button. Otherwise, click the Clear button to clear the log without saving its contents.