🔧 Recipe · Troubleshooting & Diagnostics

Diagnose a Slow Windows Workstation

Systematically identify and resolve performance issues on an end-user Windows PC

Complexity

Intermediate

Impact

troubleshooting + endpoint + performance + windows + helpdesk

Context

Why This Matters

Slow workstation complaints are one of the most common helpdesk tickets. The root cause can range from trivial (too many browser tabs, pending updates) to serious (failing disk, malware, memory leak in a line-of-business app). A structured diagnostic approach saves time, avoids unnecessary re-imaging, and produces evidence you can share with the user or escalate to vendor support.

Run this recipe when:

A user reports their PC is slower than usual today or over the past few days.
Login, boot, or application launch times have noticeably increased.
Fans are running loudly, the machine feels hot, or Task Manager shows sustained high CPU/disk/memory.

This recipe focuses on Windows 10/11 workstations managed in a corporate environment. It collects telemetry first, analyzes bottlenecks second, and recommends remediation last — so you never apply a fix before you understand the cause.

Expected Outcomes

After completing this recipe you will have:

A snapshot of current CPU, memory, disk, GPU, and network utilization.
A list of the top resource-consuming processes and startup apps.
Disk health (SMART) status and free-space assessment.
Recent Windows Update, driver, and reliability history.
Malware / Defender scan results.
A documented root cause (or a clear escalation path if hardware is suspect).
Applied remediation and a verification that performance is restored.

Risks & Considerations

Warnings & Gotchas

Don't reboot before collecting data. A reboot clears the evidence (running processes, event logs in memory, Task Manager history). Always snapshot first.
Don't run aggressive "cleaners" or registry tools. They rarely fix real issues and often break managed configurations (GPO, Intune policy, AV exclusions).
Beware of privacy. Process lists may reveal personal apps. Get user consent before remote sessions and avoid screenshotting personal content.
SMART "OK" is not a guarantee. A drive can be failing even if SMART reports healthy. If disk latency is sustained above 50 ms, treat the drive as suspect.
High memory use is not always bad. Windows deliberately fills RAM with cache. Focus on committed memory and paging activity, not just "% used."
Compliance: If you find unauthorized software or signs of compromise, follow your incident-response policy before taking further action.

Required Permissions

Permission	Why It's Needed
Local Administrator on the workstation	Required to read performance counters, query WMI/CIM, run Defender scans, and install updates.
Remote PowerShell (WinRM) or Intune device action rights	Needed to run diagnostics remotely without interrupting the user.
Microsoft Defender for Endpoint: Security Reader (optional)	To correlate the device's recent alerts, vulnerabilities, and device health.
Intune: DeviceManagementManagedDevices.Read.All (optional)	To pull device compliance, hardware inventory, and last sync status via Graph.

The fastest way to get this done — just ask Dex. Copy the prompt below and paste it into your Dex conversation.

For IT Admins

Paste into Dex CoAdmin

{user} reports their workstation ({device_name}) is slow today. Run a full diagnostic: capture top processes, disk health, free space, startup impact, recent crashes, pending updates, and Defender status. Identify the likely root cause, apply a safe remediation if one is obvious (clear temp, disable unneeded startup items, trigger updates or a quick scan), and summarize findings plus any recommended follow-up in the ticket.

Try in Dex CoAdmin

For End Users

How an employee would ask Dex for help

My computer has been really slow today — can someone take a look?

Try in Dex Playground