Home > IT-Pro Speaker Training > Sami Laiho > BlackBelt - Advanced Troubleshooting the Windows OS

Course information

BlackBelt - Advanced Troubleshooting the Windows OS

Send a mail to sales@pds-site.com for more information

The best Windows OS troubleshooters can be taught by taking this course.

Also possible to join this class remote


  • Have you ever wondered if Windows Pagefile settings should be changed or how they actually work?
  • Have you ever wondered what the values in Task Manager actually mean – like Paged Pool, Working Set, Free memory etc? Did you know that Task Manager can never show what’s hanging in Windows (Yes, it’s a fact and totally impossible)?
  • Do you know how a file actually gets cached and finally written to the disk or how threads communicate with each other?
  • Have you ever wondered what Mutexes or Semaphores in Process Explorer really mean?
  • Do you want to learn how to troubleshoot performance issues like Slow Logons, Computers or application start? Do you know how to use Windows Performance Toolkit?

If you don’t know the answers, come and join this course as it will provide you with the answers and a lot more! 

To get the best out of this session we would suggest you have MCSA (Windows Server 2012/2016 or Windows 10) or MCSE (Mobility or Productivity). Having a working skillset on this level is fine as well.
Please bring your own challenges and questions to this expert session as this will be a rare opportunity to learn from the best.

Level 400+ class. (also known as: "Expert Session for Windows specialists") 

This training is organized only 1 or 2 times a year in this region.

Tel: +31 88 55 88 400
E-mail: sales@pds-site.com

For who

This training is meant for all administrators who want to deepen their knowledge and troubleshooting skills in Windows. It is also suitable for people who think they know everything about the Windows OS… It’s a deep dive course and surely in no way suitable for only the beginners but for seasoned administrators as well (I guarantee you won’t be disappointed!).

What you learn
This four day course trains you how to become a better troubleshooter of any environment that runs on Windows. The best way to become a great troubleshooter is to learn from the ground up.

The biggest flaws people do while troubleshooting are that they believe that Administrator account should be used for troubleshooting or that Windows processes can execute code – Both are incorrect.

So usually people troubleshoot the wrong objects with too few permissions.. How could that work? It can’t and there’s a good reason for you to join this training.



Troubleshooting methodology 

  • Something’s Wrong! 
  • Error Isolation and reproduction 
  • Validity: the right metrics 
  • Wait for the users/helpdesk or proactive monitor?

Tools and procedures for troubleshooting Windows 

  • What are your tools for troubleshooting 
  • Sysinternals Suite
  • How to run them in the right user context

System Architecture

  • Requirements and Design Goals
  • Operating System Model
  • Architecture Overview
  • Key System Components

System Mechanisms

  • Trap dispatching
  • Object Manager
  • Synchronization
  • System Worker Threads
  • Global Flags
  • ALPC
  • Kernel Event Tracing
  • Wow64
  • User Mode Debugging
  • Image Loader
  • Kernel patching
  • Code integrity

Remote Administration 

  • I never walk to a machine any more
  • There’s nothing special about a local logon

OS Internals

  • Windows modes (User/Kernel, and the missing rings)
  • Your favourite Processes and threads
  • Services and programs and memory
  • Process Internals
  • Thread Internals
  • Thread scheduling

Memory Management

  • Introduction to the Memory Manager
  • Heap Manager
  • Virtual Address Space Layouts
  • Address Translation
  • Page Fault Handling
  • Stacks
  • Driver Verifier
  • Physical Memory Limits
  • Working Sets
  • Cache Manager
  • Proactive Memory Management (SuperFetch)

Troubleshooting security related issues

  • Is it in the permissions on the machine?
  • Is it in the access to my domain? 
  • Has my machine be breached? 

Registry Internals 

  • Troubleshooting of the SLOW
  • It’s an i7 with 32GB. This is weird! 

My network fails me! 


  • Security Ratings
  • Protecting Objects
  • Account rights and privileges
  • Access tokens
  • UAC
  • AppLocker

Debugging and debuggers

  • How to debug a machine
  • When to debug a machine with an actual debugger

Those pesky device drivers 

  • The machine won’t boot.. well I know something! 
  • Getting that Unbootable machine going 

Blue Screen of Death (BSOD)

  • Why Does Windows Crash?
  • How BSOD works and how to make one
  • Troubleshooting Crashes
  • Crash Dump Files
  • Windows Error Reporting
  • Online Crash Analysis
  • Crash Dump Analysis
  • Advanced Crash Dump Analysis

Startup and Shutdown

  • Boot Process
  • Troubleshooting Boot and Startup Problems
  • Shutdown

Some student quotes and recommendations:

"Great training, excellent trainer with real indepth knowledge brought to me in real "eatable" way. (I ment usable)"

“Technical side: Sami’s trainings include The True Stuff from the “start” to the “end”. In other words, the whole Windows’ “saga” is covered from top to down, or the other way around, absolutely NO bullshit included.

“If you are ready for a deep dive into the Windows kernel and willing and wanting to learn how Windows really works, then you need to take Sami’s BlackBelt course. Sami’s high energy, enthusiastic and engaging approach to teaching, will captivate you and keep your attention for the entire duration. When it is all over, you will begging for more.” 

“It’s a very interesting course. You learn so much about actions you didn’t know they existed.” 

“Excellent trainer, by far the most “hands on” with REAL LIFE scenarios testing, ABSOLUTE needed for an IT Pro in an enterprise” 

“You think you know Windows, but you dont.” 

Send a mail to sales@pds-site.com for more information