Configure Windows crash behaviour with PowerShell

When there is a OS-handled crash (a blue screen), there are some settings in the Startup and Recovery Control Panel, which tells Windows how it should behave. For example, whether it restarts automatically or not , whether it writes a small memory dump (aka minidump), a kernel dump or a full dump, and where it saves the dump file :

Startup and Recovery Window

If you want to troubleshoot a recurrent crash, you may want to alter this behaviour, for example, you may need to set the system not to restart automatically to be able to see the blue screen. You may also need a complete memory dump to facilitate your investigations or to send to Microsoft Support.

Here is how to do this using PowerShell :

These settings correspond to properties of the WMI class : Win32_OSRecoveryConfiguration, so let’s start by checking what we have in there :

 
C:\ > $CrashBehaviour = Get-WmiObject Win32_OSRecoveryConfiguration -EnableAllPrivileges
C:\ > $CrashBehaviour | Format-List *


PSComputerName             : DESKTOP
__GENUS                    : 2
__CLASS                    : Win32_OSRecoveryConfiguration
__SUPERCLASS               : CIM_Setting
__DYNASTY                  : CIM_Setting
__RELPATH                  : Win32_OSRecoveryConfiguration.Name="Microsoft Windows 7 Ultimate
                             |C:\\Windows|\\Device\\Harddisk0\\Partition3"
__PROPERTY_COUNT           : 15
__DERIVATION               : {CIM_Setting}
__SERVER                   : DESKTOP
__NAMESPACE                : root\cimv2
__PATH                     : \\DESKTOP\root\cimv2:Win32_OSRecoveryConfiguration.Name="Microsoft Windows 7
                             Ultimate |C:\\Windows|\\Device\\Harddisk0\\Partition3"
AutoReboot                 : True
Caption                    :
DebugFilePath              : %SystemRoot%\MEMORY.DMP
DebugInfoType              : 2
Description                :
ExpandedDebugFilePath      : C:\Windows\MEMORY.DMP
ExpandedMiniDumpDirectory  : C:\Windows\Minidump
KernelDumpOnly             : False
MiniDumpDirectory          : %SystemRoot%\Minidump
Name                       : Microsoft Windows 7 Ultimate |C:\Windows|\Device\Harddisk0\Partition3
OverwriteExistingDebugFile : True
SendAdminAlert             : False
SettingID                  :
WriteDebugInfo             : True
WriteToSystemLog           : True
Scope                      : System.Management.ManagementScope
Path                       : \\DESKTOP\root\cimv2:Win32_OSRecoveryConfiguration.Name="Microsoft Windows 7
                             Ultimate |C:\\Windows|\\Device\\Harddisk0\\Partition3"
Options                    : System.Management.ObjectGetOptions
ClassPath                  : \\DESKTOP\root\cimv2:Win32_OSRecoveryConfiguration
Properties                 : {AutoReboot, Caption, DebugFilePath, DebugInfoType...}
SystemProperties           : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers                 : {dynamic, Locale, provider, UUID}
Site                       :
Container                  :

The parameter -EnableAllPrivileges will allow us to manipulate the properties of this WMI object if the current Powershell host was run as Administrator.

Here is how to prevent Windows to restart automatically after a system failure :

 $CrashBehaviour | Set-WmiInstance -Arguments @{AutoReboot=$False}
 

Let’s check if our change is effective :

No auto restart highlight

Woohoo, it worked !

Now, we are going to configure the type of memory dump: small, kernel, or complete. As you can see above, the default value is 2, which corresponds to kernel dump.
Here are the possible values and their meaning :
0 = None
1 = Complete memory dump
2 = Kernel memory dump
3 = Small memory dump

Here is how to configure Windows to save full dumps :

I had some difficulties to make it work using the variable $CrashBehaviour, so here is how to do it :

 Get-WmiObject -Class "Win32_OSRecoveryConfiguration" -EnableAllPrivileges  |
Set-WmiInstance -Arguments @{DebugInfoType=1}
 

And how to verify our change :

DebugInfoType Full Dump

If you have recurrent crashes and you want to check if it is the same type of failure every time, you may want to keep any existing memory dump when writing a new dump to disk. Be careful though, this may consume a large amount of disk space, especially with full dumps.

 $CrashBehaviour | Set-WmiInstance -Arguments @{OverwriteExistingDebugFile=$False}
 

 

Now, if you want to change where the dump files will be written, perhaps on a volume with more free space, here is how to change the location of the memory dumps :

 $CrashBehaviour | Set-WmiInstance -Arguments @{DebugFilePath="E:\MEMORY.DMP"}
 

And how to verify the modification :

DebugFilePath

By default, an OS-handled crash will write an event in the System event log. I’m not sure why you would want to change this behaviour, but in case you do, here is how to do it :

 $CrashBehaviour | Set-WmiInstance -Arguments @{WriteToSystemLog=$False}
 

One thought on “Configure Windows crash behaviour with PowerShell”

Leave a Reply

Your email address will not be published. Required fields are marked *