Using Claude CLI to Audit Your Windows PC for Peak Performance
An AI in your terminal, an SSH session, and a gaming rig that didn't know it was carrying baggage.
The Idea
Windows Update rolled through. Everything seems fine — the machine boots, games run, nothing's on fire. But "fine" isn't the same as "clean." Every cumulative update has a habit of re-enabling services you turned off, re-adding startup entries you removed, and quietly installing things you never asked for.
Normally you'd open Task Manager, squint at a list of services, Google each one, and spend an afternoon deciding what stays. Or you could hand the job to something that already knows what all of it does.
Claude CLI can SSH into a remote machine, run PowerShell commands, interpret the results, and tell you exactly what's wrong — in plain language, with recommendations. No scripts to write. No tools to install. Just a conversation.
Getting Started
You need three things:
- Claude CLI installed on your local machine (claude.ai/code)
- SSH access to the target PC (OpenSSH Server is built into Windows 11)
- An admin account on the remote machine
If you haven't set up SSH on a Windows box before, the short version:
# On the remote PC (run as admin)
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service sshd -StartupType Automatic
For key-based auth (no password prompts), drop your public key into C:\ProgramData\ssh\administrators_authorized_keys if your account is in the Administrators group. Lock down permissions with icacls.
Once you can run ssh user@192.168.x.x "hostname" and get a response, you're ready.
The Conversation
This is where Claude CLI is different from a script. You don't need to know what to check — you just tell it what you want.
> hey, windows updated on my main pc. can you ssh in and audit the system?
Claude connects, pulls system info, and starts checking. No prompting for specific commands. It decides what to look at based on context:
- OS version and boot time — confirms the update landed
- Recent hotfixes — shows exactly which KBs were installed and when
- Startup programs — catches anything the update re-added
- Installed UWP packages — flags bloatware that crept back in
- Running services — identifies unnecessary services set to auto-start
- Scheduled tasks — finds telemetry collectors and ad-nag tasks
- Defender status — confirms real-time protection is active and definitions are current
All of this happens in one pass. Claude runs the commands in parallel where it can, reads the output, and presents a summary — not a wall of raw PowerShell output, but a categorised breakdown with recommendations.
What It Found (Post-Update)
After a standard April 2026 cumulative update on a gaming desktop:
Re-added by Windows Update
- OneDrive startup entries —
OneDriveSetup.exe /thfirstsetupinjected twice into the startup registry - OneDrive scheduled tasks — three tasks for reporting, standalone updates, and startup re-added
- SoftLanding tasks — Microsoft's "creative management" scheduled tasks that serve feature promotions and ads
- Edge auto-launch —
msedge.exe --no-startup-windowembedding itself at boot
Unnecessary Services Running
- SysMain (Superfetch) — pre-caches apps into RAM, designed for spinning disks. On an NVMe drive it adds zero benefit and wastes memory
- WSAIFabricSvc — Windows AI Fabric service, new with recent updates, telemetry and AI integration
- whesvc — Windows Health and Optimized Experiences, another telemetry/ads pipeline
Remote Access Sprawl
- RustDesk — running as an auto-start service with firewall rules open, even when not actively needed
- Remote Assistance — ten firewall rules enabled for a feature nobody uses when RDP and SSH are available
Bloatware Packages
- Xbox packages present (kept — actively used for gaming)
PeopleExperienceHoststill hanging around
The Cleanup
Once you've reviewed the findings, you just tell Claude what to do:
> disable SysMain, WSAIFabricSvc, whesvc. remove the OneDrive and SoftLanding tasks.
> kill the Edge auto-launch. set RustDesk to manual and close its firewall rules.
> disable Remote Assistance firewall rules. keep Xbox.
Claude runs all of it — services stopped and set to disabled, scheduled tasks unregistered, registry entries removed, firewall rules disabled. Each action gets confirmed individually.
No reboot required. Changes take effect immediately.
Going Deeper: Driver Audit
The conversation doesn't have to stop at services and bloatware. Ask Claude to check your drivers:
> do a driver audit
It pulls every signed driver on the system, filters out the generic Windows ones, and highlights what matters:
| Component | Driver Age | Verdict | |---|---|---| | NVIDIA RTX 2070 | March 2026 | Current | | Realtek Audio (AAF) | March 2026 | Current | | AMD Chipset (PCI/SMBus/GPIO) | March-Aug 2024 | ~1 year old | | Realtek GbE NIC | Nov 2024 | Slightly stale | | Logitech HID | Dec 2017 | Ancient - review | | Oculus VR Bus | Feb 2017 | Legacy - check Meta app |
You can then ask it to research whether newer versions exist and what they actually change. For the AMD chipset, Claude found that the latest driver (v8.02.18.557, March 2026) consolidated the separate PCI/SMBus/GPIO components into a unified package with improved power management — useful context for deciding whether the update is worth the effort.
Remote Tooling Audit
Security matters. Ask Claude to check what remote access is running:
> audit remote tooling
It checks running services, firewall rules, and RDP configuration, then presents the full picture:
| Tool | Status | Firewall | |---|---|---| | OpenSSH Server | Running, Auto | Inbound open | | RDP | Enabled | Inbound open | | WinRM | Running, Auto | HTTP inbound open | | RustDesk | Running, Auto | Inbound + outbound open | | Monect | Running, Auto | 3 rules open | | Remote Assistance | - | 10 rules open |
That's a lot of attack surface for a home machine. Claude flags it, you decide what stays. In this case: SSH, RDP, WinRM, and Monect stayed. RustDesk went to manual start. Remote Assistance got its firewall rules disabled.
Why This Works
The value isn't that Claude can run PowerShell commands — any script can do that. The value is in the interpretation layer:
- It knows what SysMain does and that it's pointless on NVMe
- It knows what WSAIFabricSvc is even though Microsoft barely documents it
- It knows the difference between a service you should disable and one that'll break your system
- It cross-references — if you say you game, it knows to keep Xbox services and Game Bar
- It adapts — it doesn't run the same checklist every time, it responds to what it finds
You're not following a guide. You're having a conversation with something that understands Windows internals and can act on your specific system.
Tips for Your Own Audit
Start broad, then drill down. Ask for a general audit first. Follow up on anything that looks off.
Tell Claude what you use the machine for. "This is a gaming PC" or "this is a dev workstation" changes what it recommends keeping.
Don't remove everything. Some services look unnecessary but have dependencies. Claude will warn you, but if you're unsure, ask before acting.
Check after every Windows Update. Microsoft will re-enable things. It's not a one-time job.
Use SSH, not local. Running Claude CLI from a separate machine means you can audit without competing for resources on the target. It also means you can audit multiple machines from one terminal.
The Result
| Metric | Before | After | |---|---|---| | Unnecessary auto-start services | 3 | 0 | | Bloatware startup entries | 3 | 0 | | Telemetry/ad scheduled tasks | 5 | 0 | | Open firewall rules (unused) | 12 | 0 | | Remote services running unnecessarily | 1 | 0 |
The machine was already "fine." Now it's clean. Every process running has a reason to be there. Every open port is intentional. Every startup entry is something the user actually wants.
And the next time Windows Update tries to undo it all, the same conversation picks up where it left off.
Built with Claude Code. Published at indigo-nx.com.