How to use Windows Task Manager as a troubleshooting tool
Task Manager could be a more effective solution than rebooting
By Tony Bradley | PC World | Published: 13:54, 09 April 2011
Hold on. Don't just reboot your Windows 7 PC. I realise that rebooting is the go-to solution when a program won't shut down, or the system starts dragging or acting wonky, but there is another way. The Task Manager is a powerful tool for troubleshooting and resolving issues in Windows 7.
Task Manager lets you view the programs, processes and services currently running on the PC. You can use Task Manager to monitor your computer's performance, and to close a program that is not responding, view network status and see which users are connected to the PC.
You can have many applications open at once in Windows 7 - limited only by the available memory and processor capacity of the PC. But what you see is a little like watching a duck on a pond. On the surface it seems to calmly glide along, while under the water its feet are furiously paddling away. Generally, Windows does an awesome job of prioritising and managing all of the underlying processes and services, but every so often something goes awry. That is when you need to dive into Task Manager.
Related Articles on Techworld
Starting Task Manager
To begin with, you have to open up Task Manager. You have a few different ways to do this.
- Press Ctrl-Shift-Esc.
- Press Ctrl-Alt-Del, then select Start Task Manager.
- Click Start, type 'task manager' in search bar and press Enter.
- Right-click anywhere on the task bar and select Start Task Manager.
Use any of the above techniques and you will open up the Task Manager console.
Vital information at a glance
At the bottom of the Task Manager window - no matter which tab you happen to be viewing - is a sort of dashboard view that displays the current number of running processes, the percentage of the processor capacity being used and the percentage of physical memory.
The information displayed here can instantly let you know if a process or application is consuming all of the CPU or memory resources, which is your first clue for troubleshooting a problem.
Task Manager tabs
Across the top of the main window in the Task Manager console are a number of different tabs: Applications, Processes, Services, Performance, Networking and Users. We will dive into detail on the use of Applications, Processes, and Services, but the other three won't be covered comprehensively in this article because they are not as directly related to troubleshooting and resolving issues. Here is a brief summary of the last three tabs:
Performance: The Performance tab displays a real-time graph depicting processor usage (split to show the separate cores available for dual- or quad-core processors), and a real-time graph of the memory in use along with various details such as the amount of time the PC has been up and running and the amount of virtual memory available to Windows. You can already see the overall processor and memory usage on the dashboard bar at the bottom of the Task Manager; however, by reviewing the usage graphs on this tab you can identify whether there is an issue with a specific core or cores within the processor. For example, if there is significant activity on one processor core, while the other is flatlined, you may have a defective CPU.
Networking: This tab displays real-time usage of active network connections. A pane at the bottom of the console lists the various available network connections, the percent of the network capacity being used, the maximum speed the network connection is capable of and its current state.
You can use this tab to determine if there is any suspicious activity going on, such as high network bandwidth usage when you aren't actively downloading a file or streaming a movie, or network activity on adapters that you aren't actively using, like the Bluetooth adapter. Either of these symptoms could mean you have malware on your machine or that an intruder has somehow gained access. Without a network sniffer of some sort, it is difficult to identify exactly what is going on, but you can run a malware scan of your PC, or dig deeper into the Processes tab to try to determine which process might be responsible.
Users: For most desktop PCs, the Users tab will show only the actual owner or primary user. On a system that has shared resources or allows external connections, though, this tab will display all of the currently connected users. You can use the buttons at the bottom of this console to forcibly disconnect or log off other users, or you can send a message - perhaps to let them know you're about to forcibly disconnect them. If you do see other users connected on a system that isn't intended to be shared, you obviously have an issue. You can forcibly boot the intruder from your PC, then perform a malware scan to try to determine how the user was able to gain access to your system.
Now that we have covered the basics of those three tabs, let's dive deeper into using Task Manager to identify and resolve problems on your Windows PC using the other three tabs.
When you first open Task Manager, the Applications tab is the default tab displayed. This tab shows a list of the currently active applications - but only applications that are open on the taskbar. Programs that are running, but minimised to the System Tray - like Microsoft System Essentials and Yammer - will not appear on this list and the Task Manager itself is also absent.
If you want to quit an application from this menu, just select the item under the Tasks list and click End Task.
But the most important aspect of the Applications tab is the Status column. This lets you know whether a program is running properly or not. Applications that are frozen or hung up will show "Not Responding". Odds are fair that if the program status is "Not Responding" in Task Manager, you also won't be able to interact with it or shut it down by normal means such as clicking the "X" in the upper right corner to close the window. In those instances, select the problem application and click the End Task button.
You will most likely get a pop-up window confirming that you want to terminate the "Not Responding" application. Occasionally, you run into an application that won't quit after the first try - or the second, or the third. That's when you switch to the Processes tab.
The Processes tab is really the heart of Task Manager. This tab has the most useful information when it comes to troubleshooting and identifying issues, and it provides the most effective tools for resolving those issues.
First, let's go over the information that is displayed on the Processes tab. It shows five columns of information by default: Image Name (the process), User Name (the user account context the process is running in), CPU (the percentage of the processor being used by that process), Memory (the amount of system RAM being used by that process), and Description (a more understandable description of what the process is).
You can sort the processes using any of the columns - simply click the column that you want to use as the primary sort filter. If you click Image Name, the processes will be sorted alphabetically (or reverse alphabetically). Generally, you will want either to sort the processes alphabetically to make it easier to find a specific process, or to sort based on CPU or Memory to identify the processes that are hogging system resources.
For example, if your PC is slow and unresponsive, but all of the programs on the Applications tab appear to be running fine, you can sort the Processes tab based on the CPU or Memory column to see if a particular process is using up a huge chunk of the available resources. You might also be able to identify suspicious or malicious activity If you find processor or memory resources being consumed by processes that you don't recognise or can't make out which application they belong to.
First, though, click the checkbox at the bottom of the Processes tab next to "Show processes from all users". If you sort the Processes based on the CPU column, you will most likely notice that adding up the numbers of the processor percentage in use by the displayed processes does not match the CPU usage reported in the dashboard at the bottom of the Task Manager. That's because the Processes tab displays only the tabs running in the logged-in user's context by default - so system processes and processes from other users aren't shown unless you click this checkbox.
The CPU and Memory columns are the most useful ways to identify problem processes, especially if you have already tried End Task on the Applications tab and found that the program is too stubborn to shut down. Sort based on the CPU or Memory column to find the process hogging the system resources, select it and click the End Process button at the bottom of the Processes tab. End Process is typically much more effective than End Task - even for tenacious processes.
The Processes tab also offers more customisability than the other tabs. Click View at the top of Task Manager, and choose Select Columns to see a list of all of the other information you can display in the Processes tab columns. One custom column I highly recommend adding is process ID - or PID. It will come in handy when trying to work with the Services tab because the Services can be filtered based on the associated PID to make it easier to match the processes and services that go together.
Another very handy column to add is Image Path Name. This column lists the path to the location of the executable for the process in question. This can help you determine what the actual application is that is behind an errant process, or help you locate where malware executables might be hidden on your system.
The Services tab is essentially a scaled-down version of the Services management console, something you can access by clicking the Services button at the bottom of the Services tab. A service is a program that is designed to perform a function and that can be called by other programs without user intervention. For example, the Print Spooler service can be used by various applications to queue items to be printed. This tab lists the service name, the PID, a description in more understandable language of what the service is or does, the current status of the service, and its group - assuming it's in one.
Each service will have a status of either "stopped" or "running". If you right-click on any of the services, you will see that there are really only three things you can do with it, and only one or two of the choices is available at a given time. If it is "running," you can stop it, and you also have an option to "Go to Process," but the "Start Service" option is grayed out because the service is already on. If the service is not running, you can click "Start Service," but the other options are grayed out because you can't stop a service that isn't running to begin with, and stopped processes aren't connected with any running processes.
Clicking "Go to Process" takes you to the associated PID on the Processes tab. However, if your Processes tab is sorted by CPU usage, memory, or some other dynamic column that changes frequently, the processes will likely be bouncing around too much for you to really use this tab. You should first sort the Processes tab based on PID (after you have followed the instructions under the Processes tab section to add the PID column) so that the processes are listed in numeric order.
If you sort the Services tab based on PID, you will see that a number of services can be associated with a single PID simultaneously. Ending the process will impact all of the services connected to that process. Using the two tabs together, though, you can find the services related to a problem process, and try stopping each service one at a time to isolate the problem without killing the process and impacting all of the associated services.
Stop each service one at a time, then monitor the Processes tab to see if the issue is resolved. Once you isolate the problem service, you can use the Image Path Name column on the Processes tab to help you identify the actual application causing the problem. Then, you can check with the developer to see if there is a patch or workaround for the issue you are having, or find an alternative program that doesn't have those issues, or simply uninstall it to resolve the problem.
Once you've found a particularly problematic service, you can click the Services button to open the full services management console where you can access the properties for the service and either disable it or change it to only start manually so you can see if that leaving that service off resolves your problem.
The Task Manager in Windows 7 is a powerful tool, and we have really only scratched the surface. It lets you monitor and optimise system and network performance. It lets you troubleshoot and resolve issues, and terminate stubborn software without rebooting.
Open it up and check it out. Poke around and see what Task Manager has to offer.