First Step in Windows Troubleshooting: Understanding Windows Task Manager Tabs

First Step in Windows Troubleshooting: Understanding Windows Task Manager Tabs
Page content

Introduction

Windows Task Manager displays valuable information about your computer’s instantaneous use of processor, memory (both physical and virtual), network connections, and the running processes. All these information is arranged in tabs:

  • Applications: Displays the currently running applications.
  • Processes: Displays the currently running processes.
  • Performance: Displays the current system performance.
  • Networking: Displays the current network connections for all network interfaces.

Task Manager Tabs: Application

The Application tab displays the information about the applications that are currently running on your computer, such as Windows Mail, Microsoft Word, any open Windows Explorer sessions (e.g. My Documents window), and their status. The status is either “Running” or “Not Responding.” An application which does not accept any input possibly has a “Not Responding” status if it is not trying to process data. Often the overall system unresponsiveness is caused by an application in “Not Responding” status.

Task Manager Tabs: Processes

A process is a program that is being executed. When you start a program in Windows, Windows accepts it and allocates some processor time and memory to the process. When you close the program, the process is terminated and the resources- processor and memory- are handed back to Windows.

Processes are similar to the applications tab, which displays the currently running applications. The Processes tab displays both the processes running in the foreground (the open applications) and the services that are running in the background. A service is an executable file that runs in the background and is not designed for user input. An example is smss.exe, which takes care of the user session: when you enter your credentials and logon to Windows, smss.exe launches csrss.exe and sets the system variables. Except for Windows developers, no user plays with these services, and many users are not even aware that these services are running in their computers.

Note that, many malware applications hide themselves from the Process view or some of them have similar names which are indistinguishable from the real processes. Such as the service.exe: this is actually a Trojan, resembling the system process services.exe. If you have any doubts about the process you see in this tab, make a search on the Internet and check if it is a valid service.

In the Processes tab, you can end the process or process tree of the running applications, change their priority (priority can be Low, Below Normal, Normal, Above Normal, High, and Realtime) and set their affinity (select which processor cores the process or service can use) in multicore processor systems. If you do not know what you are doing, do not play with the priority or affinity settings.

Task Manager Tabs: Performance

Performance tab is divided into two panes: the top pane displays CPU and Page File usage graphically, with a short history of one minute and at the bottom total number of handles, threads and processes, total and available physical memory with system cache, commit charges and kernel memory. The commit charge can be explained with the following terms:

  • Total: The amount of virtual memory (page file) that is being used currently.
  • Limit: Maximum value for total. The sum of the current page file plus the physical memory available for paging, excluding the memory space assigned to non-pageable areas.
  • Peak: Highest amount of commit charge since the last boot.

The Kernel Memory is the memory used by the operating system itself. The kernel memory is protected and inaccessible by other applications. Some part of the Kernel Memory can be swapped to virtual memory/Page File but a certain part of it must be in the memory at all times and cannot be swapped.

Task Manager Tabs: Networking

The network tab in Windows Task Manager displays the current network connections. If you have multiple network cards installed on your computer, such as Wired, Wireless Bluetooth, etc., the adapters are displayed individually in the Networking tab. At the bottom pane, the network adapter, network utilization rate (percent), link speed and network adapter state is displayed. If you want to customize the information displayed, you can add Bytes, Unicasts, and Nonunicasts with their sent, received, and throughput values.

Conclusion

Windows Task Manager displays a wealth of information that you can use for your system administration tasks. The default views are customizable, so that you can display additional system performance/utilization metrics. For the serious system administrators, it will be wise to know the system metrics inside out to determine the causes of problems on computers that they manage.