skip navigation

Content:: Task Manager

Open Task Manager
The Taskmanager, How to Open

The Task Manager can be opened multiple ways. The most common action is by right clicking on the Taskbar (to the right of the Start Button). A context menu will appear with an option named "Task Manager".
There is also a keyboard shortcut combination you can use CTRL + SHIFT + ESC.
Pressing CTRL + ALT + DEL will take you to an alternative menu with the a button in the center column bottom row to activate the program.
The executable name for the Task Manager is taskmgr.exe which is located in C:WINDOWSsystem32. A backup is stored in C:WINDOWSsystem32dllcache. The path C:WINDOWSsystem32 is stored in PATH environmental variable allowing us to type taskmgr or taskmgr.exe from any location in the system including the Run Command.

disabled taskmanager

Enable Taskmanager
Disabled Task Manager, How to re-enable

It is common practice for malicious softare (Viruses, Trojans, Spyware, etc) to disable the Task Manager. Another common practice is to disable this from users by your friendly System Administrator.
The feature to disable access to the Task Manager is stored in the windows registry.
A windows registry key is used to disable access to the task manager. The key can be found here
A "REG_DWORD" labeled DisableTaskMgr controls the setting a hex value of 0x01 or decimal value of 1 will disable the Task Manager where a hex value of 0x00 or decimal value of 0 will enable the Task Manager.

Reference Link to a new window Link to a new window

How the Task Manager Works

The default tab Applications shows a list of applications or tasks available. Remember this is not a complete list of applications. It is only a list of applications that are made for windows that are top level window applications. These are the applications that will appear in the Task Switcher or Flip as it is called in Windows Vista. The shortcut keys to access the Task Switcher are ALT + TAB.

The Processes tab can be useful as it shows every executable program that is running inside of your Windows Operating System. The base operating system processes are highlighted in green. With a basic operating system installation you should see roughly 16 processes, CPU Usage of roughly 0% and the memory usage (Commit Charge) running roughly 80 MegaBytes the slash (/) is over the total physical RAM and Virtual Memory (this is usually twice the amount of of the physical RAM). After installing your system drivers the processes should stay at roughly 16 unless the drivers run additional, usually un-needed, programs. The largest increase you will see is your memory usage rising to roughly 120 MegaBytes this can vary drastically depending on the drivers.

A clean functioning system will run roughly

Processes: 16
CPU Usage: 0%
Commit Charge: 120M

One important note about the screenshot is the "System" process running at a heavy 77 MegaBytes. This is due to the AVG anti-virus software, a normal "System" will in the low hundreds of KiloBytes thats nearly one hundred times less than what the screenshot shows.

The Processes

The base or default processes that come or are required for the Windows XP Operating system to run are :

ProcessFolderMD5Last Changed
csrss.exe C:windowssystem32 44f275c64738ea2056e3d9580c23b60f 04/14/2008 08:00 PM
explorer.exe C:windows 12896823fb95bfb3dc9b46bcaedc9923 04/14/2008 08:00 PM
lsass.exe C:windowssystem32 bf2466b3e18e970d8a976fb95fc1ca85 04/14/2008 08:00 PM
services.exe C:windowssystem32 65df52f5b8b6e9bbd183505225c37315 02/06/2009 04:11 AM
smss.exe C:windowssystem32 5f816c1f539266d2d4c78694239da0b5 04/14/2008 08:00 PM
spoolsv.exe C:windowssystem32 d8e14a61acc1d4a6cd0d38aebac7fa3b 04/14/2008 08:00 PM
svchost.exe C:windowssystem32 27c6d03bcdb8cfeb96b716f3d8be3e18 04/14/2008 08:00 PM
System Idle Process
taskmgr.exe C:windowssystem32 2cd1c3506a85b38e2d17e61aded175c4 04/14/2008 08:00 PM
winlogon.exe C:windowssystem32 ed0ef0a136dec83df69f04118870003e 04/14/2008 08:00 PM
wmiprvse.exe C:windowssystem32wbem 798a9e6828997eef4517ada8a2259831 02/06/2009 03:10 AM

* The MD5 and dates may vary depending on your system. This was taken from Windows XP Home SP3

How the Task Manager Works

By knowing what processes exist based on a basic operating system we can now use the processing tab of the task manager as a useful tool to fix many problems our system may have.
One important thing to understand is the Task Manager only shows what is currently running and does not have any control over the system start up processes. Only the operating system and its configurations can tell your computer what programs to start up when your computer does. Anything running on your system including "Viruses" or "Malware" must be started by the operating system either through the configurations or an exploit.
This means you can terminate any if not all of the processes, not listed above, then restart your computer to return the system to the "state" it was in before terminated a task in the Task Manager.
Killing random processes in your task manager may cause your system to fail, crash, or an error message to prompt you stating an error with the operating system has occured and a reboot is required.

End Processes
Cleaning Memory Resident Programs with the Task Manager

With the little what we have learned we can now terminate processes that are running on the system. The easiest test we can do is killing the taskmgr.exe, this will make the Task Manager disappear. You can do this by right clicking on taskmgr.exe and selecting End Process from the context menu.
Last Modified: 2012-01-24