Windows Task Manager
Encyclopedia
Windows Task Manager is a task manager
application included with the Microsoft Windows
NT family of operating system
s that provides detailed information about computer performance and running applications, processes
and CPU usage, commit charge
and memory information, network activity and statistics, logged-in users, and system services
. The Task Manager can also be used to set process priorities, processor affinity
, forcibly terminate processes, and shut down, restart, hibernate or log off from Windows. Windows Task Manager was introduced with Windows NT 4.0
. Previous versions of Windows NT included the Task List application, which had far fewer features. The task list was capable of listing currently running processes and killing them, or creating a new process. In Windows XP only, a Shutdown menu is also present that allows access to Standby, Hibernate, Turn off, Restart, Log Off and Switch User
.
Earlier versions of Microsoft Windows (Microsoft Windows 3.x, Windows 95
, Windows 98
) had a program known as tasks to display the programs currently running. This file was executed by running the taskman.exe file from the C:\Windows directory.
Right-clicking any of the applications in the list allows (among other things) switching to that application, ending the application, and showing the process on the Processes tab that is associated with the application.
Choosing to End Task from the Applications tab causes a request to be sent to the application for it to terminate. This is different from what happens when End Process is chosen from the Processes tab.
on the system. This list includes services
and processes from other accounts. Prior to Windows XP
, process names longer than 15 characters in length are truncated. Beginning with Windows XP, the Delete key can also be used to terminate processes on the Processes tab.
Right-clicking a process in the list allows changing the priority the process has, setting processor affinity (setting which CPU(s) the process can execute on), and allows the process to be ended. Choosing to End Process causes Windows to immediately kill the process. Choosing to "end Process Tree" causes Windows to immediately kill the process, as well as all processes directly or indirectly started by that process. Unlike choosing End Task from the Applications tab, when choosing to End Process the program is not given warning nor a chance to clean up before ending. However, when a process that is running under a security context different than the one of the process which issued the call to TerminateProcess, the use of the KILL command line utility is required.
By default the processes tab shows the user account the process is running under, the amount of CPU, and the amount of memory the process is currently consuming. There are many more columns that can be shown by choosing Select columns... from the View menu.
There is an option to break the CPU usage graph into two sections; kernel mode time and user mode time. Many device drivers, and core parts of the operating system run in kernel mode, whereas user applications run in user mode. This option can be turned on by choosing Show kernel times from the View menu. When this option is turned on the CPU usage graph will show a green and a red area. The red area is the amount of time spent in kernel mode, and the green area shows the amount of time spent in user mode.
Tiny Footprint mode shows the data of the tab selected when Tiny Footprint mode is entered. In some versions of Windows, the keyboard shortcuts Ctrl+Tab, Ctrl+Shift+Tab or Ctrl+PageUp/PageDown may be used to cycle through the Tiny Footprint view for each tab normally visible outside of this mode. Tiny Footprint mode does not show the memory usage graph if the tab selected is Performance.
with new features, including:
and other forms of malware
; typically malware will close the Task Manager as soon as it is started, so as to hide itself from users. Variants of the Zotob
and Spybot
worms have used this technique, for example. Using Group Policy
, it is possible to disable the Task Manager. Many types of malware also enable this policy setting in the registry. Rootkit
s can prevent themselves from getting listed in the Task Manager, thereby preventing their detection and termination using it.
Task manager
A task manager is a program used to provide information about the processes and programs running on a computer, as well as the general status of the computer. It can also be used to terminate processes and programs, as well as change the processes priority...
application included with the Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
NT family of operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s that provides detailed information about computer performance and running applications, processes
Process (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...
and CPU usage, commit charge
Commit charge
In computing, commit charge is a term used in Microsoft Windows operating systems to describe the total amount of pageable virtual address space for which no backing store is assigned other than the pagefile. On systems with a pagefile, it may be thought of as the maximum potential pagefile usage...
and memory information, network activity and statistics, logged-in users, and system services
Windows Service
On Microsoft Windows operating systems, a Windows service is a long-running executable that performs specific functions and which is designed not to require user intervention. Windows services can be configured to start when the operating system is booted and run in the background as long as...
. The Task Manager can also be used to set process priorities, processor affinity
Processor affinity
Processor affinity is a modification of the native central queue scheduling algorithm in a symmetric multiprocessing operating system. Each task in the queue has a tag indicating its preferred / kin processor...
, forcibly terminate processes, and shut down, restart, hibernate or log off from Windows. Windows Task Manager was introduced with Windows NT 4.0
Windows NT 4.0
Windows NT 4.0 is a preemptive, graphical and business-oriented operating system designed to work with either uniprocessor or symmetric multi-processor computers. It was the next release of Microsoft's Windows NT line of operating systems and was released to manufacturing on 31 July 1996...
. Previous versions of Windows NT included the Task List application, which had far fewer features. The task list was capable of listing currently running processes and killing them, or creating a new process. In Windows XP only, a Shutdown menu is also present that allows access to Standby, Hibernate, Turn off, Restart, Log Off and Switch User
Fast user switching
Fast user switching is a feature on some modern multi-user operating systems such as Windows XP and newer, Mac OS X, Linux. It allows users to switch between user accounts on a single PC without quitting applications and logging out. Analogous functionality was first developed on consumer level...
.
Earlier versions of Microsoft Windows (Microsoft Windows 3.x, Windows 95
Windows 95
Windows 95 is a consumer-oriented graphical user interface-based operating system. It was released on August 24, 1995 by Microsoft, and was a significant progression from the company's previous Windows products...
, Windows 98
Windows 98
Windows 98 is a graphical operating system by Microsoft. It is the second major release in the Windows 9x line of operating systems. It was released to manufacturing on 15 May 1998 and to retail on 25 June 1998. Windows 98 is the successor to Windows 95. Like its predecessor, it is a hybrid...
) had a program known as tasks to display the programs currently running. This file was executed by running the taskman.exe file from the C:\Windows directory.
Launching Task Manager
The Task Manager can be launched using any of the following four methods:- Using the context menuContext menuA context menu is a menu in a graphical user interface that appears upon user interaction, such as a right mouse click or middle click mouse operation...
on the taskbar and selecting "Task Manager" (for WinXP/Vista) or "Start Task Manager" (for Windows 7). - Using the key combination Ctrl+Shift+Esc.
- In Windows NTWindows NTWindows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
, Windows 2000Windows 2000Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
, and Windows XPWindows XPWindows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
(only with the Welcome Screen disabled), the key combination Ctrl+Alt+DelControl-Alt-DeleteControl-Alt-Delete is a computer keyboard command on IBM PC compatible systems that can be used to reboot the computer, and summon the task manager or Windows Security in more recent versions of the Microsoft Windows operating system...
opens the Windows Security dialog, upon which the user can then click on "Task Manager" to start Task Manager. In Windows VistaWindows VistaWindows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
and Windows 7, Ctrl+Alt+Del opens a list of options, one of which, Task Manager, opens Task Manager. In Windows XPWindows XPWindows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
, Windows VistaWindows VistaWindows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
and Windows 7, pressing Ctrl+Shift+Esc directly launches Task Manager, as does Ctrl+Alt+Delete if the Welcome Screen is enabled (Windows XP only). - Starting "Taskmgr.exe" from a command line, GUI (located in C:\Windows\System32\taskmgr.exe) or a shortcut.
Applications
The Applications tab in Task Manager shows a list of programs currently running. A set of rules determines whether a process appears on this tab or not. Most applications that have a taskbar entry will appear on this tab, but this is not always the case.Right-clicking any of the applications in the list allows (among other things) switching to that application, ending the application, and showing the process on the Processes tab that is associated with the application.
Choosing to End Task from the Applications tab causes a request to be sent to the application for it to terminate. This is different from what happens when End Process is chosen from the Processes tab.
Processes
The Processes tab shows a list of all running processesProcess (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...
on the system. This list includes services
Windows Service
On Microsoft Windows operating systems, a Windows service is a long-running executable that performs specific functions and which is designed not to require user intervention. Windows services can be configured to start when the operating system is booted and run in the background as long as...
and processes from other accounts. Prior to Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
, process names longer than 15 characters in length are truncated. Beginning with Windows XP, the Delete key can also be used to terminate processes on the Processes tab.
Right-clicking a process in the list allows changing the priority the process has, setting processor affinity (setting which CPU(s) the process can execute on), and allows the process to be ended. Choosing to End Process causes Windows to immediately kill the process. Choosing to "end Process Tree" causes Windows to immediately kill the process, as well as all processes directly or indirectly started by that process. Unlike choosing End Task from the Applications tab, when choosing to End Process the program is not given warning nor a chance to clean up before ending. However, when a process that is running under a security context different than the one of the process which issued the call to TerminateProcess, the use of the KILL command line utility is required.
By default the processes tab shows the user account the process is running under, the amount of CPU, and the amount of memory the process is currently consuming. There are many more columns that can be shown by choosing Select columns... from the View menu.
Performance
The performance tab shows overall statistics about the system's performance, most notably the overall amount of CPU usage and how much memory is being used. A chart of recent usage for both of these values is shown. Details about specific areas of memory are also shown.There is an option to break the CPU usage graph into two sections; kernel mode time and user mode time. Many device drivers, and core parts of the operating system run in kernel mode, whereas user applications run in user mode. This option can be turned on by choosing Show kernel times from the View menu. When this option is turned on the CPU usage graph will show a green and a red area. The red area is the amount of time spent in kernel mode, and the green area shows the amount of time spent in user mode.
Networking
The Networking tab, introduced in Windows XP, shows statistics relating to each of the network adapters present in the computer. By default the adapter name, percentage of network utilization, link speed and state of the network adapter are shown, along with a chart of recent activity. More options can be shown by choosing Select columns... from the View menu.Users
The Users tab, also introduced in Windows XP, shows all users that currently have a session on the computer. On server computers there may be several users connected to the computer using Terminal Services. As of Windows XP, there may also be multiple users logged onto the computer at one time using the Fast User Switching feature. Users can be disconnected or logged off from this tab.Tiny footprint mode
In some versions of Windows (including Windows 2000 and Windows NT 4.0), Task Manager has an alternate interface without any menu options or tabs. This is called the Tiny Footprint mode. Double-clicking on any empty space besides the data and/or menus changes Task Manager into this mode; double-clicking in the border switches it back.Tiny Footprint mode shows the data of the tab selected when Tiny Footprint mode is entered. In some versions of Windows, the keyboard shortcuts Ctrl+Tab, Ctrl+Shift+Tab or Ctrl+PageUp/PageDown may be used to cycle through the Tiny Footprint view for each tab normally visible outside of this mode. Tiny Footprint mode does not show the memory usage graph if the tab selected is Performance.
Windows Vista changes
Windows Task Manager has been updated in Windows VistaWindows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
with new features, including:
- A "Services" tab to view and/or modify currently running servicesWindows ServiceOn Microsoft Windows operating systems, a Windows service is a long-running executable that performs specific functions and which is designed not to require user intervention. Windows services can be configured to start when the operating system is booted and run in the background as long as...
and start and stop any service as well as enable/disable the UACUser Account ControlUser Account Control is a technology and security infrastructure introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed version also present in Windows 7 and Windows Server 2008 R2...
file and registry virtualization of a process. - New "Description" column to see the full name and path of a process and its DEPData Execution PreventionData Execution Prevention is a security feature included in modern operating systems.It is known to be available in Linux, Mac OS X, and Microsoft Windows operating systems and is intended to prevent an application or service from executing code from a non-executable memory region. This helps...
and virtualization status. - By right-clicking on any process, it is possible to directly open the Properties of the process executableExecutableIn computing, an executable file causes a computer "to perform indicated tasks according to encoded instructions," as opposed to a data file that must be parsed by a program to be meaningful. These instructions are traditionally machine code instructions for a physical CPU...
or the directory (folder) containing the process. - The Task Manager has also been made less vulnerable to attack from remote sources or viruses as it must be operating under administrative rights to carry out certain tasks, such as logging off other connected users or sending messages. The user must go into the "Processes" tab and click "Show processes from other users" in order to verify administrative rights and unlock these privileges. Showing processes from all users requires all users including administrators to accept a UACUser Account ControlUser Account Control is a technology and security infrastructure introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed version also present in Windows 7 and Windows Server 2008 R2...
prompt, unless UAC is disabled. If the user is not an administrator, they must enter a password for an administrator account when prompted to proceed, unless UAC is disabled, in which case the elevation does not occur. - By right-clicking on any running process, it is possible to create a dumpCore dumpIn computing, a core dump consists of the recorded state of the working memory of a computer program at a specific time, generally when the program has terminated abnormally...
. This feature can be useful if an application or a process is not responding, so that the dump file can be opened in a debuggerDebuggerA debugger or debugging tool is a computer program that is used to test and debug other programs . The code to be examined might alternatively be running on an instruction set simulator , a technique that allows great power in its ability to halt when specific conditions are encountered but which...
to get more information. - The Shutdown menu containing Standby, Hibernate, Turn off, Restart, Log Off and Switch User has been removed.
- The Performance tab shows the system uptimeUptimeUptime is a measure of the time a machine has been up without any downtime.It is often used as a measure of computer operating system reliability or stability, in that this time represents the time a computer can be left unattended without crashing, or needing to be rebooted for administrative or...
.
Security issues
Task Manager is a common target of computer virusesComputer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
and other forms of malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
; typically malware will close the Task Manager as soon as it is started, so as to hide itself from users. Variants of the Zotob
Zotob (computer worm)
"The Zotob worm and several variations of it, known as Rbot.cbq, SDBot.bzh and Zotob.d, infected computers at companies such as ABC, CNN, The Associated Press, The New York Times, and Caterpillar Inc." — Business Week, August 16, 2005....
and Spybot
Spybot worm
The Spybot worm is a large family of computer worms of varying characteristics. Although the actual number of versions is unknown, it is estimated to be well into the thousands...
worms have used this technique, for example. Using Group Policy
Group Policy
Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules that control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and...
, it is possible to disable the Task Manager. Many types of malware also enable this policy setting in the registry. Rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...
s can prevent themselves from getting listed in the Task Manager, thereby preventing their detection and termination using it.
Applications tab
- Task manager defines Application or Task as a window owned by a specific thread. Not all windows are shown in this view. For example, modal dialogs (windows for which there is not a separate thread) do not appear. This is why many dialogs and error messages are not shown. The term Task used in the first column can be confusing, as there is no inherent concept of Tasks on Windows Operating System, except those configured in the Task Scheduler to run periodically.
- The Status column shows the status of the thread that owns a window, in terms of windows message processing. When the status of an application appears as Running this indicates that the thread is responsive to windows messages. When the status appears as Not Responding it means that the thread is not, at the moment, responsive to windowing messages. It could be waiting (sometimes referred to as "blocked") for other events such as I/O requests, or executing compute-bound code.
Processes tab
- The Mem Usage column on the Processes shows the processes' working setWorking setPeter Denning defines “the working set of information W of a process at time t to be the collection of information referenced by the process during the process time interval ”. Typically the units of information in question are considered to be memory pages...
.
- The VM Size column (not shown by default) is not the amount of virtual memory used by the process; it is actually the process's private bytes.
- The CPU column is calculated by trimming the CPU consumption to fit in a two-digit fashion, which can be inaccurate. A process consuming 0.9% of CPU will be reported as 00 in Task Manager.
- The System Idle Process is the first process that is created when Windows is loaded, and it always has a process ID of 0. There is one thread in the System Idle Process for each CPU in the system. When the CPU has no other work to do, the Windows scheduler selects the CPU's corresponding idle thread for execution. The accumulated CPU time of this process therefore shows the total CPU time that has not been used. In early versions of Windows NT the idle threads were short idle loops consisting primarily of a "halt" instruction; in later Windows versions, the idle threads invoke more sophisticated methods of CPU power management.
The layout can be configured by the user by selecting "View" then "Select Columns..." from the menu. Up to thirty different columns (depending on the version of Windows) can be selected for display including various memory and I/O options and the number of handles and threads in use.
Performance tab
- Interrupts and DPC time are shown on the CPU graph, which may lead to the confusing situation where the Performance tab shows significant CPU usage, while the Processes tab shows the system is completely idle.
- Prior to Windows Vista, the second graph was named PF Usage and Page File Usage History, when in fact it represented Commit Charge and Commit Charge History.
- Windows Memory Manager optimizes physical memory to achieve best performance by implementing a shared memory mechanism. Mapped files such as DLLs used by multiple processes are instantiated one single time in physical memory, and then shared across all referring processes. As memory consumption is accounted individually for each process, the total of all process working setWorking setPeter Denning defines “the working set of information W of a process at time t to be the collection of information referenced by the process during the process time interval ”. Typically the units of information in question are considered to be memory pages...
s will commonly be larger than the actual total memory being used.
Tasks under Windows 9x
A Close Program dialog boxDialog boxIn a graphical user interface of computers, a dialog box is a type of window used to enable reciprocal communication or "dialog" between a computer and its user. It may communicate information to the user, prompt the user for a response, or both...
comes up when Ctrl+Alt+DelControl-Alt-DeleteControl-Alt-Delete is a computer keyboard command on IBM PC compatible systems that can be used to reboot the computer, and summon the task manager or Windows Security in more recent versions of the Microsoft Windows operating system...
is pressed in Windows 9xWindows 9xWindows 9x is a generic term referring to a series of Microsoft Windows computer operating systems produced since 1995, which were based on the original and later modified Windows 95 kernel...
. Also, in Windows 9x, there is a program called Tasks (TASKMAN.EXE) located in the Windows directory. TASKMAN.EXE is rudimentary and has fewer features. The System MonitorSystem MonitorSystem Monitor is a program in Windows 95, 98 and Me that is used to monitor various activities on a computer such as CPU usage or memory usage...
utility in Windows 9x contains process and network monitoring functionality similar to that of the Windows Task Manager. (Also, Tasks program is called by clicking twice on desktop if Explorer process is down.)
External links
- How to use and troubleshoot issues with Windows Task Manager — Microsoft Help and Support