Detailed description of Task Manager 2

Source: Internet
Author: User
Tags eventvwr

(Vii,Open Task Manager

 

1. Right-click the task bar and click "Task Manager ".

2. In "start"-"run", click "taskmgr.exe ".

3. Press CTRL + ALT + DEL on the keyboard.

4. Press Ctrl + Shift + ESC on the keyboard.

5. File Path: % SystemRoot % \ system32 \ taskmgr.exe

 

Description: Differences between "CTRL + ALT + DEL" and "Ctrl + Shift + ESC.

In Windows 9x/2000/XP, we usually press Alt + Ctrl + DEL to open the task manager. in Windows 2000/XP, we have another option: "Shift + Ctrl + ESC ". However, in Windows XP, the functions of these two combined hotkeys are different:
(1) In any case, use the "Shift + Ctrl + ESC" key combination to directly open the task manager.
(2) If you enable the "use welcome screen" function in the "User Account" setting, press "Alt + Ctrl + DEL" to directly open the task manager, however, the "shutdown" option will be added to the menu, which provides functions such as "standby", "Sleep", "logout", and "locking the computer. If the "use Quick User Switch" function is enabled in the "User Account" setting, an additional "user" item will be added to the tag in the task manager, you can disconnect or log out of the current user. If you disable "use welcome screen" and press "Alt + Ctrl + DEL", the "Windows Security" dialog box is displayed, to open the task manager, click the "Task Manager" button or press the "T" key. The "shutdown" menu and "user" tab are not displayed in the task manager.

 

Average,What if the task manager cannot be opened normally?

 

1. If you use 1 limit 4 in the method described above, there is no response. In step 5, find the folder where taskmgr.exe is located.

Double-click taskmgr.exe. If there is no response and no prompt, the general situation is that taskmgr.exe is hijacked by the image.

. If you double-click taskmgr123.exeto open the task manager, you can identify that task gr.exe is hijacked by the image.

 

Solution:

①, In "start" -- "run", type "Regedit", open the Registry Editor, and locate HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution options. Then, find taskmgr.exe in its branch, delete the file directly.

② Run "CMD/K Reg Delete" HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution options \ taskmgr.exe "/F" (excluding.

 

2. If taskmgr.exedoes not exist in c: \ windows \ system32 \, the image name is invalid when task gr.exe is running.

 

Cause: Generally, taskmgr.exe may be damaged or deleted by anti-virus software due to virus infection.

 

Solution: Copy the normal file to the % SystemRoot % \ system32 \ directory.

 

3. if you double-click "1" and the system prompts "Windows cannot access the specified device, path, or file. You may not have the right permissions to access this project"

 

Cause: Permission settings.

 

Solution:

① Confirm that the permissions of the current user account are correct.

Click "taskmgr.exe" at the right of the file and select "security" to append the user and account to it.

 

4. If you want to copy taskmgr.exe to another folder in the check process described in step 1, you can run it normally without renaming it.

 

Cause: Generally, it is because taskmgr.exe is restricted by the path rules in the Group Policy's "Software Restriction policy.

 

Solution: In "start" -- "run", type "gpedit. MSC, to open the Group Policy, expand "Computer Configuration"> "Windows Settings"> "Security Settings"> "Software Restriction Policy"> "other rules ", find the path and file name that contain taskmgr (for example, "% SystemRoot % \ system32 \ taskmgr.exe" or "C: \ windows \ system32 \ taskmgr.exe") and delete it.

 

Description: We can see the system's limit record on taskmgr In the event viewer. In the process, type "eventvwr. msc" in "start"> "run" to open "Event Viewer" and expand "application ". Find the record with the type "warning", the time is the time when the task manager does not respond, the source is "Software Restriction Policies", and the event is "866", then you can see "for C: the access to \ windows \ system32 \ taskmgr.exe is limited by the Policy Rule {d508aaf9-27c8-4280-a696-1886cdc6c704} on the path c: \ windows \ system32 \ taskmgr.exe by your administrator.

 

5. If taskmgr.exeis copied to another folder and its name is renamed, task gr.exe still cannot run and there is no prompt.

 

Cause: Generally, it is because taskmgr.exe is restricted by the "hash rule" in the "Software Restriction Policy" of the Group Policy.

 

Solution: In "start" -- "run", type "gpedit. MSC, to open the Group Policy, expand "Computer Configuration"> "Windows Settings"> "Security Settings"> "Software Restriction Policy"> "other rules ", find related information including taskmgr (such as "Windows taskmanager ......") Delete it.

 

Description: We can see the system's limit record on taskmgr In the event viewer. In the process, type "eventvwr. msc" in "start"> "run" to open "Event Viewer" and expand "application ". Find the record with the type "warning", time is the time when the task manager does not respond, source is "Software Restriction Policies", and event is "868, as you can see, "your administrator's access to c: \ windows \ system32 \ taskmgr.exe is restricted by rule {8af5e11e-0c52-4ecb-b5d2-0df81af3e4f7." .

 

Tips: When taskmgr.exeis restricted by the hash, taskmgr.exe is selected. The file hash is "570d8194f898dac39dd071db0e9db75f: 122880: 32771" and the file information is automatically:

 

Windows taskmanager
Microsoft (r) Windows (r) Operating System
Microsoft Corporation
Taskmgr.exe (5.1.2600.5512)

 

6. During the process of opening the task manager, right-click the task bar and the "Task Manager" is gray and cannot be clicked. In "run", type "taskmgr", and the message "the task manager has been disabled by the system administrator" is displayed ".

 

Cause: The Task Manager is disabled by the Group Policy.

 

Solution:

①. In "start"-"run", type "gpedit. MSC, to open the Group Policy, expand "user configuration"> "management template"> "system"> "CTRL + ALT + DEL option ", set "delete" Task Manager "to" not configured "(recommended) or" disabled.

 

② In "start" -- "run", type "Regedit" to open the Registry Editor, and expand the "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System" branch in sequence, find the "disabletaskmgr" item on the right. Its type is REG_DWORD. If its value is set to 1, it is disabled. If it is set to 0, it is enabled. You can directly delete it or change its value to 0.

 

7. Information in the "username" column of the "process" tab of the "Task Manager" is lost (displayed as blank ).

 

Cause: The Terminal Services Service is disabled.

 

Service name: Termservices

Display name: Terminal Services

Startup path: C: \ windows \ system32 \ svchost-K dcomlaunch

Recommended settings: Manual or automatic (Recommendation). In manual mode, the system usually starts the manual mode as needed, but it is not recommended to stop or even disable it.

Description: Allows multiple users to connect to and control a machine and display desktops and applications on a remote computer. This is the infrastructure of Remote Desktop (including the Administrator's Remote Desktop), quick user conversion, remote assistance, and terminal servers.

Dependency:

The running dependency service of this service: Remote Procedure Call (RPC)

Other services depend on this service: Fast User Switching Compatibility

 

Solution: Run the "services. msc" command to open the service settings window and restart the Terminal Services Service.

 

Average,Some Problems in the use of task manager

 

1,Select window control.

 

We use commands such as "stacked window" and "horizontally tiled window" in the right-click menu on the taskbar to control the layout of all windows. But how many windows are there? One way is to press Ctrl, select the window to be controlled in the taskbar, right-click and select the appropriate command.

Another method is: under the "application" tab of the task manager, press Ctrl and select the program to be operated, right-click the program, and select the corresponding command, this method is better than the first method. If we open a large number of windows, we often cannot see what the window is in the taskbar, which may lead to misoperations, but it is different in the task manager.

 

2,The application "task" cannot be ended immediately ".

 

Quick Solution: Right-click the application name and select "go to process". At this time, the task manager automatically switches from the "application" tab to the "process" tab, select blue for the corresponding process image name. In this case, you can simply "End the process.

 

Warning: Terminating a process will result in unwanted results, including data loss and system instability. Before termination, the process has no chance to save its status and data. Generally, this is done only when the task of the process cannot be normally exited or has no response, or the process is confirmed to be unnecessary. Try to avoid terminating the process when the task is suspended. Meanwhile, malicious processes may adopt the same name or approximate name as key or common processes in the system.

 

3,The application process cannot be ended immediately ".

 

Quick Solution: Run "ntsd-C q-p pid" at the "Command Prompt ". Or run CMD/K ntsd-C q-p pid in "run ". PID is the process identifier. You can click "View"> "Select column" under the "process" tab and select "PID (process identifier )", the identifier of the process. The-p parameter indicates that the PID is followed by the process. The-C q parameter indicates that the DEBUG command to exit ntsd is executed, and the above parameters are passed from the command line.

 

Warning: User-mode debugging tool ntsd, which can kill most processes, because the processes attached to the debugger will exit with the debugger, so as long as you use ntsd in the command line to call up a process, then exit ntsd to terminate the process. Using ntsd will automatically obtain the debug permission. Therefore, ntsd can kill most processes.

Therefore, when using the ntsd command, you must confirm that the PID is correctly typed and that the process is non-system-critical. The process does not need or cannot respond normally. Try to avoid terminating the process when the task is suspended. Meanwhile, malicious processes may adopt the same name or approximate name as key or common processes in the system.

 

4,Reduces the priority of a process.

 

Why do we propose "downgrading" instead of "Improving? In actual use, improving the process priority of applications for Single-core CPU Systems will lead to such problems, it is generally recommended that applications that consume too much resources Reduce the priority of their processes.

 

Operation: Click the application process to change, select "set priority", and select "lower than standard" (recommended) or "lower ", so that Windows can allocate more resources to other processes.

 

5,About creating a new task.

 

In some special cases, shell Explorer cannot be started normally, or features such as "running" cannot be used normally (BLOCKED), we can press the "CTRL + ALT + DEL" key combination, open the task manager. In its "file"-"New Task", that is, "Create a new task", we can try to open the required program or run the command.

 

Description: Click "cmder.exe" to run the shell program. Or use "Browse" to find the program. If Explorer fails to start loading because the startup Item of Explorer is modified, run "CMD/K Reg Add" HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon "/V shell/T REG_SZ/D" % SystemRoot % \ assumer.exe "/F & assumer.exe ", to reset it to start and run.

 

6,Quick shutdown.

 

Call the "Task Manager", press the "Ctrl" key, and click "Shut Down" in the window menu -- "close". The computer will be shut down in one second.

 

Warning: Using this technique may cause at least the following faults. We recommend that you use this technique with caution.
① The system may request a disk scan for the second time when the system starts up. This technique may be used multiple times to find more disk logic errors.
② Users who use the virtual optical drive may experience loss of system settings.
③ When shutdown, there is no prompt for the document being edited or the program that has not been saved, resulting in data loss.

 

7,Double-click ".

 

Many friends use the Task Manager countless times every day, but they do not know that there are many tips for "double-click:
① Double-click the border area of the task manager to display the task manager in "Tiny footprint mode" (simplified mode, which hides the menu bar and Media Player provides similar functions, double-click again to switch to full mode.
② Switch to the "application" tab and double-click a program in a list to bring the program to the front of the window, this technique is especially effective when the Windows XP taskbar does not respond frequently. We will not use it in the taskbar to click the front of the window to switch. However, when using this function, make sure to deselect "option"> "front-end display". Otherwise, the tip is invalid.
③ Switch to the "application" tab and double-click any blank space in the window to quickly minimize the task manager.
④ Switch to the "performance" and "networking" labels, and double-click any area of the window to display the corresponding graph in full screen mode for easy viewing.

 

8,About unexpected processes.

 

In this case, we double-click QQ continuously (similar to other programs). As a result, QQ did not respond, and clicking again still did not respond. Where is the problem? How can this problem be solved?

 

Cause: Due to unknown reasons, QQ encountered problems during the initialization process, and the process was not exited from the memory, resulting in subsequent processes (the QQ we clicked later) and cannot be initialized normally.

 

Solution: In the "process" of the task manager, it is normal to end all QQ processes and re-open QQ.

 

Description: Sometimes we run the "Outlook firewall" process. If you run the QQ 2004 ghost process, stop them.

 

9,Common system process description.

 

Description: For space reasons, only the necessary system processes under Windows XP SP3 (Pro) (NTFS file system) are listed here.

 

  Process File: [System process] or [system idle process]

  Process name: Windows Memory Processing System Process
  Description: Windows page memory management process, with level 0 priority.
  Jieshao: This process runs on each processor as a single thread and distributes the Time of the processor when the system does not process other threads. The larger the CPU usage, the more CPU resources available for allocation, and the smaller the number, the CPU resources are insufficient.

 

  Process File: System or System
  Process name: Windows System Process
  Description: Microsoft Windows system process.
  Jieshao: This process is a normal system process in the task manager. It is mainly used to load system-level files such as drivers.

 

  Process File: CSRSS or csrss.exe
  Process name: Client/Server Runtime Server Subsystem
  Description: Client Service subsystem used to control Windows Graphics subsystems.
  Jieshao: This is part of the user mode Win32 subsystem. CSRSS stands for the customer/server operation subsystem and is a basic subsystem that must always run. CSRSS is used to maintain Windows Control, create or strikethrough threads and some 16-bit virtual MS-DOS environments.

 

  Process File: Explorer or assumer.exe
  Process name: Program Management (shell program)
  Description: Windows program manager or Windows Explorer is used to control Windows Graphics shell, including Start Menu, taskbar, desktop and file management.
  Jieshao: This is a user's shell. It looks like a task bar, a desktop, and so on. Or it is the resource manager.

 

  Process File: LSASS or lsass.exe
  Process name: Local security permission Service
  Description: This local security permission Service controls the Windows security mechanism. Manage IP Security Policies and start ISAKMP/Oakley (IKE) and IP Security drivers.
  Jieshao: This is a local security authorization service, and it will generate a process for authorized users using the Winlogon service. This process is executed by using an authorized package, such as the default MSGINA. dll. If the authorization succeeds, LSASS will generate the user's access token. Do not use the start initial shell as the token. Other user-initiated processes will inherit this token.

 

  Process File: Services or services.exe
  Process name: Windows Service Controller
  Description: Manage Windows Services.
  Jieshao: Most of the system's core mode processes are running as system processes. Open the services in the management tool and you can see that many services are calling % SystemRoot % \ system32 \ service.exe

 

  Process File: SMSs or smss.exe
  Process name: Session manager subsystem
  DescriptionThe process is used by the session management subsystem to initialize system variables. The MS-DOS driver name is similar to LPT1 and COM. It calls the Win32 shell sub-system and runs in the Windows login process.
  Introduction: This is a session management subsystem that starts user sessions. Threads) and set system variables. After it starts these processes, it waits until Winlogon or CSRSS ends. If these processes are normal, the system will shut down. If something unexpected occurs, smss.exe will stop the system from responding (that is, suspending ).

 

  Process File: Svchost or svchost.exe
  Process name: Service host process
  Description: Service host process is a standard dynamic Connection Library host processing service.
  Jieshao: The svchost.exe file is a common host process name for services running from the dynamic Connection Library. The svhost.exe file is located in the % SystemRoot % \ system32 folder of the system. At the startup time, svchost.exe checks the location in the Registry to build the list of services to be loaded. This will allow multiple svchost.exe to run at the same time. Each session of svchost.execontains a set of services, so that the unique service depends on how svchost.exe is started and where it is started. This makes it easier to control and locate errors. Windows 2000 generally has two svchost processes. One is the RPCSS (Remote Procedure callrule service process, and the other is a svchost.exe shared by many services. In Windows XP, there are generally four svchost.exe service processes, but more in Windows 2003 Server.

 

  Process File: Winlogon or winlogon.exe
  Process name: Windows logon process
  Description: Windows NT user login program. This process manages user logon and exit. Winlogon is activated when you press CTRL + ALT + DEL to display the security dialog box.

 

  Process File: Spoolsv or spoolsv.exe
  Process name: Printer Spooler Service
  Description: Windows Print task control program for printer readiness.
  JieshaoThe Spooler Service is used to manage print and fax jobs in the buffer pool.

  Description: If you do not use a printer, you can stop or disable the Print Spooler service. This process is not required. But he is required by the printer ......

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.