At first glance Task Manager looks like nothing more than a geeky way to tell you what you already
know, the names of the programs running on your PC.
Explore out favourite Task Manager tricks, though, and you'll find all kinds of options for
monitoring your system, detecting and resolving problems, especially in its most modern Windows
Vista/Windows 7 incarnation. Here's what you need to know.
1. Browse your processes
Press Ctrl+Shift+Esc to launch Task Manager. By default the first thing you'll see is the
Applications tab, but this is misleadingly named and of little much use as it just lists top-level
windows. If you want to see what's actually running on your PC then click the Processes tab, click
"Show processes from all users", and scroll down the list. If you don't know what a process is then
right-click it and select Properties to get more information, such as the folder where it's stored,
which will usually offer additional clues.
2. Troubleshoot startup problems
Windows Media Player is known to crash from time to time (you may have noticed this).
Occasionally it'll crash without having any visible window, though, so you won't see there's a
problem. Then, when you come to restart the program, nothing will happen because it's blocked by
the crashed copy in RAM.
If you find Windows Media Player won't launch, then, fire up Task Manager, click the Processes tab
and look for a WMPlayer.exe process. If you find one, and there's no window, then it's probably
crashed. Right-click it in Task Manager, select End Process, and once it's shut down you should be
able to start Media Player as normal.
Much the same problem can happen with other applications, so if something won't start, or is just
misbehaving, then it's always a good idea to look for previous instances of the program. Don't use
the "End Process" on anything unless you're 110% sure that it's safe to do so, though - terminating
something system-critical can lock up or crash your PC immediately.
3. View memory use
It's often interesting to see which programs are using all your RAM. To find out, click the Processes
tab, then click View > Select Columns, and ensure Memory - Working Set and Memory - Private
Working Set are checked. You'll now see two estimates for your processes use of RAM.
The first, "Memory - Working Set" shows you how much physical memory is currently being taken
up by each process. Some of this RAM may be shared by other processes, though (shared DLLS, for
instance) so this figure tends to overestimate memory use.
The second, "Memory - Private Working Set" shows you how much physical memory this process
alone is using (that is, it can't shared with anyone else). It will almost certainly consume additional
RAM, though, so this figure tends to underestimate memory use. It's a little more reliable than the
Working Set alone, but really you need to see both.
Now click the "Memory (Private Working Set)" column header so the largest figures are at the top.
You'll immediately get a good feel for where your RAM is going, and which programs (if any) you
need to close or tweak to get some of it back.
RAM HOGS: Find out which programs are hogging your RAM in seconds
4. Identify RAM-hogging services
Your list of processes should contain many called svchost.exe (if not, then you've not clicked "Show
processes from all users"). This is the service host, a process that's used to run several Windows
services. But what if this turns out to be grabbing large amounts of RAM? Which services might be
To find out more, right-click a particular svchost.exe and select Go To Services. Task Manager will
open the Services tab and all the services managed by this particular instance of svchost.exe will be
highlighted. Task Manager has no way to tell you how much each RAM each of the services are
consuming individually, unfortunately, but this does at least greatly reduce your options. (And a
hint: in most Windows Vista installations, ReadyBoost is by far the greatest resource-hogging
5. Diagnose disk thrashing
Ever wondered exactly why your hard drive's been thrashing for ages, even though there's no-one at
the PC? Click the Task Manager Processes tab, then click View > Select Columns, and check I/O
Read Bytes and I/O Write Bytes. Click OK.
The new columns will show you the total amount of data read or written by a process, which applies
to network activity as well as your hard drive. The busiest processes will have the largest figures,
and if a process is active now then its totals will tick up as you watch.
6. Spot resource leaks
Sometimes processes grab more and more Windows resources, without ever quite getting around to
releasing them. 32-bit Windows in particular has only a limited supply, and if this goes on for too
long then your PC will become unreliable, then eventually lock up or crash.
Task Manager can help you spot a resource leak, though. Click the Processes tab, then click View >
Select Columns, check Handles, User Objects and GDI Objects, and click OK. Now check these
occasionally, along with the memory figures we mentioned earlier. Some of these may rise
dramatically, on occasions - an antivirus tool will use many more handles when scanning, for
instance, as they're used when accessing files - but if a particular resource figure is high, keeps
rising, and never falls back to its starting point, then you may have a problem.
7. Stop a runaway process
If a particular process has gone rogue, using all your CPU time and reducing everything else to a
crawl, then Task Manager may be able to help.
First, press Ctrl+Shift+Esc and wait for Task Manager to appear. If your runaway process is
completely tying up the CPU then this can take a while, but if you don't want to reboot (you've an
application with unsaved data, say) then be patient. We'd give it at least 10 or 15 minutes.
When Task Manager appears, look for the process consuming all your CPU time (click Processes,
then click View > Select Columns and check CPU if that column isn't displayed). If you want to kill
the process completely, then you could right-click it, select End Process and it'll die (most of the
This doesn't always work out as you expect, though. If the process is system-critical, maybe a
Windows component, then terminating it may crash your system immediately (and it always
introduces a risk of system instability). If you've data you need to save elsewhere then it may be
better to try and slow down the rogue process, reduce its grab on your resources, so you can use
other programs again and close everything down properly. Fortunately Task Manager can help here,
Right-click your CPU-hogging process, select Set Priority > Low, and Windows should immediately
give more CPU time to just about everything else on your PC. The program will still be running, it
just shouldn't interfere with other apps to the same degree, and they should be accessible again.
If there are still problems, right-click the process and select Set Affinity. This option lets you decide
which CPU cores a process can use. If you clear one of these then that core will become available to
other applications, which should significantly improve their performance.
8. Understand CPU utilisation
Occasionally your PC will seem slow, as though something is using all your CPU time, but the
regular CPU column won't display an obvious candidate. So what's going on?
Launch Task Manager, and click the Performance tab to see a graph of your CPU Usage History: it's
pretty, but there's more to it than that. Click View and select Show Kernel Times (so it's checked).
What you'll now see is two graph lines: one green, representing total CPU utilisation, and one red,
representing the time consumed by the kernel.
When the green peaks are high, red peaks low then the culprit is a user mode process, probably just
a regular application. But if the red peaks are consistently high then that shows your CPU time is
being grabbed by something in the kernel, probably a driver, but perhaps also a Windows
component, maybe even some deeply embedded malware.
FIND THE CULPRIT: Is a buggy driver grabbing too much CPU time? The Performance graph
can offer useful clues
9. Create a dump file
If a program has locked up then you may able to use the Windows Debugging Tools to find out
Launch Task Manager first, click the Processes tab, right-click the hung process and select Create
Dump File. When the process file has been written then Task Manager will give you its name and
Then launch the debugger WinDbg, and click File > Open Crash Dump File. Entering the analyze -
hang command may tell you more about why a program has locked up, and if not then you can
always use other debugger commands to tell you more about the process, its use of RAM, and so on
(see the debugger documentation for details).
10. Control your services
If you need to stop or start a Windows service then you could launch the Services applet
(services.msc). But why bother? In Windows Vista or 7 it's much quicker to do it from Task
Manager. Just click the Services tab, right-click the service you need, and choose the Start or Stop
Be careful, though - stopping a critical Windows service can result in your PC locking up
immediately (and tinkering with some third-party services is almost as serious). Don't try this unless
you know exactly what you're doing.
11. Restart Explorer
Have the taskbar and desktop disappeared for no apparent reason? Explorer has probably crashed:
press Ctrl+Shift+Esc and press the Processes tab to check for yourself. If Explorer.exe isn't listed
then click File > New Task, type Explorer.exe and click OK to restart it.
Or, if Explorer won't start, your system is generally trashed and you'd like to reboot gracefully, then
enter the command shutdown -r and your system should restart.