Windows shell,
Windows kernel
Windows Shell: Provides a graphical user interface that you use to open your applications.
Windows Kernel: The core of the operating system that responsible for interaction from the operating system and the hardware.
How windows manages applications
Task Manager
Task Manager Extra Tabs
Administrative Tools
System configuration
Services Console
An application consists of one or more processes. A process, in the simplest terms, is an executing program. One or more threads run in the context of the process. A thread is the basic unit to which the operating system allocates processor time. A thread can execute any part of the process code, including parts currently being executed by another thread.
A job object allows groups of processes to be managed as a unit. Job objects are namable, securable, sharable objects that control attributes of the processes associated with them. Operations performed on the job object affect all processes associated with the job object.
A thread pool is a collection of worker threads that efficiently execute asynchronous callbacks on behalf of the application. The thread pool is primarily used to reduce the number of application threads and provide management of the worker threads.
(www.microsoft.com, N.A.)
See details about your computer's performance using Task Manager
The Performance tab in Task Manager provides advanced details about how your computer is using system resources, such as random access memory (RAM) and the central processing unit (CPU).
Open Task Manager by right-clicking the taskbar, and then clicking Start Task Manager.
Click the Performance tab.
Performance graphs
The Performance tab includes four graphs. The top two graphs show how much CPU is being used both at the moment and for the past few minutes. (If the CPU Usage History graph appears split, your computer either has multiple CPUs, a single dual-core CPU, or both.) A high percentage means that programs or processes are requiring a lot of CPU resources, which can slow your computer. If the percentage appears frozen at or near 100%, then a program might not be responding. For more information, see Exit a program that isn't responding.
The bottom two graphs display how much RAM, or physical memory, is being used in megabytes (MB) both at the current moment and for the past few minutes. The percentage of memory being used is listed at the bottom of the Task Manager window. If memory use seems consistently high or slows your computer's performance noticeably, try reducing the number of programs you have open at one time or install more RAM. For more information, see Preventing low memory problems.
To view memory use for individual processes on your computer, click the Processes tab. The Memory (Private Working Set) column is selected by default. Private working set is a subset of working set, a technical term that describes how much memory is being used by each process. Private working set specifically describes the amount of memory a process is using that can't be shared by other processes.
If you are an advanced user, you might want to view other advanced memory values on the Processes tab. To do so, click View, click Select Columns, and then select a memory value:
Memory - Working Set. Amount of memory in the private working set plus the amount of memory the process is using that can be shared by other processes.
Memory - Peak Working Set. Maximum amount of working set memory used by the process.
Memory - Working Set Delta. Amount of change in working set memory used by the process.
Memory - Commit Size. Amount of virtual memory that is reserved for use by a process.
Memory - Paged Pool. Amount of committed virtual memory for a process that can be written to another storage medium, such as the hard disk.
Memory - Non-paged Pool. Amount of committed virtual memory for a process that can't be written to another storage medium.
Performance tables
Three advanced tables below the graphs list various details about memory and resource usage. Under Physical Memory (MB), Total is the amount of RAM installed on your computer, listed in megabytes (MB). Cached refers to the amount of physical memory used recently for system resources. Available is the amount of memory that's immediately available for use by processes, drivers, or the operating system. Free is the amount of memory that is currently unused or doesn't contain useful information (unlike cached files, which do contain useful information).
Under Kernel Memory (MB), Paged refers to the amount of virtual memory being used by the core part of Windows, called the kernel. Non-paged is the amount of RAM memory used by the kernel.
The System table includes five fields:
Handles. Number of unique object identifiers in use by processes. This value is mostly of interest to IT professionals and programmers.
Threads. Number of objects or processes running within larger processes or programs. This value is mostly of interest to IT professionals and programmers.
Processes. Number of individual processes running on the computer (you can also view this information on the Processes tab).
Up Time. Amount of time that has passed since the computer has been restarted.
Commit (MB). A description of virtual memory use (also known as paging file use). The paging file is space on your hard disk that Windows uses in addition to RAM. The first number is the amount of RAM and virtual memory currently in use, and the second number is the amount of RAM and virtual memory available on your computer.
To view advanced information about how much memory and CPU resources are being used, click the Resource Monitor button. Resource Monitor shows graphical summaries like those in Task Manager, but in greater detail. It also includes more details about resources, such as disk use and network use.
(www.microsoft.com, N.A.)
To start Task Manager, use any of these methods:
Press CTRL+SHIFT+ESC.
Right-click the taskbar, and then click Task Manager .
Press CTRL+ALT+DEL, and then click Task Manager .
You can also start Task Manager from the command prompt or the Run dialog box.
Task Manager has three tabs: Applications , Processes , and Performance . While Task Manager is running, the status bar always displays the total number of processes, CPU use, and virtual memory use for the system. Note the following display possibilities:
All Task Manager columns can be resized.
Clicking a column sorts its entries in ascending or descending order.
Select Always on Top from the Options menu to keep the window in view as you switch between applications.
Press CTRL+TAB to toggle between tabs, or click the tab.
When Task Manager is running, an accurate miniature CPU usage gauge appears on the taskbar on the end opposite the Start button. When you place the mouse pointer over this icon, it displays the percentage of processor use in text format. The miniature gauge always matches the CPU Usage History chart on the Performance tab, as shown in Figure 5.9.
Figure 5.9 Task Manager CPU Gauge Shown on the Taskbar
To make Task Manager the top window, double-click the gauge, or right-click the gauge and then select Task Manager from the menu that appears.
If you run Task Manager frequently and do not want to see its button on the taskbar, click Hide When Minimized on the Options menu. To open an instance of Task Manager when it is hidden, click the Task Manager CPU gauge on the taskbar.
You can control the rate at which Task Manager updates its counts by setting the Update Speed option on the View menu.
High. Updates every half-second.
Normal. Updates once per second.
Low. Updates every 4 seconds.
Paused. Does not update automatically. Press F5 to update.
This will reduce Task Manager overhead, but might cause you to miss some data. You can force an update at any time by clicking Refresh Now on the View menu or by pressing F5.
In Task Manager , click the Processes tab to see a list of running processes and measures of their performance. The Task Manager process table includes all processes that run in their own address space, including all applications and system services.
To include those in the display, on the Options menu, click Show 16-bit Tasks . Figure 5.10 is an example of how Task Manager displays process information.
Figure 5.10 Processes Tab in Task Manager
Note
System Monitor displays its values in bytes, whereas Task Manager displays its values in kilobytes, which are units of 1,024 bytes. When you compare System Monitor and Task Manager values, multiply System Monitor values by 1,024.
To add to or remove performance measures from the display for the processes listed, on the View menu, click Select Columns . Table 5.5 briefly describes the measures and their System Monitor counterparts, if any.
Table 5.5 Comparison of Process Data Supplied by Task Manager and System Monitor
For more information about Task Manager and its use in monitoring processor and memory performance, see the following chapters in this book:
The Networking tab displays a graphical representation of network performance. It provides a simple, qualitative indicator that shows the status of the network(s) that are running on your computer. The Networking tab is displayed only if a network card is present.
On this tab, you can view the quality and availability of your network connection, whether you are connected to one or more than one network.
The Users tab displays users who can access this computer, and session status and names. Client Name specifies the name of the client computer using the session, if applicable. Session provides a name for you to use to perform such tasks as sending another user a message or connecting to another user’s session.
The Users tab is displayed only if the computer you are working on has Fast User Switching enabled, and is a member of a workgroup or is a standalone computer. The Users tab is unavailable on computers that are members of a network domain.
(www.microsoft.com, N.A.)
What are Administrative Tools?
Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users. The tools in the folder might vary depending on which version of Windows you are using.
Open Administrative Tools by clicking the Start button , and then clicking Control Panel. In the search box, type administrative tools, and then click Administrative Tools.
Many of the tools in this folder, such as Computer Management, are Microsoft Management Console (MMC) snap-ins that include their own help topics. To view specific help for an MMC tool, or to search for an MMC snap-in that you don't see in the following list, open the tool, click the Help menu, and then click Help Topics.
Some common administrative tools in this folder include:
Component Services. Configure and administer Component Object Model (COM) components. Component Services is designed for use by developers and administrators.
Computer Management. Manage local or remote computers by using a single, consolidated desktop tool. Using Computer Management, you can perform many tasks, such as monitoring system events, configuring hard disks, and managing system performance.
Data Sources (ODBC). Use Open Database Connectivity (ODBC) to move data from one type of database (a data source) to another. For more information, see What is ODBC?
Event Viewer. View information about significant events, such as a program starting or stopping, or a security error, which are recorded in event logs.
iSCSI Initiator. Configure advanced connections between storage devices on a network. For more information, see What is Internet Small Computer System Interface (iSCSI)?
Local Security Policy. View and edit Group Policy security settings.
Performance Monitor. View advanced system information about the central processing unit (CPU), memory, hard disk, and network performance.
Print Management. Manage printers and print servers on a network and perform other administrative tasks.
Services. Manage the different services that run in the background on your computer.
System Configuration. Identify problems that might be preventing Windows from running correctly. For more information, see Using System Configuration.
Task Scheduler. Schedule programs or other tasks to run automatically. For more information, see Schedule a task.
Windows Firewall with Advanced Security. Configure advanced firewall settings on both this computer and remote computers on your network.
Windows Memory Diagnostic. Check your computer's memory to see if it's functioning properly.
(www.microsoft.com, N.A.)
Using System Configuration (msconfig)
System Configuration is a tool that can help identify problems that might prevent Windows from starting correctly. You can start Windows with common services and startup programs turned off and then turn them back on, one at a time. If a problem doesn't occur when a service is turned off, but does occur when that service is turned on, then the service could be the cause of the problem.
System Configuration is intended to find and isolate problems, but it's not meant as a startup management program. To permanently remove or turn off programs or services that run at startup, see Uninstall or change a program.
The following table describes the tabs and options that are available in System Configuration:
(www.microsoft.com, N.A.)
A service can register to be started or stopped when a trigger event occurs. This eliminates the need for services to start when the system starts, or for services to poll or actively wait for an event; a service can start when it is needed, instead of starting automatically whether or not there is work to do.
You manage services with the Services snap-in for Microsoft Management Console (MMC), shown below. To view this snap-in, type services.msc at a command prompt. (You must have administrator privileges to gain full functionality in the Services console. Running as a standard user, you can view service settings, but you can’t start or stop most services, change the startup type, or make any other configuration changes.)
Use the Services console to start, stop, and configure services
The Extended and Standard views in the Services console (selectable by clicking a tab near the bottom of the window) have a single difference: The Extended view provides descriptive information of the selected service in the space at the left edge of the details pane. This space also sometimes includes links for starting, stopping, or pausing the selected service. Unless you need to constrain the console display to a small area of your screen, you’ll probably find the Extended view preferable to the Standard view.
The Services console offers plenty of information in its clean display. You can sort the contents of any column by clicking the column title, as you can do with other similar lists. To sort in reverse order, click the column title again. In addition, you can:
Start, stop, pause, resume, or restart the selected service, as described in the following section
Display the properties dialog box for the selected service, in which you can configure the service and learn more about it
Most of the essential services are set to start automatically when your computer starts, and the operating system stops them as part of its shutdown process. But sometimes you might need to manually start or stop a service. For example, you might want to start a seldom-used service on the rare occasion when you need it. (Because running services requires system resources such as memory, running them only when necessary can improve performance.) On the other hand, you might want to stop a service because you’re no longer using it. A more common reason, however, for stopping a service is because it isn’t working properly. For example, if print jobs get stuck in the print queue, sometimes the best remedy is to stop and then restart the Print Spooler service.
If a service allows pausing, try pausing and then continuing the service as your first step instead of stopping the service. Pausing can solve certain problems without canceling jobs in process or resetting connections.
Not all services allow you to change their status. Some prevent stopping and starting altogether, whereas others permit stopping and starting but not pausing and resuming. Some services allow these permissions to only certain users or groups. For example, most services allow only members of the Power Users and Administrators groups to start or stop them. Which status changes are allowed and who has permission to make them are controlled by each service’s discretionary access control list (DACL), which is established when the service is created on a computer.
To change a service’s status, select it in the Services console. Then click the appropriate link in the area to the left of the service list (if you’re using the Extended view and the link you need appears there). Alternatively, you can use the VCR-style controls in the toolbar, or right-click and choose the corresponding command.
You can also change a service’s status by opening its properties dialog box and then clicking one of the buttons on the General tab. Taking the extra step of opening the properties dialog box to set the status has only one advantage: You can specify start parameters when you start a service using this method. This is a rare requirement.
To review or modify the way a service starts up or what happens when it doesn’t start properly, view its properties dialog box. To do that, simply double-click the service in the Services console. The picture below shows an example.
(www.microsoft.com, N.A.)
You specify a service’s startup type on the General tab, where you can also find the actual name of the service above its display name.
On the General tab of the properties dialog box (pictured above), you specify the startup type:
Automatic (Delayed Start) The service starts shortly after the computer starts in order to improve start up performance and user experience.
Automatic The service starts when the computer starts.
Manual The service doesn’t start automatically at startup, but it can be started by a user, a program, or a dependent service.
Disabled The service can’t be started.
What information appears in event logs?
You must be logged on as an administrator to perform these steps. If you aren't logged on as an administrator, you can change only settings that apply to your user account, and some event logs might not be accessible.
Event logs are special files that record significant events on your computer, such as when a user logs on to the computer or when a program encounters an error. Whenever these types of events occur, Windows records the event in an event log that you can read by using Event Viewer. Advanced users might find the details in event logs helpful when troubleshooting problems with Windows and other programs.
Event Viewer tracks information in several different logs. Windows Logs include:
Application (program) events. Events are classified as error, warning, or information, depending on the severity of the event. An error is a significant problem, such as loss of data. A warning is an event that isn't necessarily significant, but might indicate a possible future problem. An information event describes the successful operation of a program, driver, or service.
Security-related events. These events are called audits and are described as successful or failed depending on the event, such as whether a user trying to log on to Windows was successful.
Setup events. Computers that are configured as domain controllers will have additional logs displayed here.
System events. System events are logged by Windows and Windows system services, and are classified as error, warning, or information.
Forwarded events. These events are forwarded to this log by other computers.
Applications and Services Logs vary. They include separate logs about the programs that run on your computer, as well as more detailed logs that pertain to specific Windows services.
Open Event Viewer by clicking the Start button , clicking Control Panel, clicking System and Security, clicking Administrative Tools, and then double-clicking Event Viewer.
If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
Click an event log in the left pane.
Double-click an event to view the details of the event.
(www.microsoft.com, N.A.)
The Task Scheduler enables you to automatically perform routine tasks on a chosen computer. The Task Scheduler does this by monitoring whatever criteria you choose to initiate the tasks (referred to as triggers) and then executing the tasks when the criteria is met.
The Task Scheduler can be used to execute tasks such as starting an application, sending an email message, or showing a message box. Tasks can be scheduled to execute:
When a specific system event occurs.
At a specific time.
At a specific time on a daily schedule.
At a specific time on a weekly schedule.
At a specific time on a monthly schedule.
At a specific time on a monthly day-of-week schedule.
When the computer enters an idle state.
When the task is registered.
When the system is booted.
When a user logs on.
When a Terminal Server session changes state.
The Task Scheduler provides APIs for the following developers:
Task Scheduler 1.0: Interfaces are provided for C++ development.
Task Scheduler 2.0: Interfaces and objects are provided for C++ and scripting development respectively.
The Task Scheduler requires the following operating systems.
Task Scheduler 1.0: Client requires Windows Vista, or Windows XP. Server requires Windows Server 2008 or Windows Server 2003.
Task Scheduler 2.0: Client requires Windows Vista. Server requires Windows Server 2008.
(www.microsoft.com, N.A.)
The left pane of the Registry editor shows the structure of registry keys in the target machine registry. The target machine registry is structured initially into these root keys, or registry subtrees, which are displayed in the Registry editor:
You can add and delete registry keys while working in the left pane of the Registry editor, using either:
The context menu.
–or–
Options on the Actions menu.
The right pane of the Registry editor shows registry value names and data entries. When a registry key is selected in the left pane of the Registry editor, the values maintained in that registry key are displayed in the right pane.
Name
Shows the registry value name.
Value
Shows the data value assigned to the corresponding registry name — that is, the data maintained in the registry entry.
You can add, delete, and set registry values using any of these tools:
The context menu.
Options on the Actions menu.
The Properties window.
You can also select and rename property values in the right pane of the Registry editor.
Back up the Registry
Windows 8.1 and Windows 8
Swipe in from the right edge of the screen, and then tap Search. Or, point to the upper-right corner of the screen, and then click Search.
In the search box, type regedit.exe, and then press Enter. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
In Registry Editor, locate and click the registry key or subkey that you want to back up.
Click File > Export.
In the Export Registry File dialog box, select the location where you want to save the backup copy to, and then type a name for the backup file in the File name field.
Click Save.
Windows 7 and Windows Vista
Click Start, type regedit.exe in the search box, and then press Enter. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
In Registry Editor, locate and click the registry key or subkey that you want to back up.
Click File > Export.
In the Export Registry File dialog box, select the location where you want to save the backup copy to, and then type a name for the backup file in the File name field.
Click Save.
Windows XP
Follow these steps to create a system restore point:
Click Start, click Run, type %SystemRoot%\system32\restore\rstrui.exe, and then click OK.
On the Welcome to System Restore page, click Create a restore point, and then click Next.
On the Create a Restore Point page, type a name for the restore point and then click Create.
After the restore point is created, click Close.
Note If System Restore is turned off, you receive a message that asks whether you want to turn on System Restore now. Click Yes. Then, in the System Properties dialog box, click to clear the Turn off System Restore check box, click OK, and then repeat this step.
(www.microsoft.com, N.A.)