We are used to controlling the management of our resources like CPU, RAM, HARD DISK, etc. using the dear old Task Manager. After analyzing it, we will go to see the other tools that can still be useful and that are installed in our os.
Task Manager (taskmgr.exe)
It is the most used tool ever, when a program hangs the first thing we do and stop it / restart it through the task manager. However, this program is also very useful for monitoring the use of our resources within the computer such as CPU, RAM, HARD DISK and NETWORK. Task manager is composed by 7 tabs:
- Processes: you can see the processes running within our operating system, those that do not respond and understand how many resources each program uses.
- Performance: You can see the amount of physical memory, CPU, RAM and network you are using
- Application history: as the name implies, it shows how much the programs have used our resources in the past (I swear that Candy Crush Soda Saga was installed by default, I do not center anything).
- Startup: shows all the programs that start at the start of the operating system. It is usually the first place that changes when a computer starts to slow down. In fact, a way to speed it up is to disable the automatic start of applications that we do not use.
- Users: you see the users who are logged in and the applications they are using. You can also decide to disconnect them if you are an administrator.
- Details: shows us a more in-depth view of the processes in executions, showing us also the users who are using them, with the status and description.
- Services: all the services of the operating system
Performance monitor (perfmon.exe)
It is included in the Computer Management and Server Manager consoles. From a single console you can monitor applications and hardware in real time by specifying which data should be stored as a log, defining certain actions in case of events. You can add performance counters in the Performance Monitor by right-clicking on the panel and adding counters.
You can create various views modified by us in the Performance Monitor to be exported if necessary as Data Collector Sets:
- Performance counters: they are measurements of the state of the system. They can be included in the operating system or in parts of the applications.
- Event trace data: it is collected by suppliers as components of the operating system or individual applications that report actions or events.
- Configuration information: is collected from key values in the Windows registry. The Performance Monitor can record the value of a register at a given time.
You can add hundreds of counters to the Performance Monitor and include:
- Processor: % di Processor Time measure how busy the processor is. It should never be more than 80%, if it is necessary to intervene maybe buying a more powerful processor
- A page fault happens when a process waits for access to the virtual memory page that is not available in RAM. If the page / sec is 20 or more, you need to increase the ram
- Disco fisico: %Avg. The disk’s queue length is the average of the number of read or write requests that are queued for the disk. If it is higher than 2, it means heavy disk usage
Resource Monitoring (resmon.exe)
You can filter the results according to specific processes or services that you want to monitor. Also in this case it is possible to stop, suspend, restart processes and services. It is probably the most complete tool that allows you to fully understand how the system actually uses resources, understanding for example the files used by applications or monitoring processes and services. There are 5 tabs:
- Overview: you can see the processes with the respective PIDs, the description, the status, the threads, etc. By opening the lower panels you can see specifically which resources are using.
- CPU: specific tab for the CPU where you can monitor the processes, the use of the CPU that make them, but also the services, the handles and associated modules.
- Memory: specific memory tab where you can see how the processes are used. There is also a small graph on the current situation of RAM.
- Disk: it is possible to monitor the processes and the use of the space that make the disk.
- Network: this tab in my opinion is the most interesting because it allows us to control the services that communicate with the outside world. In fact, they show the amount of data that is received and sent to a specific IP address.
In our case the SearchUI.exe process communicates with 18.104.22.168, if we search it on WHOISIP it will tell us that it is registered to Microsoft.
We have seen 3 tools to monitor the processes / services in our system. In my opinion, in most cases the Task Manager will be more than good, but if you want to check what a process does more specifically, I would use the Resource Monitor
Books to understand how Windows servers work: