Introduction

Processes are a fundamental component of the Windows XP operating system. For anything you do on a system, whether it is deleting a file, starting a service, or writing text in Notepad, there is a process behind it. Since processes are so important, it is critical that you understand how to manage, monitor, and troubleshoot them.

Processes use system resources, such as CPU and memory, in order to run. But not all processes are created equal. Some use more resources than others and often you'll run into situations where you need to identify processes that are using more resources than they should, which may make it difficult for other processes to work. Processes also frequently open files, DLLs, and Registry keys and values. These resources are known as handles, and often when a process has one open, no other process can modify or delete it. This can make it problematic, for example, if you need to rename a file that a process has a lock on.

There are several processes that start by default whenever a Windows server boots up. Any applications you've installed that run at system startup will also have one or more processes running, all without you doing a thing. It is for this reason that you need to be able to create, query, suspend, and terminate processes on demand, otherwise it is very easy to lose control over how your system performs.

A task is simply a program, application, command, or script that does something useful. In the Windows environment, you need to know how to run tasks with alternate credentials, so you don't always have to be logged on to your workstation with administrator credentials. You also need to know how to run tasks against remote servers or workstations, which enables you to do daily administration tasks without ever leaving the comfort (and security) of your workstation. Often it can be beneficial to have tasks run as soon as someone logs into a system, and there are several ways you can set this up. Finally, if you are trying to automate certain tasks (as all good system administrators should), you'll need to schedule various tasks to run at certain times of the day or night.

Windows services are nothing more than continually running processes that are controlled by the Service Control Manager (SCM). Instead of directly creating a service process, you (or the system itself) send a start or stop message to SCM, which takes care of starting or stopping the associated process. The DHCP Client provided with the Windows operating system is an example of a service. It is responsible for requesting and renewing DHCP requests (i.e., obtaining an IP address dynamically). After the system begins the boot up process, SCM starts the DHCP Client service, which kicks off a process that runs in the background to handle DHCP requests. You can stop the DHCP Client service via the Services snap-in, which causes SCM to terminate the underlying DHCP Client process. If you start the service, SCM starts the process.

Each service has a corresponding key in the Registry contained under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services. This stores basic configuration information about the service, including service dependencies, the command line to execute to start the service, and startup type. For more information on some the service-specific Registry values, take a look at MS KB 103000, "CurrentControlSet\Services Subkey Entries."

One of the knocks Windows 2000 received when it debuted was that it had too many services enabled by default. This was both a good and a bad thing, however. On the one hand, it meant that a lot of functionality was turned on out of the box. On the other hand, many of the default services, such as IIS, had security issues, so all default installations were vulnerable. As a result, Microsoft changed their stance in Windows XP and Windows Server 2003, opting for a more secure route. Many of the services that were started up by default in Windows 2000 are now disabled at startup in Windows Server 2003. For a list of the changes in the default startup mode, see MS KB 812519, "Services That Are Turned Off by Default in Windows Server 2003."