Processes are a fundamental component of the Windows operating system. Anything you do on a system, whether it is deleting a file, starting a service, or writing text in Notepad, has a process behind it. Since processes are so important, it is critical that administrators understand how to manage, monitor, and troubleshoot them.
Processes use system resources, such as CPU and memory, in order to run. But not all processes are created equal. Some use more resources than others and often you'll run into situations where you need to identify processes that are using more resources than they should, which may make it difficult for other processes to do work. Processes also frequently open files, DLLs, and Registry keys and values. These resources are known as handles and often when a process has one open, no other process can modify or delete the resource. This can make it problematic if you need, for example, to rename a file that a process has locked.
In Appendix E, I include a list of the default processes used in Windows. There are several processes that start by default whenever a Windows server boots. Any applications you've installed that run at system startup will also have one or more processes running, all without you doing a thing. It is for this reason that you need to be able to create, query, suspend, and terminate processes on demand or else it is very easy for you to lose control over how your system performs.
In this chapter, I'll review ...