If you are unfamiliar with the Sysinternals Process Explorer utility, you should really check it out… it gives you so much more information than the default task manager, including a tree view of all the processes so you can see which processes launched other processes. You can look at pretty much every piece of data concerning a process, including associated registry key handles, open files, dlls. There’s even a search function.
You can also replace Task Manager with Process Explorer through the Options menu, which is the specific subject of this article, since it doesn’t always work right in Vista.
Here’s the default screen… take special note of the little tiny graphs there.
If you click on those little graphs, or hit the Ctrl+I key combination, you’ll bring up the System Information dialog, which gives you even more information. Just try moving your mouse over any of the spikes in the graph… it’ll show you which application caused that spike.
The latest version of Process Explorer doesn’t have any problems with Vista, so everything below this point is for informational purposes only.
The problem comes in when you try to choose the Replace Task Manager option under Windows Vista with UAC enabled.
note: If you’ve disabled UAC, no need to read beyond this point.
If you haven’t disabled UAC, you’ll get this error message:
The problem happens because by default Task Manager isn’t launched with administrative permissions, so the replacement for it isn’t either. What we’ll need to do is re-map the registry entry so that you can run it through the Start++ utility’s sudo command to elevate it to administrator before we start it.
First, make sure that you download and install Brandon Paddock’s Start++ utility, which contains the sudo command we’ll need for this. (You could also use the elevate powertoy if you were so inclined)
Now you’ll need to open up your registry editor and browse to the following key. You should note that if you want to turn off the replacement of Task Manager you need only delete this key.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Now look for the “Debugger” value in the right-hand pane and change it to point to this command string, which you’ll need to modify to match your username, and the location where you put process explorer. The key thing here is that it needs to be the full path to sudo.cmd as well as the full path to process explorer.
Note that there should only be a space between the two paths. After that, you should be able to replace task manager with process explorer just fine.
note: Thanks to the great and wonderful Steve for the heads up on this one.