Task Manager is one of the most used troubleshooting tools by people, which is bad as it can technically never know what's wrong with your Computer. To become a better troubleshooter you should move from looking at processes with Task Manager to looking at threads on Process Explorer. In this course, Troubleshooting Processes with Sysinternals Process Explorer, you'll learn how to become a power user of the most downloaded tool of the Sysinternals toolkit. First, you'll explore how to find troubled processes and threads in Windows. Next, you'll discover how to find performance bottlenecks in Windows. Finally, you'll learn how to find Malware in Windows and how to get rid of them. By the end of this course, you'll know how to effectively use the most important troubleshooting tool available.
Course Overview Hi everyone, my name is Sami Laiho Welcome to my course, Troubleshooting Processes with Sysinternals Process Explorer. I'm a Senior Technical Fellow at my own company, called Adminize. The biggest problem with many admins' troubleshooting Windows is that they use task manager. Task Manager has multiple problems and even can't see what's running in Windows so it can never know what's wrong. To get a real picture of what's happening in your operating system, you need to get the most-downloaded tool of the Sysinternals toolkit, Process Explorer. It is the most important tool for admins but yet, no real training is dedicated to it until now. Some of the major topics that we will cover include, how to find troubled processes and threads in Windows, how to find performance bottlenecks in Windows, how to find malware in Windows and how to get rid of them. By the end of this course, you'll know how to effectively use the most important troubleshooting tool available. Before beginning the course, you should have viewed the first course on this learning path on the Sysinternals toolkit on Pluralsight. I hope you'll join me on this Troubleshooting Processes with Sysinternals Process Explorer course at Pluralsight.
Working with DLLs and Handles This module is called Working with DLLs and Handles. You can use Process Explorer's lower pane to peer inside and list the contents of the process selected in the upper pane. The DLL View lists all the dynamic link libraries and other files mapped into the process's address space. You can also activate this by using CTRL+D. The other view is called the Handle View. The Handle View lists all the kernel objects opened by the process. You can activate this view by pressing CTRL+H. You can also use the Find Handle or DLL function to find a certain handle or DLL. This can be activated by pressing CTRL+F as well. You should note that if you choose to show unnamed handles and mappings, this will significantly increase the amount of CPU resources needed by Process Explorer.
Using the Display Options of Process Explorer This module is called Using the Display Options of Process Explorer. There are a few things to the left in the Process Explorer's view that we have not looked at. The Display Options have a few things that you should note. The Run At Logon will allow you to always run Process Explorer whenever you log on to the machine. The Hide When Minimized will mean that you will see a notification area indicator about Process Explorer being running. And if you double-click it, you will get to the full-sized program. Normally you can run multiple instances of Process Explorer, but with the Allow Only One Instance, you can prevent that. You can choose to always have Process Explorer on top, which means that it will stay on top of other windows. And it is easier for you to then see the contents of Process Explorer. You can choose the font and the size of the font that Process Explorer uses. You can also set the transparency of the program itself with the Opacity settings. You can always make Process Explorer to scroll to a new process whenever a new process is born. From my perspective, I'd say it just looks a bit hectic. You can also choose the Show Processes From All Users, which is not on if you are running this as a limited user. If you choose this option, you are asked for UAC elevation and a new Process Explorer is then opened. In the next demonstration, we'll see how to use these display options.