Whether you are unknown with the Sysinternals Process Explorer utility, you must in reality check it out… it gives you so a lot more information than the default task manager, as well as a tree view of all the processes so you can see which processes launch other processes. You can look at little much every piece of data concerning a process, together with associated registry key handles, open files, dlls. There is even a search function.

You can also restore Task Manager with Process Explorer through the option menu, which is the exact subject of this article, since it does not constantly work right in Vista. Here is you will see the default screen… take special note of the little tiny graphs there.

If you click on those small graphs, or hit the Ctrl+I key combination, you will bring up the System Information dialog, which gives you still further information. Just try moving your mouse over any of the spikes in the graph… it will show you which application caused that spike.

The newest version of Process Explorer does not have any problems with Vista, so everything below this point is for informational point of view only. The problem comes in when you try to choose the Replace Task Manager option under Windows Vista with UAC enabled.

Note: If you have disable UAC, no need to read further than this point.

If you have not disabled UAC, you will get an error message. The problem happens because by default Task Manager is not launch with administrative permissions, thus the replacement for it is not either. What we will need to do is re-map the registry entry so that you can run it through the Start++ utility’s sudo command to bump up it to administrator before we start it.

First, make sure that you download and install Brandon Paddock’s Start++ utility, which contains the sudo command we’ll need for this. (You could also use the elevate powertoy if you were so inclined.)

Now you will need to open up your registry editor and browse to the following key. You should note that if you want to turn off the replacement of Task Manager you need only delete this key.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstaskmgr.exe

Now look for the “Debugger” value in the right-hand pane and change it to point to this command string, which you will need to adjust to match your username, and the location where you put process explorer. The key thing here is that it needs to be the full path to sudo.cmd as well as the full path to process explorer.

c:usersgeekAppDataLocalStart++CMDssudo.cmd c:usersgeekbinprocessexplorerprocexp.exe

Note that there should only be a space between the two paths. After that, you should be able to replace task manager with process explorer just all right.

