When diagnosing a system problem or even just monitoring the health of a working system, it’s useful to peek “under the hood” to see what’s going on.
Windows 7 added a handy utility called Resource Monitor that does just that. It provides more information than the existing Task Manager without getting into all of the esoteric and often confusing detail of Process Explorer.
Resource Manager is a useful tool to have in your back pocket.
Become a Patron of Ask Leo! and go ad-free!
You’ll find Resource Monitor in Start, All Programs, Accessories, System Tools, Resource Monitor.
Once you run it, it will begin displaying the Overview tab, an overview of activity on your system.
The results shown can be sorted by any column, so the upper pane. labeled CPU. is sorted by “Average CPU Usage.” This is perhaps the most useful sort; it shows the processes running on your machine in decreasing order of CPU usage. You can see that perfmon.exe, which is actually the Resource Monitor program itself, is currently using 6% of the available CPU.
The lower pane, Memory, is sorted by “Commit” – one of the indescribable but useful numbers measuring RAM usage. Here, you can see that MsMpEng.exe (which turns out to be Microsoft Security Essentials) uses 196 megabytes.
Off to the right are graphs associated with some aspect of each of the tabs. The CPU graph shows total CPU usage. Disk and Network (each of which we’ll explore in more detail in a moment) graph total disk and network activity respectively. And the Memory graph at the bottom shows “faults.” This isn’t an error at all, but it’s a reflection of how hard the memory manager reads from disk. Typically, it’s how often it’s using the system paging file.
You can expand or collapse any of the four panes simply by clicking on the pane’s title bar.
Instead, let’s look at more detail as provided by the tabs across the top.
The CPU tab expands on the information presented in the Overview’s CPU pane.
Once again, it has four panes of information and a couple of graphs.
The Processes pane is very much like the information presented in the Overview, Process Explorer, and even Task Manager. Once again, you can sort by the different columns and examine information about each process.
The Services panel looks at the various Windows “services” – support services and functionality provided by background processes in Windows. You can see which services are running and explore their individual CPU usage. (This is difficult to see with other tools, because many services can be bundled into the same executable, and those tools only provide information to the executable process level.)
Associated Handles is where you’ll find what open files and other resources the selected process in the Process list above uses. Associated Handles is more than just files. Many system resources, from network connections to areas of RAM to registry keys and more, use “handles,” so they’re listed here.
Associated Modules lists any modules that are in use by the process selected in that first list. In this case, “Modules” refers to the files used as part of this program. The list will include those DLLs that were provided as part of the programs installation, as well as any and all Windows component DLLs and resources that the applications use.
To the right, there’s a graph displaying the historical total CPU usage, as well as a graph displaying just the CPU usage by system services.
The Memory tab focuses on displaying the memory, or RAM, usage characteristics of the various programs running and the system as a whole.
There are only two panes: a Processes pane, showing information about each running process, and a Physical Memory pane, presenting an overview of the computer’s RAM usage.
The most interesting columns in this view are the “Commit” and “Working Set” columns. Without getting super geeky, these columns reflect two different measures of the memory being used by the processes listed. When I’m concerned that a process uses too much RAM, I look at these numbers.
The important graphs on the right1 are overall “Used Physical Memory,” as well as Hard Faults. Once again, Hard Faults is a measure of how often the computer uses the hard disk to manage its RAM. Some usage is normal; programs often use a technique to load that manifests as “faults.” On the other hand, when the system is out of RAM and swaps excessively to disk, Hard Faults will skyrocket as system performance suffers.
The Disk tab presents useful information about what processes access specific files on the various disks attached to your system.
The top pane, Processes with Disk Activity, is a list of processes currently accessing the disk and a couple of measures of just how much data is being read and written.
The second pane, Disk Activity, breaks down disk activity to the file level, so you can see exactly which process accesses which file and what kind of read or write activity is happening.
The Storage pane presents information on disk activity at the drive level.
The graphs to the right include an overall disk activity meter, as well as a reflection of how much work has “backed up” for each disk in the system.
The Network tab focuses on the networking activity of the processes running on your machine.
Much like disk activity, the upper pane – Processes with Network Activity – shows the processes on your machine that access the network and how much data transmitted. As we’ll see in a second, “the network” includes both local and internet access.
Network Activity is perhaps the most interesting pane here. This shows you the connections for remote IP addresses or local names processes and how much activity each connection used. In the example above, you can see Dropbox.exe is connected not only to a remote IP address (presumably the Dropbox server), but also to several of the other machines on my local network.
TCP Connections lists processes that are connected to other machines on the local network or the internet, regardless of whether or not they transferred any data. These connections might be idle because they’re not transferring any data at that time, but rather than disconnecting and reconnecting each time, they stay connected.
Listening Ports is the reverse of connections. This represents processes on your computer configured to accept a connection from a remote computer. Now, in most cases, your router or firewall blocks connections from the internet that might use these listening ports. But when you want to copy a file from one machine to another across your local network, one computer contacts the other by making a connection via one of these listening ports.
The graphs on the right detail overall network data transfers and the number of connections. They can also break out the amount of data transferred if you have more than one network interface.
I’ve obviously only scratched the surface here in discussing the types of things Resource Monitor can view. It can’t do everything (I did have to open up Process Explorer to diagnose a problem on the example machine I was using above), but it can provide a very useful window into the behavior of your Windows 7 (and 8) operating system.
My recommendation is pretty simple: fire it up, play with it a little, and explore what it can show you. When you experience a problem, consider using it as a diagnostic tool. It might show you something helpful.