Windows Server How-To

My Top Tips for Tracking Down CPU-Intensive Processes

Is your server running sluggish? Find out where all the juice is being sucked up with these suggestions.

• By Brien Posey
• 08/08/2013

Normally server power consumption is relatively predictable. Once in a while however, a server may suddenly start responding slowly due to an unanticipated CPU load. When this sort of thing happens, it is important to quickly get to the bottom of the problem. In this column I will show you a few tricks for diagnosing the problem.

The best place to start the troubleshooting process is in the Task Manager. You can launch the Task Manager by pressing Ctrl+Alt+Delete and then choosing the Task Manager option, or you can enter the TASKMGR command at the Run prompt.

It might be tempting to begin the troubleshooting process by examining the Processes tab and looking for the process that is consuming the most CPU resources. Although this technique does sometimes work, I recommend starting with the Users tab if you are running Windows Server 2012 (or Windows 8).

As you can see in figure 1, the Users tab lists each user who is logged into the server. Windows displays the CPU usage on a per user basis. This allows you to see if a specific user is running the process that is bogging down the server.

If you identify such a user then you can click the arrow icon to the left of the user name to expand the user and see the individual processes that the user is running, as shown in figure 2.

If none of the user-specific processes are causing the server's heavy CPU load then I recommend having a look at the Processes tab. The Processes tab displays background processes, apps, and Windows processes, as shown in figure 3.

Of course tracking down the process that is consuming excessive CPU resources is only the first step. You still have to resolve the issue. This means determining why the process is running and what is causing it to consume so much CPU time. Sometimes a process's purpose is obvious. For instance, it is usually pretty easy to spot processes that are related to applications such as Exchange Server or SQL Server. Sometimes however, a process might have a name that isn't familiar to you. In those cases it is necessary to determine the process's purpose.

Microsoft gives you a few helpful tools that can help you to determine a processes' purpose. Right clicking on a process reveals the shortcut menu shown in figure 4. There are at least four menu options that can be very helpful in this situation. These include:

• Properties:  This option opens a properties sheet that allows you to see the associated file and its digital signature. This can help you to determine who created the process, which may make it easier to determine whether or not the process is a part of an application.
• Open File Location: Open File Location opens Windows Explorer and displays the file that is associated with the process. Sometimes the file's location can provide a hint as to the file's purpose.
• Search Online: This is my personal favorite option. You can use it to do a Bing search on the process name and file name.

Now let's suppose that you have tracked down the process and determined that it is something that should not be running on the server.  If the process is a part of an unwanted application then you can simply uninstall the application. However, if it is a malware component that your antivirus software cannot detect then you might have to get rid of it manually.

I recommend starting out by running the MSCONFIG utility and disabling the process in the system startup. That way, you can make sure that there are no adverse effects associated with removing the process before you permanently delete it.

If you are sure that you want to get rid of the process for good, you will need to delete the executable file and remove references to it from the registry. The Registry Editor has a search function that you can use to track down calls to the executable. Just remember that editing the registry is dangerous. Making a mistake in the Registry Editor can destroy Windows and / or your applications. It is therefore strongly advised that you make a full system backup prior to making any sort of registry modification.