2. Listing Applications and Services with the TaskList Command
The TaskList command provides a lot more information than Task Manager, but it's also harder to use. You can use TaskList
to find specific information about services and applications running on
your system. For example, you can determine which services are running
or perhaps locked up (not responding). To get a display similar to the
one shown in Task Manager, type TaskList at the command prompt and press Enter. You'll see a list of the standard applications running on your system as shown in Figure 1.
As you can see, the TaskList command provides the same information as the GUI tool. You see the same columns as usual. Use the /FI
command line switch to modify the appearance of the list, especially
the order, when necessary. This command uses the following syntax:
TASKLIST [/S system [/U username [/P [password]]]] [/M [module] | /SVC
| /V] [/FI filter] [/FO format] [/NH]
The following list describes each of the command line arguments.
/S
system
Specifies the remote system that you want to check. In most cases, you'll also need to supply the /U and the /P command line switches when using this switch.
/U
[domain\]user
Specifies the
username on the remote system. This name may not match the username on
the local system. You'll need to supply a domain name when working with a
domain controller.
/P
[password]
Specifies the
password for the given user. You can provide the command line switch
without specifying the password on the command line in cleartext. The
system prompts you for the password. Using this feature can help you
maintain the security of passwords used on your system.
/M
[Module]
Displays a
list of applications that require the specified support module. Most
applications require use of one or more modules (usually DLLs) for
support. When you use this switch alone, TaskList
displays a list of every module used by every loaded application. It's
quite a list, so you'll probably want to redirect the output to a file
using the > or >> redirection symbols and adding a filename.
The switch also lets you optionally specify a specific module name. You
can use this option to determine which applications require a specific
module to execute. Often, this process can help you understand why a
particular application glitches when another application is loaded
(sometimes they rely on a shared module, but each application requires a
different version of that module). You can't use this command line
switch with either the /V or /SVC command line switches.
/SVC
Displays a list of services supported by each of the SVCHOST.EXE entries in the task list. You'll find that each SVCHOST.EXE
entry supports one or more services. This is probably one of the most
important command line switches for this command because it shows you
how services are working on your system. To use this command line
switch, type TaskList /SVC and press Enter. You'll see a list of standard applications and services as shown in Figure 2. Compare this output to Figure 1
and you'll notice that the Services column replaces the Session Name,
Session #, and Mem Usage columns. You can't use this command line switch
with either the /V or /M command line switches.
/V
Displays additional application information including the application
status, name of the user running the process, the amount of processor
time the application is using, and the name of the application window.
You might be surprised at how many of the applications listed the system
runs on your behalf or to maintain Windows. One of the most useful
columns for optimization purposes is Window Title, which tells you the
human-readable name of the application. The connection between the
executable and window names can help you locate viruses, adware, and
spyware on your system. The /V command
line switch puts out so much information that the standard table format
is nearly useless. Consequently, you should use the /FO command line switch to use the list format. However, this makes the list too long to use. To obtain the best output, type TaskList /V /FO LIST | More and press Enter. You'll see a list format output that scrolls as needed as shown in Figure 3. You can't use this command line switch with either the /SVC or /M command line switches.
/FI Filter
Filters the output information from the command. The filters can become
complex, so read the text that appears after this list for additional
information. Table 1 describes the filter criteria. Filters are essential in some cases, especially when working with the /V command line switch. For example, if you want verbose information about the applications you're using, you can type TaskList /V /FO LIST /FI "USERNAME eq Administrator"
and press Enter. Notice that you must enclose the filter criteria in
quotes. In this case, you're telling the system to filter by username
where the username equals Administrator. Of course, you'll use your name
when trying out this command line on your machine. Figure 4 shows typical output from this command.
/FO {TABLE | LIST | CSV}
Defines the
output provided by the command. The table format is normally the easiest
to view on screen. The table columns define the values for output,
while each row contains one driver entry. The CSV output provides the
best method for preparing the data for entry in a database. Use
redirection to output the CSV data to a file and then import it to
your database. The list format provides one data element per line. Each
group of data elements defines one driver. The command separates each
driver by one blank line. Some people find the list format more readable
when working in verbose mode since the table format requires multiple
lines for each entry (the lines wrap).
/NH
Forces the
command to display the data without a column header. You can only use
this command line switch with the table and CSV formats. Omitting the
header makes it easier to incorporate the data in a report or import it
into a database.
