Google IT Cert – Week 17 – Process Management

This is Week 5 of Course III in the Google IT Professional Support Certification course from Google and This week is all about process management.

.   .   .

Life of a Process

Module Intro

This week, we’re going to learn more about processes. Why use a computer without them???

Programs vs Processes Revisited

Programs, you will remember, are applications that we can run on a computer. Processes are “programs that are running.” (I think they are, a little more accurately, components of programs that are running.) One program can have many processes running, just like you can have 8 different Chrome windows open playing different videos, using one program.

A program creates processes, which need resources to run. In this sense, resources are CPU (time being calculated) RAM (space) and HDD (space).

Processes can freeze up and cause our (especially Windows) computers to freeze or crash. Managing processes is a very important component of modern computing, and knowing what is going on is absolutely critical.

Processes are given unique Process IDs, which allow operators to identify them.

The kernel sees that a process needs resources, and decides what to give it.

There are all the “visible” processes we run, like Firefox and VLC, but there are also not-so-visible processes, called Background Processes, or, sometimes, daemon processes. They run behind the scenes and we don’t usually need to know what they’re doing.

Process management is an essential skill to know when troubleshooting computers. I’m always checking in with programs and processes to see what they’re using and why.

Windows: Process Creation and Termination

When Windows boots it starts what is called the Session Manager Subsystem. This is the first “non-kernel user mode,” known as smss.exe. This is a process that starts some other processes, including winlogon.exe, which handles logging on, and the Client/Server Runtime Subsystem, or csrss.exe, which manages the Windows GUI and command line console.

Every process in Windows is created by a “parent” process. Every “child” process inherits some characteristics from its parent, like settings and variables, which are referred to as an “environment.”

Unlike in Linux, Windows processes can operate independently from their parents.

Open up PowerShell and launch the Notepad process.

PS C:\Users\username> notepad.exe

There, you just used the parent process PowerShell to create the child process Notepad. In Windows, you can close the parent program and the child will continue to run.

If you click the “X” on a window you will terminate the process. You can also go to File and select Quit. Or, there is the taskkill utility, which will terminate a process as identified by its Process ID, or PID. Let’s say Notepad.exe has a PID of 5856:

PS C:\Users\username> taskkill /pid 5856
SUCCESS: Sent termination signal to the process with PID 5856
PS C:\Users\username>

Stay tuned to find out where we find those PID’s.

Reading: Windows Process Creation and Termination

Read up on taskkill here.

Linux: Process Creation and Termination

Processes in Linux have a parent-child relationship, as well: every process is created by a parent process.

When you start a Linux system, the kernel starts the process called init, which has the PID of 1. Init starts other processes that get the system running.

When a process completes a task, it may terminate automatically. When a process terminates, it “releases” its resources back to the kernel, so they can be used by another process.

 Jess Passions

This inspirational video, featuring someone named Jess, is longer than the last video, which was about computers.


This is a one-question quiz. I’ll give you a hint, it is about Windows processes. Parent-child relationship. Study up!


Managing Processes

Windows: Reading Process Information

A computer program is code sitting on your hard drive. When you launch the program, the OS takes that code and begins running a process (or many processes) that turn the code into a working application.

Knowing about processes and what they’re doing is an important part of life.

One way to find process information in Windows is in Task Manager, or taskmgr.exe. Use the CTRL+SHIFT+ESC keys to open it, or search for “task manager”.

Click on the Processes tab to view running processes. Each process will show the resources it is using, as well as the user that launched it.

To kill a process, select it and click on the End Task button in the lower right-hand corner.

If you select the Details tab, you will see more specific information about each process, including its PID.

In Command Prompt, use the tasklist utility to see all running processes:

C:\Users\username> tasklist

Using PowerShell, there is a cmdlet called Get-Process:

PS C:\Users\username>  Get-Process

You can read more about these tools real soon:

Reading: Windows Reading Process Information


Linux: Reading Process Information

To start viewing processes in Linux, start with the ps command and the -x flag:

user@username:~$ ps -x

PID         TTY         STAT      TIME      COMMAND

This will output all the processes running on the system, and provide

  • PID
  • TTY (terminal associated with process, see reading)
  • STAT is the status of the process, including R (running) T (stopped) S (interruptible sleep)
  • TIME is total CPU time the process has taken

You can also run ps with the -ef flags, e for all processes including from other users, and f for full details about a process:

user@username:~$ ps -ef
UID     PID     PPID     C    STIME   TTY    TIME      CMD
  • UID: the user that launched the process
  • PID
  • PPID: the parent ID, which launched the process
  • C is the number of children that this process has
  • STIME: start time of the process
  • TTY: terminal
  • TIME: total CPU time
  • CMD: name of the command “that we are running”

Now, let’s use grep to search for a specific process. We’re going to pipe the output of ps -ef to grep and search for “Chrome”:

user@username:~$ ps -ef | grep Chrome
usernname 10165 10123 0 15:15 pts/1 00:00:00 –color-auto Chrome

This just showed us all the processes with the word “chrome” in them. Remember that everything in Linux “has a file,” meaning there is a way to view all the files associated with processes. These are in the /proc directory. Take a look:

user@username:~$ ls -l /proc

This ouputs a long list of directories—one for each process that is running. Let’s look at a process file for PID 1805:

user@username:~$ cat /proc/1805/status

This gives us more detailed information about the process.

Reading: Linux Reading Process Information

Read about the ps command for Linux.

Linux: Signals

There are many signals that can be sent to processes in Linux, all beginning with “sig”. We used the sigint signal to interrupt a process, terminating it. You can use the CTRL+C keyboard combination to send a sigint to a program.

Reading: Windows Signals

Here’s some reading material on Windows signals.

Windows: Managing Processes

There is a tool called Process Explorer that lets IT support and sysadmins look at running processes in detail. It is not built into Windows, but can be downloaded from Microsoft.

The top window pane shows a list of active processes, and the bottom pane shows a list of files a selected process is using. This is very useful! It can help you learn what a process does and how it works, or what a certain file is used for.

Use CTRL+F or the binocular button to search for a process. In the video, we are searching for Notepad.exe. The search results show that notepad.exe is nested under cmd.exe. This means that notepad is a child-process of cmd.exe.

If you right-click a process you will see available actions.

  • Kill Process: terminates the process
  • Kill Process Tree: terminates the process and all descendents
  • Restart: stops and starts the process
  • Suspend: stops the process but does not terminate it.

Reading: Windows Managing Processes

Read up on Process Explorer!

 Linux: Managing Processes

Let’s use some signals to manage processes. Yeah!

Use the kill command to terminate a process. This sends a termination signal (SIGTERM) to the process, and allows the process to properly shutdown, avoiding any possible corruption of files it was using.

Let’s kill the firefox process (PID 10235):

user@username:~$ kill 10235

Use the SIGKILL signal to kill a process immediately, without giving it time to clean up any files. To send the SIGKILL signal, use the -kill flag to the kill command.

user@username:~$ kill -kill 10235

Using kill -kill should be considered a last resort for terminating processes.

If you need to suspend a process, use the SIGTSTP, or terminal stop signal, by  adding the -tstp flag to the kill command.

user@username:~$ kill -tstp 10932

This will put process 10932 in a suspended state—showing a “T” status if you run a ps -x command.

You can also send the SIGTSTP signal using CTRL+Z.

To resume a process, use the SIGCONT signal, by using the –cont flag:

user@username:~$ kill -cont


Process Utilization


Screenshot (1)
Windows Resource Monitor

Windows: Resource Monitoring

Process management is most useful when your processes become “unruly.” Systems can usually offer you at least some idea of what processes are doing. In Windows, use the Resource Monitoring tool. Launch it from the Start menu by searching for “resource”.


Resource Monitor features five tabs: Overview, CPU, Memory, Disk, and Network. There is also some of the same information available in Process Explorer.

You can also find this information using the Get-Process cmdlet in PowerShell.

PS C:\Users\username> Get-Process
Handles                   NPM(K)   PM(K)   WS(K)    CPU(s)   ID   SI   ProcessName
----------   -----------   --------   --------   ----------   ---   --   ------------------

“NPM(K)” shows, in Kilobytes, the non-paged memory in use by that process, CPU, in seconds, etc.

Let’s show only the top three most CPU-intensive processes:

PS C:\Users\username> get-process | sort CPU -descending | Select -first 3 -Property ID,ProcessName,CPU

Here’s what that command did: First, it called the Get-Process cmdlet which gathered all that process information. Then, we piped that output into the Sort command, which ordered the information in descending order according to their value in the CPU column. Then, we piped all that into the Select command, which selected the first 3 rows and displayed only the ID, ProcessName, and CPU amount.


Reading: Windows Resource Monitoring

Some info about system diagnostics in Windows.

 Linux: Resource Monitoring

Use the top command to see the most resource-heavy processes that are running.

user@username:~$ top

Top show s the heaviest processes as well as a snapshot of running and idle tasks, CPU usage, memory usage, and more.

The top command will show %CPU and %MEM fields, which show usage of each by every task.

Hit the “q” key to quit.

If a task is taking a lot of CPU or memory for a long time, it can cause system slowness or other problems.

Use the uptime command to see information on your machine, including how long it has been running, how many users are logged on, and the resource load-average.

user@username:~$ uptime
16:43:23   up 5:08,   1user,   load average: 0.84, 0.05, 0.01

Use the lsof command to list open files and the processes that are using them.

user@username:~$ lsof

This output will help you track down processes that are keeping files from closing.

 Reading: Linux Resource Monitoring

Knowing about system load in Linux can be especially helpful if you’re managing multiple machines.

Discussion: Your CPU



This was easily the fastest and least-frustrating of the VM assessment exercises. It only took me three tries to sign in to the Windows machine, and there were only two tasks to accomplish. Not the most intensive skill-building this week but a welcome break from my usual 8 hour Sunday.

Up next, week 18, or the sixth and final week of course III.

Vacationland: True Stories from Painful Beaches | by John Hodgman

WD 4TB Black My Passport  Portable External Hard Drive - USB 3.0

The Hapless Rube's Apocalypse Survival Guide | by Jack Barker

HTML and CSS: Design and Build Websites 1st Edition by Jon Duckett

Chain of Title: How Three Ordinary Americans Uncovered Wall Street’s Great Foreclosure Fraud | by David Dayen



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.