Our goal in this book is to help you plumb the true depths of Windows 10, and our premise is that this goal can’t be met by toeing the line and doing only what the Help system tells you. Rather, we believe you can reach this goal only by taking various off-the-beaten-track routes that go beyond Windows orthodoxy.
The topics in this chapter illustrate this approach quite nicely. The tools we discuss—Control Panel, Group Policy Editor, Microsoft Management Console, and Services—aren’t difficult to use, but they put an amazing amount of power and flexibility into your hands. We discuss them in depth because you’ll be using these important tools in other chapters of the book. However, you can scour the Windows 10 Help system all day long and you’ll find only a few scant references to these tools. To be sure, Microsoft is being cautious because these are powerful tools, and the average user can wreak all kinds of havoc if these features are used incorrectly. However, your purchase of this book is proof that you are not an average user. So, when you follow the instructions in this chapter, we’re sure you’ll have no trouble at all using these tools.
We begin with an in-depth look at Control Panel: understanding it, navigating it, and customizing it to suit your needs.
In many places throughout this book, you’ve seen that you can perform some pretty amazing things by using a tool that’s about as hidden as any Windows power tool can be: the Local Group Policy Editor. That Microsoft has buried this program in a mostly untraveled section of the Windows landscape isn’t the least bit surprising, because in the wrong hands the Local Group Policy Editor can wreak all kinds of havoc on a system. It’s a kind of electronic Pandora’s box that, if opened by careless or inexperienced hands, can loose all kinds of evil upon the Windows world.
Of course, none of this doom-and-gloom applies to you, dear reader, because you’re a cautious and prudent wielder of all the Windows power tools. This means that you’ll use the Local Group Policy Editor in a safe, prudent manner, and that you’ll create a system restore point if you plan to make any major changes. We knew we could count on you.
As you see in this section, the Local Group Policy Editor isn’t even remotely hard to use. However, it’s such a powerful tool that it’s important for you to know exactly how it works, which will help ensure that nothing goes awry when you’re making your changes.
Put simply, group policies are settings that control how Windows works. You can use them to customize the Windows 10 interface, restrict access to certain areas, specify security settings, and much more.
Group policies are mostly used by system administrators who want to make sure that novice users don’t have access to dangerous tools (such as the Registry Editor) or who want to ensure a consistent computing experience across multiple machines. Group policies are also ideally suited to situations in which multiple users share a single computer. However, group policies can be useful on single-user standalone machines, as you see in various sections of this book.
The power of the Local Group Policy Editor is aptly illustrated not only by the fact that Microsoft hides the program deep in the bowels of the system, but most tellingly by the fact that Microsoft didn’t even offer the Local Group Policy Editor in some Windows versions. For Windows 10, the Local Group Policy Editor is not available in Windows 10 Mobile or Windows 10 Home, but it is available in Windows 10 Pro and Windows 10 Enterprise. In earlier versions of Windows, this tool was also removed from the Home versions. In other words, those Windows versions that Microsoft expects novices to be using are the same Windows versions where Microsoft doesn’t even include the Local Group Policy Editor, just to be safe.
Of course, plenty of experienced users use the lesser Windows versions that don’t include GPE, mostly because they’re cheaper than high-end versions such as Windows 10 Pro. So what’s a would-be policy editor to do when faced with having no Local Group Policy Editor?
The short answer is, don’t sweat it. That is, although the Local Group Policy Editor does provide an easy-to-use interface for many powerful settings, it’s not the only way to put those settings into effect. Most group policies correspond to settings in the Windows Registry, so you can get the identical tweak on any basic Windows system by modifying the appropriate Registry setting instead. In this book, we’ve tried to augment group policy tweaks with the corresponding Registry tweak, just in case you don’t have access to the Local Group Policy Editor.
Tip
Understanding that most group policies have parallel settings in the Registry is all fine and dandy, but how on earth are you supposed to know which of the Registry’s thousands upon thousands of settings is the one you want? The old method was to export the Registry to a REG file, make the change in the Local Group Policy Editor, export the Registry again, and then compare the two files. Way too much work (and impossible if all you have to work with is a basic Windows version)! You can also try filtering the policies as described later (see “Filtering Policies”). Fortunately, Microsoft has Excel workbooks that list every single group policy value and give the corresponding Registry setting. Links to the different reference workbooks for Vista, Windows 7, and Windows 8/8.1 (Windows 10 should also be there by the time you read this) can be found here: www.microsoft.com/en-us/download/details.aspx?id=25250.
Note
Given a setting that you can tweak using either the Local Group Policy Editor or the Registry Editor (and assuming you’re running a version of Windows that comes with the Local Group Policy Editor), which tool should you choose? We highly recommend using the Local Group Policy Editor because (as you’ll see next) it offers a simpler and more straightforward user interface, which means it saves time, and you’ll be much less likely to make an error.
As we’ve said, you make changes to group policies using the Local Group Policy Editor, a Microsoft Management Console snap-in. To start the Local Group Policy Editor, you have two choices:
In the taskbar’s Search box, type gpedit and then click Edit Group Policy in the search results.
Press Windows Logo+R to open the Run dialog box, type gpedit.msc, and then press Enter.
Figure 23.1 shows the Local Group Policy Editor window that appears. (The word Local refers to the fact that you’re editing group policies on your own computer, not on some remote computer.)
The Local Group Policy Editor window is divided into two sections:
Left pane—This pane contains a tree-like hierarchy of policy categories, which is divided into two main categories: Computer Configuration and User Configuration. The Computer Configuration policies apply to all users and are implemented before the logon. The User Configuration policies apply only to the current user and, therefore, are not applied until that user logs on.
Right pane—This pane contains the policies for whichever category is selected in the left pane.
The idea, then, is to open the tree’s branches in the left pane to find the category you want. When you click the category, its policies appear in the right pane. For example, Figure 23.2 shows the Local Group Policy Editor window with the User Configuration, Administrative Templates, Control Panel category selected.
In the right pane, the Setting column tells you the name of the policy, and the State column tells you the current state of the policy. Click a policy to see its description on the left side of the pane, as shown in Figure 23.3. If you don’t see the description, click the Extended tab.
Tip
Windows comes with another tool called the Local Security Policy Editor, which displays only the policies found in the Local Group Policy Editor’s Computer Configuration, Windows Settings, Security Settings branch. To launch the Local Security Policy Editor, click in the taskbar’s Search box (or press Windows Logo+R to open the Run dialog box), type secpol.msc, and then press Enter. As you might expect, this snap-in isn’t available in Windows 10 Home.
Take note of the Requirements value in the policy window. This tells you which versions of Windows support the policy.
To configure a policy, double-click it. The type of window you see depends on the policy:
For simple policies, you see a window similar to the one shown in Figure 23.4. These kinds of policies take one of three states: Not Configured (the policy is not in effect), Enabled (the policy is in effect and its setting is enabled), and Disabled (the policy is in effect and its setting is disabled).
Other kinds of policies require extra information when the policy is enabled. For example, Figure 23.5 shows the window for the Hide Specified Control Panel Items policy (described in detail later in the “Removing an Icon from Control Panel” section). When the Enabled option is activated, one or more controls in the Options box become enabled. In this case, the Show button becomes enabled and you click it to specify which Control Panel items you want to hide.
We’ve been saying for years that the Local Group Policy Editor desperately needs a search feature. There are nearly 3,000 policies, and they’re scattered around dozens of folders. Trying to find the policy you need by rooting around in the Local Group Policy Editor is like trying to find a particularly small needle in a particularly large haystack.
Fortunately, although the Windows 10 version of the Local Group Policy Editor still isn’t searchable (unless you export it to a text file by selecting Action, Export List), it does come with two features that make it quite a bit easier to track down a wayward policy:
The two Administrative Templates branches (one in Computer Configuration and the other in User Configuration) each come with a new sub-branch called All Settings. Selecting this branch displays a complete list of all the policies in that Administrative Templates branch. (Almost all non-security-related policies are in the Administrative Templates branches, so that’s why they get singled out for special treatment.)
A beefed-up filtering feature is provided that’s useful for cutting the vastness of the policy landscape down to size.
In combination, these two features make it much easier to find what you’re looking for. The basic idea is that you select the All Settings branch that you want to work with and then set up a filter that defines what you’re looking for. Local Group Policy Editor then displays just those policies that match your filter criteria.
To show you how this works, let’s run through an example. Suppose we want to find the Hide Specified Control Panel Items policy shown earlier in Figure 23.5. Here’s how we’d use a filter to locate it:
1. Select the User Configuration, Administrative Templates, All Settings branch.
2. Select Action, Filter Options to open the Filter Options dialog box.
3. Make sure the Enable Keyword Filters box is checked.
4. Use the Filter for Word(s) text box to type a word or phrase that should match the policy you’re looking for. In our example, we know that “Control Panel” is part of the policy name, so we’ll use that as the filter text.
5. Use the associated drop-down list to choose how you want the policy text to match your search text:
Any—Choose this option to match only those policies that include at least one of your search terms.
All—Choose this option to match only those policies that include all of your search terms in any order.
Exact—Choose this option to match only those policies that include text that exactly matches your search phrase. We’ll be filtering on the phrase “Control Panel,” so we’ll use an exact match.
6. Use the Within check boxes to specify where you want the filter to look for matches:
Policy Setting Title—Select this check box to look for matches in the policy name. In our example, “Control Panel” is part of the policy name, and it’s a relatively unique term, so it should suffice to only filter on the title, as shown in Figure 23.6.
Help Text—Select this check box to look for matches in the policy description.
Comment—Select this check box to look for matches in the Comments text. (Each policy comes with a Comments box that you can use to add your two cents’ worth about any policy.)
7. Click OK.
With your filter in place, select Action, Filter On (or click to activate the Filter button in the toolbar). The Local Group Policy Editor displays just those policies that match your filter settings. For example, Figure 23.7 shows the results when the filter in Figure 23.6 is turned on. As you can see, the Hide Specified Control Panel Items policy is among the results.
Although you can find plenty of examples of group policies in action throughout this book, I’m a firm believer that you can’t get enough of this powerful tool. With that in mind, the next few sections take you through a few of our favorite policies.
You can gain a bit more control over the Control Panel by configuring it not to display icons that you don’t ever use or that aren’t applicable to your system. Here’s how it’s done:
1. Open the Local Group Policy Editor window, as described earlier in this chapter.
2. Select the User Configuration, Administrative Templates, Control Panel branch.
3. Double-click the Hide Specified Control Panel Items policy.
4. Click the Enabled option.
5. Click the Show button. The Show Contents dialog box appears.
6. For each Control Panel icon you want to hide, type the icon name and press Enter.
7. Click OK to return to the Hide Specified Control Panel Items dialog box.
8. Click OK. Windows 10 puts the policy into effect.
To perform the same tweak in the Registry, open the following key:
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
Add a DWORD value named DisallowCpl
and set it equal to 1
. Also create a new key named DisallowCpl
, and within that key create a new String value for each Control Panel icon you want to disable. Give the settings the names 1
, 2
, 3
, and so on, and for each one set the value to the name of the Control Panel icon you want to disable.
Disabling a few Control Panel icons is useful because it reduces a bit of the clutter in the All Control Panel Items window. However, what if you want to set up a computer for a novice user and you’d like that person to have access to just a few relatively harmless icons such as Display and Personalization? In that case, it’s way too much work to disable most of the icons one at a time. A much easier approach is to specify just those few Control Panel icons you want the user to see. Here’s how:
1. Open the Local Group Policy Editor window, as described earlier in this chapter.
2. Select the User Configuration, Administrative Templates, Control Panel branch.
3. Double-click the Show Only Specified Control Panel Items policy.
4. Click the Enabled option.
5. Click the Show button. The Show Contents dialog box appears.
6. For each Control Panel icon you want to show, type the icon name and press Enter.
7. Click OK to return to the Show Only Specified Control Panel Items dialog box.
8. Click OK. Windows 10 puts the policy into effect.
To perform the same tweak in the Registry, open the following key:
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
Add a DWORD value named RestrictCpl
and set it equal to 1
. Also create a new key named RestrictCpl
, and within that key create a new String value for each Control Panel icon you want to show. Give the settings the names 1
, 2
, 3
, and so on, and for each one set the value to the name of the Control Panel icon you want to show.
When you press Ctrl+Alt+Delete while logged on to Windows 10, you see the Windows Security window, which contains the following items, as shown in Figure 23.8:
Lock—Click this button to hide the desktop and display the Lock screen. To return to the desktop, you must enter your Windows 10 user account password. This feature is useful if you’re going to leave Windows 10 unattended and don’t want another person accessing the desktop. However, Windows 10 offers a faster way to lock the computer: press Windows Logo+L.
Sign Out—Click this button to display the sign-in screen, which lets you log on using a different user account.
Task Manager—Click this button to open Task Manager.
Switch User—Click this button to switch to a different user account while also leaving your current user account running.
Of these four commands, all but Switch User are customizable using group policies. So if you find that you never use one or more of those commands, or (more likely) if you want to prevent a user from accessing one or more of the commands, you can use group policies to remove them from the Windows Security window. Here are the steps to follow:
1. Open the Local Group Policy Editor window, as described earlier in this chapter.
2. Open the User Configuration, Administrative Templates, System, Ctrl+Alt+Del Options branch.
3. Double-click one of the following policies (ignore the Remove Change Password policy, which isn’t supported in Windows 10):
Remove Lock Computer—You can use this policy to disable the Lock item in the Windows Security window.
Remove Task Manager—You can use this policy to disable the Task Manager item in the Windows Security window.
Remove Logoff—You can use this policy to disable the Sign Out item in the Windows Security window.
4. In the policy dialog box that appears, click Enabled and then click OK.
5. Repeat steps 3 and 4 to disable all the buttons you don’t need.
Figure 23.9 shows the Windows Security window with the three buttons removed.
To perform the same tweak using the Registry, launch the Registry Editor and open the following key:
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
Change the value of one or more of the following settings to 1
:
DisableLockWorkstation
DisableTaskMgr
To remove the Log Off button via the Registry, open the following key:
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
Change the value of the NoLogoff
setting to 1
.
When you run the Shut Down command, Windows 10 proceeds to power down without any more input from you (unless any running programs have documents with unsaved changes). That’s usually a good thing, but you might want to keep track of why you shut down or restart Windows 10, or why the system itself initiates a shutdown or restart. To do that, you can enable a feature called Shutdown Event Tracker. With this feature, you can document the shutdown event by specifying whether it is planned or unplanned, selecting a reason for the shutdown, and adding a comment that describes the shutdown.
Here are the steps to follow to use a group policy to enable the Shutdown Event Tracker feature:
1. Open the Local Group Policy Editor window, as described earlier in this chapter.
2. Navigate to the Computer Configuration, Administrative Templates, All Settings branch.
3. Double-click the Display Shutdown Event Tracker policy.
4. Click Enabled.
5. In the Shutdown Event Tracker Should Be Displayed list, select Always.
6. Click OK.
Now when you run the Shut Down command, you see the dialog box shown in Figure 23.10. Use the list to select the reason for the shutdown, and then click Continue.
To enable the Shutdown Event Tracker on systems without the Local Group Policy Editor, open the Registry Editor and dig down to the following key:
HKLMSoftwarePoliciesMicrosoftWindows NTReliability
Change the value of the following two settings to 1
:
ShutdownReasonOn
ShutdownReasonUI
The Microsoft Management Console (MMC) is a system administration program that can act as a host application for a variety of tools. The advantage of MMC is that it displays each tool as a console, a two-pane view that has a tree-like hierarchy in the left pane (this is called the tree pane) and a taskpad in the right pane that shows the contents of each branch (this is called the results pane). This gives each tool a similar interface, which makes it easier to use the tools. You can also customize the console view in a number of ways, create custom taskpad views, and save a particular set of tools to reuse later. These tools are called snap-ins because you can “snap them in” (that is, attach them) as nodes to the console root.
This section gives you an overview of the MMC and shows you a few techniques for getting the most out of its often-useful tools.
When you work with the MMC interface, you’re really editing a Microsoft Common Console Document, an .msc
file that stores one or more snap-ins, the console view, and the taskpad view used by each snap-in branch. You learn how to create custom .msc
files in this chapter, but you should know that Windows 10 comes with a large number of predefined MSC snap-ins, and we’ve summarized them in Table 23.1.
To start with a blank console, either click in the taskbar’s Search box or press Windows Logo+R to open the Run dialog box, type mmc, and then press Enter.
To start with an existing snap-in, either click in the taskbar’s Search box or press Windows Logo+R to open the Run dialog box, type the name of the .msc
file you want to load (refer to Table 23.1), and then press Enter.
Figure 23.11 shows a blank MMC window. We show you how to add snap-ins to the console in the next section.
You start building your console file by adding one or more snap-ins to the console root, which is the top-level MMC container. (Even if you loaded the MMC by launching an existing snap-in, you can still add more snap-ins to the console.) Here are the steps to follow:
Tip
You can help organize your snap-ins by adding subfolders to the console root. In the list of snap-ins, select Folder and then click Add. When you return to the MMC, right-click the new subfolder and then click Rename to give the subfolder a useful name. To add a snap-in inside this subfolder, select File, Add/Remove Snap-in (or press Ctrl+M) to open the Add/Remove Snap-in dialog box. Click Advanced, check the Allow Changing the Parent Snap-in box, and then click OK. In the new Parent Snap-in list that appears, choose the subfolder you added. See Figure 23.14, later in this section, for some sample subfolders.
1. Select File, Add/Remove Snap-in (or press Ctrl+M). The MMC displays the Add or Remove Snap-ins dialog box, shown in Figure 23.12.
2. In the Available Snap-ins list, select the snap-in you want to use.
3. Click Add.
4. If the snap-in can work with remote computers, you see a dialog box similar to the one shown in Figure 23.13. To have the snap-in manage a remote machine, select Another Computer, type the computer name in the text box, and then click Finish.
5. Repeat steps 2–4 to add other snap-ins to the console.
6. Click OK.
Figure 23.14 shows the MMC with a custom console consisting of several snap-ins and subfolders.
Note
In Figure 23.14, the items in the Websites subfolder are based on the Link to Web Address snap-in, which is a special snap-in that displays the current version of whatever web page you specify. When you add the snap-in, the MMC runs the Link to Web Address Wizard. Type the web page address (either an Internet URL or a path to a local or network page), click Next, type a name for the snap-in, and then click Finish.
If you think you want to reuse your custom console later on, you should save it to an .msc
file. Here are the steps to follow:
1. Select File, Save (or press Ctrl+S) to open the Save As dialog box.
2. Type a filename for the console.
3. Select a location for the console file.
4. Click Save.
Tip
By default, MMC assumes you want to save your console file in the Administrative Tools folder. However, if you want to be able to launch your console file from the Start menu or the Run dialog box, you should save it in the %SystemRoot%System32
folder, along with the predefined snap-ins.
A taskpad view is a custom configuration of the MMC results (right) pane for a given snap-in. By default, the results pane shows a list of the snap-in’s contents—for example, the list of categories and devices in the Device Manager snap-in and the list of installed services in the Services snap-in. However, you can customize this view with one or more tasks that run commands defined by the snap-in, or any program or script that you specify. You can also control the size of the list, whether the list is displayed horizontally or vertically in the results pane, and more.
Here are the steps to follow to create a custom taskpad view:
1. Select a snap-in in the tree pane, as follows:
If you want to apply the taskpad view to a specific snap-in, select that snap-in.
If you want to apply the taskpad view to a group of snap-ins that use the same snap-in type, specify one snap-in from the group. For example, if you want to customize all the folders, select any folder (such as the Console Root folder); similarly, if you want to customize all the Link to Web Address snap-ins, select one of them.
2. Select Action, New Taskpad View to launch the New Taskpad View Wizard.
3. Click Next to open the Taskpad Style dialog box, shown in Figure 23.15.
4. Use the following controls to set up the style of taskpad you want:
Style for the Results Pane—Select an option for displaying the snap-in’s results: Vertical List (this is best for lists with a large number of items), Horizontal List (this is best for web pages or lists with a large number of columns), or No List (choose this option if you want only tasks to appear in the results pane).
Hide Standard Tab—After you create the new taskpad view, the MMC displays two tabs in the results pane: The Extended tab shows your custom taskpad view, and the Standard tab shows the default view. To keep the option of displaying the default view, deactivate the Hide Standard Tab dialog box.
Style for Task Descriptions—When you add descriptions for your tasks later on, you can have the MMC display each description either as text below the task link or as an InfoTip that appears when you hover the mouse over the task link.
List Size—Choose the size of the list: Small (good if you add lots of tasks), Medium (this is the default), or Large (good if you have few or no tasks).
5. Click Next. The Taskpad Reuse dialog box appears.
6. The wizard assumes you want to apply the new taskpad view to all snap-ins of the same type. If you want to apply the taskpad view only to the current snap-in, select the Selected Tree Item option.
7. Click Next. The Name and Description dialog box appears.
8. Type a name and optional description for the taskpad view and then click Next. The final wizard dialog box appears.
9. If you don’t want to add tasks to the new view, uncheck the Add New Tasks to This Taskpad After the Wizard Closes box.
10. Click Finish. If you elected to add tasks to the view, the New Task Wizard appears.
11. Click Next. The Command Type dialog box appears.
12. Select one of the following command types:
Menu Command—Select this option to create a task that runs an MMC or snap-in menu command.
Shell Command—Select this option to create a task that runs a program, script, or batch file.
Navigation—Select this option to create a task that takes you to another snap-in that’s in your MMC Favorites list.
Note
To add a snap-in to the MMC Favorites list, select the snap-in in the tree pane and then select Favorites, Add to Favorites.
13. Click Next.
14. How you proceed from here depends on the command type you selected in step 12:
Menu Command—In the Menu Command dialog box, first select an item from the Command Source list. Choose Item Listed in the Results Pane to apply the command to whatever item is currently selected in the results pane; choose Node in the Tree to select a command based on an item in the MMC tree pane.
Shell Command—In the Command Line dialog box, use the Command text box to specify the path to the program executable, script, or batch file that you want the task to run. You can also specify startup parameters, the Start In folder, and a Run window type.
Navigation—In the Navigation dialog box, select the items from the MMC Favorites list.
15. Click Next. The Name and Description dialog box appears.
16. Edit the task name and description, and then click Next. The Task Icon dialog box appears, as shown in Figure 23.16.
17. Click Next. The final New Task Wizard dialog box appears.
18. If you want to add more tasks, check the When I Click Finish, Run This Wizard Again box.
19. Click Finish.
20. If you elected to add more tasks, repeat steps 11–19, as needed.
Note
To make changes to a custom taskpad view, right-click the snap-in and then click Edit Taskpad View.
Figure 23.17 shows the MMC with a custom taskpad view applied to a Link to Web Address snap-in.
If you share Windows 10 with other people, you can control which snap-ins they’re allowed to use, and you can even prevent users from adding snap-ins to the MMC.
The latter is the simpler of the two options, so let’s begin with that. The MMC has an author mode that enables you to add snap-ins to it. If you prevent the MMC from entering author mode, you prevent users from adding snap-ins. You can do this using a group policy. Note, too, that this policy also prevents users from entering author mode for those snap-ins that can be opened directly (from the Start menu Search box, from the Run dialog box, from the command line, from Administrative Tools, and so on). Here are the steps to follow:
1. Open the Local Group Policy Editor, as described earlier in this chapter in the section “Launching the Local Group Policy Editor.”
2. Navigate to the User Configuration, Administrative Templates, Windows Components, Microsoft Management Console branch.
3. Double-click the Restrict the User from Entering Author Mode policy.
4. Activate the Enabled option.
5. Click OK.
Rather than blocking off the MMC entirely, you might prefer to allow users access only to specific snap-ins. Here are the steps to follow:
1. Open the Local Group Policy Editor.
2. Navigate to the User Configuration, Administrative Templates, Windows Components, Microsoft Management Console branch.
3. Double-click the Restrict Users to the Explicitly Permitted List of Snap-ins policy.
4. Activate the Enabled option.
5. Click OK.
6. Navigate to the User Configuration, Administrative Templates, Windows Components, Microsoft Management Console, Restricted/Permitted Snap-ins branch.
7. Double-click a snap-in that you want users to access.
8. Activate the Enabled option.
9. Click OK.
10. Repeat steps 7–9 for each snap-in that you want users to access.
Windows 10 comes with a long list of programs called services that operate behind the scenes and perform essential tasks either on their own or in support of other programs or Windows features. These services are background routines that enable the system to perform tasks such as logging on to the network, managing disks, collecting performance data, and writing event logs. Windows 10 comes with more than 160 installed services.
You won’t have to interact with services very often, but when they do come up, you’ll be glad to have this section’s tools in your Windows 10 toolbox. For example, although services usually operate behind the scenes, you might need to pause, stop, and start services, as well as configure how services load at startup. The following sections show you the various methods you can use to perform these service tasks.
The standard interface for the Windows 10 services is the Services snap-in, which you can load by using any of the following techniques:
Click in the taskbar’s Search box or display the Run dialog box, type services.msc, and press Enter.
In Control Panel, select Small Icons or Large Icons in the View list, click Administrative Tools, and then click Services.
Press Windows Logo+X (or right-click the Start button), click Computer Management, and then select the Services and Applications, Services branch.
The Services snap-in that appears displays a list of the installed services. For each service, it displays the name of the service and a brief description, the current status of the service (Running, Paused, or blank for a stopped service), the service’s startup type (such as Automatic or Manual), and the name of the system account the service uses to log on at startup. When you select a service, the Extended tab of the taskpad view shows the service name and description and offers links to control the service status (such as Start, Stop, or Restart). Figure 23.18 shows an example.
To change the status of a service, select it and then use one of the following techniques:
To start a stopped service, either click the Start link in the taskpad or click the Start Service toolbar button.
To stop a running service, either click the Stop link in the taskpad or click the Stop Service toolbar button.
To pause a running service, either click the Pause link in the taskpad or click the Start Service toolbar button. (Note that only a few services support the Pause task.)
To resume a paused service, either click the Restart link in the taskpad or click the Restart Service toolbar button.
Note
If a service is started but has no Stop link and the Stop toolbar button is disabled, this means the service is essential to Windows 10 and can’t be stopped. Examples of essential services include DCOM Server Process Launcher, Group Policy Client, Plug and Play, Remote Procedure Call (RPC), and Security Accounts Manager.
It’s possible that a service might be dependent on one or more other services, and if those services aren’t running, the dependent service will not work properly. If you stop a service that has dependent services, Windows 10 also stops the dependents. However, when you restart the main service, Windows 10 might not start the dependent services as well. You need to start those services by hand. To see which services depend on a particular service, double-click that service to open its property sheet, and then display the Dependencies tab. Dependent services are shown in the list titled The Following System Components Depend on This Service.
To change the way a service starts when you boot Windows 10, follow these steps:
1. Double-click the service you want to work with to open its property sheet. Figure 23.19 shows an example.
2. In the General tab, use the Startup Type list to select one of the following types:
Automatic—The service starts automatically when Windows 10 boots. The service is started before the logon screen appears.
Automatic (Delayed Start)—The service starts automatically when Windows 10 boots, but not until you log on.
Note
If the Startup Type list is disabled, this means the service is essential to Windows 10 and must be started automatically when the system boots.
Manual—The service does not start when Windows 10 boots. You must start the service yourself.
Disabled—The service does not start when Windows 10 boots, and you can’t start the service manually.
3. Click OK.
Tip
If you make changes to service startup types and you find your system is unstable or causing problems, the best thing to do is return each service to its default startup type.
If you regularly stop and start certain services, loading the Services snap-in and manually stopping and then restarting each service can be time-consuming. A better method is to take advantage of the NET STOP
and NET START
command-line tools, which enable you to stop and start any service that isn’t disabled. If a service can be paused and restarted, you can also use the NET PAUSE
and NET CONTINUE
commands to control the service. Each of these commands uses the same syntax:
NET STOP Service
NET START Service
NET PAUSE Service
NET CONTINUE Service
Service is the name of the service you want to control. Use the same value that appears in the Name column of the Services snap-in. If the name contains a space, surround the name with quotation marks.
Here are some examples:
net start Fax
net stop "Disk Defragmenter"
net pause "Windows Audio"
net continue "Windows Time"
Tip
To see a list of the currently running services, open a command-line session and enter the command net start without the Service parameter.
You can combine multiple commands in a batch file to easily control several services with a single task.
If you want to automate service control but also want to control the startup type, you need to go beyond the command line and create scripts that manage your services. Windows Management Instrumentation (WMI) has a class called Win32_Service
that represents a Windows service. You can return an instance of this class to work with a specific service on Windows 10. After you have the service object, you can query its current status with the State
property, determine whether the service is running with the Started
property, and return the service’s startup type with the StartMode
property. You can also change the service state using the StartService
, StopService
, PauseService
, and ResumeService
methods.
Listing 23.1 presents a script that uses most of these properties and methods.
To learn how to run scripts, see “Windows Script Host,” p. 704.
Option Explicit
Dim strComputer, strServiceName, intReturn
Dim objWMI, objServices, objService
'
' Get the WMI service
'
strComputer = "localhost"
Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\" & _
strComputer & "
ootcimv2")
'
' Specify the service name
'
strServiceName = "Remote Registry"
'
' Get the service instance
'
Set objServices = objWMI.ExecQuery("SELECT * FROM Win32_Service " & _
"WHERE DisplayName = '" & strServiceName & "'")
For Each objService In objServices
'
' Save the service name
'
strServiceName = objService.DisplayName
'
' Is the service started?
'
If objService.Started Then
'
' Can it be stopped?
'
If objService.AcceptStop Then
'
' Attempt to stop the service
'
intReturn = objService.StopService
'
' Check the return value
'
If intReturn <> 0 Then
'
' Display the error message
'
WScript.Echo "ERROR: The " & strServiceName & " service " & _
"failed to stop. The return code is " & intReturn
Else
'
' Display the current state
'
WScript.Echo "The " & strServiceName & " service is now " & _
objService.State
End If
Else
'
' Display the error message
'
WScript.Echo "ERROR: The " & strServiceName & " service " & _
"cannot be stopped."
End If
Else
'
' Attempt to start the service
'
intReturn = objService.StartService
'
' Check the return value
'
If intReturn <> 0 Then
'
' Display the error message
'
WScript.Echo "ERROR: The " & strServiceName & " service " & _
"failed to start. The return code is " & intReturn
Else
'
' Display the current state
'
WScript.Echo "The " & strServiceName & " service is now " & _
objService.State
End If
End If
Next
'
' Release the objects
'
Set objWMI = Nothing
Set objServices = Nothing
Set objService = Nothing
This script gets the WMI service object and uses its ExecQuery
method to return an instance of the Win32_Service
class by using the WHERE
clause to look for a specific service name. That name was earlier stored in the strServiceName
variable. In the For Each...Next
loop, the script first checks to see whether the service is currently started by checking its Started
property:
If the Started
property returns True
, the service is running, so we want to stop it. The script then checks the service’s AcceptStop
property, which returns False
for essential Windows 10 services that can’t be stopped. In this case, the script returns an error message. If AcceptStop
returns True
, the script attempts to stop the service by running the StopService
method.
If the Started
property returns False
, the service is stopped, so we want to start it. The script attempts to start the service by running the StartService
method.
The StopService
and StartService
methods generate the return codes shown in Table 23.2.
For both the StopService
and StartService
methods, the script stores the return code in the intReturn
variable and then checks to see whether it’s a number other than 0. If so, the script displays an error message that includes the return code; otherwise, the script displays the new state of the service (as given by the State
property).
If it seems to take Windows forever to shut down, the culprit might be all those services that it has running. Windows has to shut down each service one by one before it can shut down the PC. In each case, Windows waits a certain amount of time for the service to close, and if it hasn’t closed in that time, Windows kills the service. It’s that waiting for services to shut themselves down that can really bring the shutdown process to its knees.
However, most services shut down as soon as they get the command from Windows. So although it’s polite of Windows to give some services a bit of extra time, it’s really wasted time because in most cases Windows is just going to have to kill those slow services anyway. So in that case, you should configure Windows 10 to tell it to kill services faster. Here’s how:
1. Select Start, type regedit, and then press Enter. The Registry Editor appears.
2. Navigate to the following key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControl
3. Double-click the WaitToKillServiceTimeout setting.
4. Reduce the value to 1000.
5. Click OK.
Tip
You can also reduce the amount of time that Windows 10 waits before killing any running applications at shutdown. In the Registry Editor, navigate to the following key:
HKEY_CURRENT_USERControl
PanelDesktop
Double-click the WaitToKillAppTimeout setting. (If you don’t see this setting, select Edit, New, String Value, type WaitToKillAppTimeout, and click OK.) Change the value to 5000 and click OK.
If Windows 10 is acting erratically (or, we should say, if it’s acting more erratically than usual), the problem could be a service that’s somehow gotten corrupted. How can you tell? The most obvious clue is an error message that tells you a particular service isn’t running or couldn’t start. You can also check the Event Viewer for service errors. Finally, if a particular feature of Windows 10 is acting funny and you know that a service is associated with that feature, you might suspect that service is causing the trouble.
To fix the problem (hopefully!), you can reset the broken service. The procedure involves the following four general steps:
1. Find out the name of the service that is (or that you suspect is) broken.
2. Delete the service.
3. Load a backup copy of the system hive into the Registry.
4. Copy the service from the backup hive copy to the service’s actual Registry location.
Here is more detail on each of those four steps.
To begin, follow these steps to determine the name of the service:
1. Open the Services snap-in, as described earlier in this chapter.
2. Double-click the service you want to reset.
3. In the General tab, locate the Service Name value.
4. Click OK.
Next, follow these steps to delete the service:
1. Select Start, type command, right-click Command Prompt in the results, click Run as Administrator, and then enter your User Account Control credentials. Windows 10 opens an Administrator Command Prompt session.
2. Type the following (where service is the service name that you noted in the previous set of steps):
sc delete service
3. Press Enter. Windows 10 attempts to delete the service.
If the deletion works properly, you see the following message:
[SC] DeleteService SUCCESS
Note that you need the Command Prompt again a bit later, so leave the session open for now.
Note
If the deletion isn’t successful, double-check the service name. If you’re sure you have the name right, try deleting the service using the Registry Editor instead. Open the Registry Editor, navigate to the HKEY_LOCAL_MACHINESystemCurrentControlSetServices
key, and then locate the service. Right-click the service and then click Delete.
Now follow these steps to load a fresh copy of the system hive:
1. Select Start, type regedit, press Enter, and then enter your User Account Control credentials to open the Registry Editor.
2. Select the HKEY_LOCAL_MACHINE
key.
3. Select File, Load Hive to open the Load Hive dialog box.
4. Open the system backup file:
%SystemRoot%system32configRegBackSYSTEM.OLD
5. Click Open. The Registry Editor prompts you for a key name.
6. Type reset and click OK.
You now have the backup copy of the system hive loaded into the HKLM
eset
key.
Now you complete the operation by copying the service from this backup. Here are the steps:
1. Return to the Command Prompt.
2. Type the following (where service is the service name you noted in the first set of steps):
reg copy hklm
esetcontrolset001servicesservice
hklmsystemcurrentcontrolsetservicesservice /s /f
3. Press Enter. Windows 10 copies the backup version of the service to the original Registry location.
4. Reboot your PC to put the change into effect.
Performance optimization is a bit of a black art in that every user has different needs, every configuration has different operating parameters, and every system can react in a unique and unpredictable way to performance tweaks. That means if you want to optimize your system, you have to get to know how it works, what it needs, and how it reacts to changes. You can do this by just using the system and paying attention to how things look and feel, but a more rigorous approach is often called for. To that end, the next few sections take you on a brief tour of Windows 10’s performance-monitoring capabilities.
The Task Manager utility is excellent for getting a quick overview of the current state of the system. To get it onscreen, press Ctrl+Alt+Delete to open the Windows Security screen, and then click the Task Manager link. Once Task Manager shows up, click More Details to expand the window.
The Processes tab, shown in Figure 23.20, displays a list of the programs, services, and system components currently running on your system.
Tip
To bypass the Windows Security screen, either press Ctrl+Shift+Esc or right-click an empty section of the taskbar and click Task Manager.
In addition to the name and status of each process, you see four performance measures:
CPU—The values in this column tell you the percentage of CPU resources that each process is using. If your system seems sluggish, look for a process consuming all or nearly all the resources of the CPU. Most programs will monopolize the CPU occasionally for short periods, but a program that is stuck at 100 (percent) for a long time most likely has some kind of problem. In that case, try shutting down the program. If that doesn’t work, click the program’s process and then click End Task.
Memory—This value tells you approximately how much memory a process is using. This value is less useful because a process might genuinely require a lot of memory to operate. However, if this value is steadily increasing for a process that you’re not using, it could indicate a problem and you should shut down the process.
Disk—This column shows the total hard disk I/O transfer rate (disk reads and writes in megabytes per second).
Network—This column shows the total network data transfer rate (data sent and received in megabits per second).
The Performance tab, shown in Figure 23.21, offers a more substantial collection of performance data.
Click the items on the left—CPU, Memory, Disk, and various network interfaces—to see one or more graphs that show current activity, as well as several values related to the system component. Here’s what they mean:
CPU: Utilization—This is the current value and the graphed values over time for the CPU usage, which is the total percentage of CPU resources that your running processes are using.
CPU: Speed—The current clock speed of the CPU. Compare this to the Maximum Speed value on the right.
CPU: Processes—The number of processes currently running.
CPU: Threads—The number of threads used by all running processes. A thread is a single processor task executed by a process, and most processes can use two or more threads at the same time to speed up execution.
CPU: Handles—The number of object handles used by all running processes. A handle is a pointer to a resource. For example, if a process wants to use a particular service offered by a particular object, the process asks the object for a handle to that service.
CPU: Up Time—The number of days, hours, minutes, and seconds that you have been logged on to Windows 10 in the current session.
Memory: Memory Usage—A graph of the current amount of memory in use compared to the total amount of memory in the system over time.
Memory: Memory Composition—The current proportion of used to unused memory.
Memory: In Use—The total amount of RAM currently being used by the system.
Memory: Available—The amount of physical RAM that Windows 10 has available for your programs. Note that Windows 10 does not include the system cache (see the Memory: Cached value, later in this list) in this total.
Memory: Committed—The minimum and maximum values of the page file. What is a page file? Your computer can address memory beyond the amount physically installed on the system. This nonphysical memory is virtual memory implemented by setting up a piece of your hard disk to emulate physical memory. This hard disk storage is actually a single file called a page file (or sometimes a paging file or a swap file). When physical memory is full, Windows 10 makes room for new data by taking some data that’s currently in memory and swapping it out to the page file.
Memory: Cached—The amount of physical RAM that Windows 10 has set aside to store recently used programs and documents. This is called the system cache.
Memory: Paged Pool—This value is the amount of virtual memory, in megabytes, that Windows 10 has allocated to the process in the paged pool—the system memory area that Windows 10 uses for objects that can be written back to the disk when the system doesn’t need them. The most active processes have the largest paged pool values, so it’s normal for this value to increase over time. However, it’s unusual for any one process to have a significantly large paged pool value. You can improve performance by shutting down and restarting such a process.
Note
A page fault occurs when a process requests a page from virtual memory and the system can’t find the page. (A page is an area of virtual memory used to transfer data between virtual memory and a storage medium, usually the hard disk.) The system then either retrieves the data from another virtual memory location (this is called a soft page fault) or from the hard disk (this is called a hard page fault). Unfortunately, Task Manager doesn’t give you any data on page faults. For this, you need to use Performance Monitor, as described later in the “Using the Performance Monitor” section.
Memory: Non-paged Pool—This value is the amount of virtual memory, in megabytes, that Windows 10 has allocated to the process in the non-paged pool—the system memory area that Windows 10 uses for objects that must remain in memory and therefore can’t be written back to the disk when the system doesn’t need them. Because the non-paged pool takes up physical RAM on the system, if memory is running low, processes that require a lot of non-paged pool memory could generate lots of page faults and slow down the system. Consider closing some programs to reduce memory usage.
Disk: Active Time—The percentage utilization of the hard disk, both over time (the Active Time graph) and current (the Active Time value).
Disk: Disk Transfer Rate—The rate over time at which data is transferred through the hard disk system in kilobytes per second.
Disk: Average Response Time—The average time in milliseconds that the hard disk takes to respond to read and write requests.
Disk: Read Speed—The current speed in kilobytes per second at which the system is reading data from the hard disk.
Disk: Write Speed—The current speed in kilobytes per second at which the system is writing data to the hard disk.
Ethernet/Wi-Fi: Throughput—The speed over time in kilobits per second at which network data is passing through whatever network interface you selected.
Ethernet/Wi-Fi: Send—The current speed in kilobits per second at which the network interface is sending data.
Ethernet/Wi-Fi: Receive—The current speed in kilobits per second at which the network interface is receiving data.
Here are two notes related to the Memory values that will help you monitor memory-related performance issues:
If the Memory: Available value approaches zero, this means your system is starving for memory. You might have too many programs running or a large program is using lots of memory.
If the Memory: Cached value is much less than half the total memory installed, this means your system isn’t operating as efficiently as it could because Windows 10 can’t store enough recently used data in memory. Because Windows 10 gives up some of the system cache when it needs RAM, close down programs you don’t need.
In all of these situations, the quickest solution is to reduce the system’s memory footprint by closing either documents or applications. For the latter, use the Processes tab to determine which applications are using the most memory, and shut down the ones you can live without for now. The better solution is to add more physical RAM to your system. This decreases the likelihood that Windows 10 will need to use the paging file, and it enables Windows 10 to increase the size of the system cache, which greatly improves performance.
The Task Manager should serve most of your performance-monitoring needs. However, Windows 10 comes with another tool for monitoring your system yourself: the Resource Monitor. You load this tool by opening Control Panel, opening the Administrative Tools, and then opening Resource Monitor. (You can also find it by typing resource in the taskbar’s Search box.) Figure 23.22 shows the window that appears.
The Resource Monitor is divided into five tabs:
Overview—This tab shows a couple of basic metrics in four categories—CPU, Disk, Network, and Memory—as well as graphs that show current activity in each of these categories. To see more data about a category (as with the CPU category in Figure 23.22), click the downward-pointing arrow on the right side of the category header.
CPU—This tab shows the CPU resources your system is using. In two lists, named Processes and Services, you see for each item the current status (such as Running), the number of threads used, the CPU percentage currently being used, and the average CPU percentage. You also get graphs for overall CPU usage, service CPU usage, and CPU usage by processor (or by core).
Note
A memory fault does not refer to a physical problem; instead, it means that the system could not find the data it needed in the file system cache. If the system finds the data elsewhere in memory, it is a soft fault; if the system has to go to the hard disk to retrieve the data, it is a hard fault.
Memory—This tab displays a list of processes; for each one it shows the average number of hard memory faults per minute, the total memory committed to the process, the working set (the number of kilobytes resident in memory), the amount of shareable memory (memory that other processes can use if needed), the amount of private memory (memory that is dedicated to the process and cannot be shared), and a breakdown of how the PC’s physical memory is currently allocated.
Disk—This tab shows the total hard disk I/O transfer rate (disk reads and writes in bytes per minute), as well as separate read and write transfer rates.
Network—This tab shows the total network data transfer rate (data sent and received in bytes per minute).
The Performance Monitor provides you with real-time reports on how various system settings and components are performing. You load it by opening Control Panel, opening the Administrative Tools, and then opening Performance Monitor. In the Performance Monitor window, open the Monitoring Tools branch and click Performance Monitor.
Performance Monitor displays real-time data using performance counters, which are measurements of system activity or the current system state. For each counter, Performance Monitor displays a graph of recent values over a time space (the default time space is 100 seconds) as well as statistics such as the average, maximum, and minimum values over that span.
By default, Performance Monitor doesn’t show any counters. To add one to the Performance Monitor window, follow these steps:
1. Right-click anywhere inside the Performance Monitor and then click Add Counters. The Add Counters dialog box appears.
2. To use the Available Counters list, click the downward-pointing arrow beside a counter category (such as Memory, Paging File, or Processor). A list of available counters appears.
3. Select the counter you want to use. (If you need more information about the item, check the Show Description box.)
4. If the counter has multiple instances, they appear in the Instances of Selected Object list. Click the instance you want to use.
5. Click Add.
6. Repeat steps 2–5 to add any other counters you want to monitor.
7. Click OK.
The counter appears at the bottom of the window (see Figure 23.23). A different-colored line represents each counter, and that color corresponds to the colored lines shown in the graph. Note, too, that you can get specific numbers for a counter—the most recent value, the average, the minimum, and the maximum—by clicking a counter and reading the boxes just below the graphs. The idea is that you should configure Performance Monitor to show the processes you’re interested in (page file size, free memory, and so on) and then keep it running while you perform your normal chores. By examining the Performance Monitor readouts from time to time, you gain an appreciation of what is typical on your system. If you encounter performance problems, you can check Performance Monitor to see whether you’ve run into any bottlenecks or anomalies.
Performance Monitor has a few new features that make it easier to use and a more powerful diagnostics tool:
If you’re using a counter with a significantly different scale, you can scale the output so that the counter appears within the graph. For example, the graph’s vertical axis runs from 0 to 100; if you’re displaying a percentage counter, the Scale value is 1.0, which means the graph numbers correspond directly to the percentages (50 on the graph corresponds to 50%). If you’re also showing, say, the Commit Limit counter, which shows values in bytes, the numbers can run in the billions. The Commit Limit counter’s Scale value is 0.00000001, so the value 20 on the graph corresponds to 2 billion bytes.
You can save the current graph as a GIF image file: Right-click the graph and then click Save Image As.
You can toggle the display of individual counters on and off. You do this by toggling the check boxes in the Show column.
You can change the duration of the sample (the number of seconds of data that appear on the chart). Right-click the chart, click Properties, click the General tab, and then modify the Duration value. You can specify a value between 2 and 1,000 seconds.
You can see individual data points by hovering the mouse pointer over a counter. After a second or two, Performance Monitor displays the counter name, the time and date of the sample, and the counter value at that time (refer to Figure 23.23).
A data collector is a custom set of performance counters, event traces, and system-configuration data that you define and save so that you can run and view the results any time you need them. You can configure a data collector set to run for a preset length of time or until the set reaches a specified size. You can also configure a data collector to run on a schedule. For example, you could run the data collector every hour for 15 minutes from 9 a.m. to 5 p.m. This enables you to benchmark performance and analyze the results not only intraday (to compare performance at different times of the day) but also interday (to see whether performance is slowing over time).
The Reports section holds the reports created by each data collector set. These are .blg
files, and you can see the results by clicking the report and then switching to Sysmon view (click the Chart icon in the toolbar). Alternatively, open the folder that contains the report file in File Explorer (the default save location is %SystemDrive%perflogs
) and double-click the report file.
3.17.75.27