Windows Server 2008 and Windows 7 introduced a neat feature in the Task Manager that allows you to see the command line that instantiated the process. This is great for telling processes apart. Especially when svchost and others can have dozens of instances.
Just click View -> Select Columns and pick Command Line at the bottom.
But what if you have Windows Server 2003 or Server 2000? I found a few tricks. They’re not as clean but they work just as well.
This one just lists the processes, their PID and the “services” that are associated with them
This one makes a nice text file with much more info
wmic process get Name,ProcessId,CommandLine /format:table > wmic_task_list.txt
The text file lists the name, process id, command line and puts it in a table in a text file. Genius!
If you want to get really geeky you can see all the wmic options using this command. It can do some really nice output.
wmic process list /format /?
Hope this helps someone! I use it on a regular basis to find out why svchost is going bat shit crazy on my servers. We all know it likes to hit full cpu usage from time to time and these commands will help you find out which process is causing it.
Most often I’ve found that it has to do with Windows Updates but you never know.