Process matching criteria are used to match processes that are running on the system and to aggregate the matched processes into groups. A resource allocation policy can then manage those groups.
How processes are matched
Each process matching criterion consists of one or more match criteria that specify the logic used to match processes. After a process matching criterion is defined, it can be included in one or more resource allocations.
A process matching criterion provides two mechanisms to match processes. One matches files or command lines. The other matches users or groups. These are explained in the following table.
Files or command lines
You can use files or command-line matching to select one or more registered services, running processes, or application executable files.
With files or command-line matching, you can match running processes on any part of the full command-line path of the application executable file that you use to create the process.
For example, you can use a wildcard as follows:
This example will match all applications that were started by an application executable file that is in the directory C:\Program Files\.
You can also match any part of the command-line string that is passed to the process when the process is created.
You can use file matching to match all processes that are created by the executable file name included in the match criterion. You can also use command-line matching to match all processes that contain the exact command-line path string. Unless you are using regular expressions or wildcards, a process is matched only if the process and match criterion are an exact match.
For example, if you start Help and Support Center, one of the processes it creates is helpctr.exe, which is the executable file name. The command-line string of the process is:
To match this process, you could create a files matching criterion with the string helpctr.exe. This string exactly matches the executable file name of the process, helpctr.exe. However, if you created a command-line matching criterion such as C:\Windows\PCHealth\HelpCtr, it would not match. This is because command-line matching requires an exact match of the string C:\Windows\PCHealth\HelpCtr\Binaries\helpctr.exe or a regular expression or wildcard, such as C:\Windows\PCHealth\HelpCtr\*.
Users or groups
With user or group matching, you can select a user account or group. Any processes that are created by the user account or any member of the group are then matched.
When you use user or group matching, all processes that are started by the specified user or any user account that is a member of the specified group are matched. This is an equality match. It will match only those user accounts or groups that exactly match the user or group specified.
If you use group matching, the groups with the user account that starts the process are compared to the group specified in the process matching criterion. If there is an equality match, the process is matched.
You cannot use wildcards or regular expressions with user or group matching.
Included process matching criteria
Two process matching criteria are included with Windows System Resource Manager:
- The Residual process matching
criterion matches all processes that:
- Are not included in the user-defined
- Are not excluded from management by Windows
System Resource Manager.
- Do not match another process matching
- Are not included in the user-defined exclusion list.
- The IISAppPool process matching
criterion matches all processes that are part of an Internet
Information Services (IIS) application pool.
Considerations when creating process matching criteria
When you create a process matching criterion, you include or exclude specific processes, paths, users, or groups.
A process can be matched to only one process matching criterion.
When you create a process matching criterion, you should consider whether all the processes of an application are known or not known.
- When all processes are known: You can
create an application-specific process matching criterion that will
match only the processes that are part of the specified
- When not all of the processes are
known: You must be careful to not match unexpected processes
when you create your matching criterion. It is a best practice to
use full command-line path matching. Command-line path matching
ensures that only processes that are started by the specific
executable file of the application are matched.
There is a third, special case to consider when creating process matching criteria. This is when an application creates processes with the same name. For more information, see Creating Process Matching Criteria.
Process matching criteria logic
You can create multiple match criteria in a single process matching criterion to increase the number of processes that are matched. As match criteria become more complex, you can specify particular processes that are not to be matched by a general rule. To remove a process from a match set, you can use exclusion rules.
A process matching criterion must include at least one of the rules described in the following table under "Rule Component." The use of multiple rules in a single process matching criterion is also supported.
Included files or command lines
The match criterion is first compared to the full command-line path of all managed processes. All processes that match the criterion are grouped in the associated resource allocation.
Next, the match criterion is compared to the file name of all remaining managed processes and any processes that match are included in the resource allocation.
For example, if you specify a match criterion of *.exe, all running processes that are not on the user-defined exclusion list or the system-defined exclusion list would be matched. Included rules are always evaluated before excluded rules to determine whether there is a match.
Excluded files or command lines
All processes that are created by the application that have this command-line path or file name as a property are not matched following the same order as the included criteria. For example, if you specify the match criterion C:\Program Files*, any process that has that string in its full command-line path is excluded from the match.
Included user or group
All processes that have an included user or group as a property are matched. For example, if you specify the Users group, all processes created by users in the Users group are matched. Included rules have a higher precedence than excluded rules, and they are always evaluated first to determine whether there is a match.
Excluded user or group
All processes that have an excluded user or group as a property are not matched. For example, if you specify the Administrators group, all processes that are created by users in the Administrators group are excluded from matching.
A process matching criterion that is too broad can match processes that you do not intend to match. For example, c*.exe will be a command-line path match for all managed processes if your system volume is C. This is because all of the running processes will have C in their command-line path, such as:
But on the same system, if there is no volume M, m*.exe will be a command-line match because the string m is not present in the command-line paths of any managed processes.
- Working with Process
- For more information about Windows System
Resource Manager, see http://go.microsoft.com/fwlink/?LinkId=90924.