Replacing the Default Task Manager at the User Level

Posted by Randy Cook on Apr 17, 2014 3:24:56 PM

Introduction

The task to be done today is to replace the regular Task Manager with a third party task manager like TSTaskman (http://www.ctrl-alt-del.com.au/files/TSTaskman.txt) or Process Explorer (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx).

Using FSLogix Apps there are several ways this can be done:

  1. Use File Redirection.
  2. Use Registry Value Hiding.
  3. Use Registry Value Redirection.

We’ve created a video that shows one of these methods. You can see it here: http://youtu.be/plCBOjDTfUg

Let’s take a look at these three methods and see how they work.

File Redirection

FSLogix Apps has the ability to redirect any file operation from one file (or directory) to another.  We can use this to redirect from taskmgr.exe to any other executable.

In the RuleEditor create a new Rule Set and add two File Redirect Rules:

  1. Redirect C:\Windows\System32\taskmgr.exe -> C:\Program Files(x86)\TSTaskman\TSTaskman.exe
  2. Redirect C:\Windows\SysWOW64\taskmgr.exe -> C:\Program Files(x86)\TSTaskman\TSTaskman.exe

task_manager_1

This will cause the redirection to happen. Look at the “Assigning the Policy to Users/Groups” section to see how to specify which users this RuleSet should apply to.

Registry Value Hiding

Microsoft’s Process Explorer can register itself as a Task Manager replacement.  It does this by specifying itself as the “debugger” for the taskmgr.exe application. We’ll use this registry trick to register TSTaskman as the Task Manager replacement, and then control whether or not a user gets the normal Task Manager by hiding the key (if the key is not present, the normal Task Manager is launched).

First, create a “Debugger” value in the registry under HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe and specify for the value’s data the path the new executable:

 task_manager_2

Then in the RuleEditor create a Registry Value Hiding Rule that hides the taskmgr.exe key (or just the “Debugger” value):

task_manager_3

Now users that have this RuleSet applied will use the normal Task Manager while those users that this does not apply to will use TSTaskman.  See the “Assigning the Policy to Users/Groups” section to see how to specify which users this RuleSet should apply to.

Registry Value Redirection

The last way we’ll look at solving this problem will be using Registry Value redirection.  FSLogix Apps can simply redirect accesses targeted at a registry value to another value.

First, create some alternate values (can be in different keys if desired) that contain the data we want presented.

task_manager_4

Now create a RuleSet and create a Redirect Rule like this:

task_manager_5

See the “Assigning the Policy to Users/Groups” section to see how to specify which users this RuleSet should apply to.

Assigning the Policy to Users/Groups

This RuleSet can be applied to users, groups, processes (applications), network locations (IP address), computer objects, and Active Directory containers.

In the RuleEditor, choose File | Manage Assignments. This will bring up the “Assignments” dialog.  Click the “Add” button to specify any of these objects:

task_manage4_6

Summary

In this article we’ve covered a few different ways that FSLogix Apps can be used to do something that I don’t know of any other way to do, control what application users get when they start Task Manager.

Topics: Tips and Tricks

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all

Follow Me