Although some of its new functions, like the "command line" column in the task list or performance graph, many users does not loke the new version and layout of Task Manager in Windows 8. The old Task Manager provides a more consistent way of task management for these users, it is familiar and the new one does not remember the last active tab. So you could want the good old, sometimes more usable, Task Manager back in Windows 8. Let's see how to do that with a few simple steps.

Download the ZIP file from the below link (containing classic Task Manager files from Windows 8's boot.wim) and unpack the TM folder into the root of your system drive. You should get the following:

Open System Properties and check which version of Windows 8 you are running - x86 and x64. In this example is x64:

Double-click on the appropriate reg file . e.g. click on install_x64.reg file if you have Windows 8 x64 like me, otherwise click on the install_x86.reg file.

That's it! You don't need to reboot, you don't to do anything else. Just press the Ctrl+Shift+Esc keys on your keyboard and enjoy the return of your good old friend:

Note: Import the UNINSTALL_x86_or_x64.reg file to restore the "new" Task Manager of Windows 8 back.

How does it work: in the example above, we used the old, famous trick with the "debugger" option. As you may or may not be knowing, you can specify a debugger application for every executable file in Windows. It is possible to set it via the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

Here you can see a list of executable files. It is possible to create the "debugger" option for every file shown in that list.

The "debugger" option usually contains the full path to the executable file which should act as the debugger. It will get the full path to the running executable file. We can use this to override the executable file of Task Manager.

We have extracted the genuine Taskmgr.exe and Taskmgr.exe.mui from the boot.wim file of Windows 8. But we can't use them directly, because the files have the same names as the new Task Manager from Windows 8. Also, even though replacing them is possible, SFC /scannow will restore the "original" one when it runs. So the files must be renamed before we can set the old Task Manager as the debugger.

The Debugger trick

There is a registry key called "Image File Execution Options" under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion which is normally used for debugging purposes (which we have used previously to replace with the old legit version of the Task Manager in Windows 8).

There is a specific string value that we can use to accomplish our demand of preventing the processes to run. It's the "Debugger" REG_SZ value.

This value is used to include a debugger that should launch the process whenever there is a demand for the OS to spawn it. If you create a key named "Calc.exe" under "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" and add a REG_SZ value called "Debugger" and set it to, for instance, a program like notepad.exe (Debugger = C:\Windows\System32\notepad.exe) the effect will be such that whenever you try to execute the program calc.exe (regardless of user and regardless of how) the program notepad.exe will be called instead and it will spawn the calc.exe itself within the debugger.

All right, so now we just need to be creative and find a way to, instead of run a debugger, just prevent the process to be spawned. Here is one way:

Create a registry key with the name of the process you want to prevent to execute. Example: calc.exe:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\calc.exe

Under this new key you've just created, create a SZ value called "Debugger" and set it to the following value:

REG_SZ Debugger = "cmd.exe /c echo  %time% %date% >> C:\ExecBlocked.log"

That's it. You don't need to restart anything or reboot the machine. From now on you will not only be unable to run calc.exe as whenever you try to do it the file ExecBlocked.log will get the attempt to execute recorded with the date/time information.

Download

To download the archive attached to this article you will need to register and/or login on Heelpbook. It's totally free (no hidden fees). :-)

[wpfilebase tag="file" id="208"]