Automatic Maintenance > What does advapi32.dll ProcessIdleTasks do? W…

…hich tasks consume the most time?

Automatic Maintenance > What does advapi32.dll ProcessIdleTasks do? Which tasks consume the most time?

CONTENT/RESEARCH/WINSCHTASKS/README.md

@@ -1 +1,46 @@
-Placeholder
+## Windows Task Scheduler
+### Automatic Maintenance
+#### Q: What does advapi32.dll ProcessIdleTasks do? Which tasks consume the most time?
+As per the Microsoft article [ProcessIdleTasks](https://learn.microsoft.com/en-us/previous-versions/windows/desktop/axe/support-processidletasks) *requests the system run the maintenance tasks scheduled to run when the system is idle.* More specifically it runs all scheduled tasks that have (1) Idle conditions OR (2) those configured for [Automatic maintenance](https://learn.microsoft.com/en-us/windows/win32/taskschd/task-maintenence). The automatic maintenance tasks that take the most time are RunFullMemoryDiagnostic, WinSAT, Windows Defender Cache Maintenance, Cleanup and Verification. 
+
+To learn more see Findings and Analysis.
+
+<details><summary><ins>Findings and Analysis</ins></summary>
+
+ **To get a list of Automatic Maintenance tasks you can run the command below in Powershell as an administrator:**
+- ```Get-ScheduledTask | ? {$_.Settings.MaintenanceSettings} | Out-GridView```
+
+**To get a list of actively running scheduled tasks, use either of the following commands:**
+- ```SCHTASKS /Query | find /i "Running"```
+- ```Get-ScheduledTask | where state -eq 'Running'```
+
+**Automatic maintenance tasks that consume the most time are:**
+- Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
+   - Is usually the last one running, SYSTEM consuming 12-14% CPU in task manager.
+   - If you disable this task then it could save a lot of time.
+- Microsoft\Windows\Windows Defender
+   - Windows Defender Cache Maintenance (1), Cleanup (2) and Verification (3)
+- Microsoft\Windows\Maintenance\WinSAT
+   - Only runs if a score hasn't been determined yet, or stats haven't been reset.
+
+**If you wanted to take it a step further to validate which are being run, you can open "Event Viewer" and enable logging for the event log below then run ProcessIdleTasks. Then review the event audits being generated by each task.**
+ - Applications and Services Logs\Microsoft\Windows\TaskScheduler\Operational
+ - Log Name: Microsoft-Windows-TaskScheduler/Operational
+
+**Task Scheduler aligns with the following XML format and definitions**
+- https://learn.microsoft.com/en-us/windows/win32/taskschd/task-scheduler-schema?redirectedfrom=MSDN
+- https://learn.microsoft.com/en-us/windows/win32/taskschd/taskschedulerschema-maintenancesettings-maintenancesettingstype-element
+
+**To see the XML definitions for your scheduled tasks you can use Windows Explorer to browse to the following path, it has the same structure as in Task Scheduler, and a XML file for each registered task.**
+- ```%systemroot%\System32\Tasks```
+
+**References:**
+- https://learn.microsoft.com/en-us/previous-versions/windows/desktop/axe/support-processidletasks
+- https://learn.microsoft.com/en-us/windows/win32/taskschd/task-maintenence
+- https://learn.microsoft.com/en-us/windows/win32/w8cookbook/automatic-maintenance
+- https://learn.microsoft.com/en-us/windows/win32/taskschd/task-scheduler-schema
+- https://learn.microsoft.com/en-us/windows/win32/taskschd/taskschedulerschema-maintenancesettings-maintenancesettingstype-element
+
+</details></br>
+
+