Windows 7 / Getting Started

Windows Search Engine Processes

The new Windows Search engine in Windows 7 and Windows Vista is based on the MSSearch indexing and search engine developed previously for SQL Server, SharePoint Portal Server, Microsoft Office SharePoint Server, and other Microsoft products. The new Windows Search engine replaces the Indexing Service (Cisvc.exe) used in earlier Windows platforms, including Windows XP and Windows Server 2003.

The Windows Search engine logically consists of the following four processes:

  • Indexer process The indexer process (SearchIndexer.exe) is the main feature of the Windows Search engine and is responsible for core indexing and querying activity on the system. This process is implemented as a Windows service named Windows Search service (WSearch) and is exposed for management in the shell through the Service Control Manager (Services.msc). This service runs in the context of the LocalSystem account but has all privileges removed except for the following two privileges:
    • SE_BACKUP_PRIVILEGE This privilege allows the service to read every file on the system so that it can be indexed.
    • SE_MANAGE_VOLUME_PRIVILEGE This privilege allows the service to interact with the NTFS change journal.
  • System-wide Protocol Host The system-wide Protocol Host (SearchProtocolHost. exe) is a separate process that hosts protocol handlers to isolate them from the main indexer process. Protocol handlers are plug-ins assessing different stores, retrieving documents, and pushing the information to the SearchFilterHost process for filtering. The system-wide Protocol Host runs within the same LocalSystem context as the main indexer process. This security context is needed because the Protocol Host requires access to all files on the system. The system-wide Protocol Host also supports crossuser notifications and enumeration of per-computer data stores such as the local file system.
  • Per-user Protocol Host The per-user Protocol Host (also SearchProtocolHost.exe) is another separate process that hosts protocol handlers to isolate them from the main indexer process. The difference between this process and the system-wide Protocol Host is that this process runs within the security context of the logged-on user. (If two users are logged on to the computer using Fast User Switching, it is likely that two per-user Protocol Hosts will be running.) A per-user Protocol Host is necessary because some data stores must be accessed using the credentials of the logged-on user to be indexed. Examples of such stores include Outlook e-mail (using MAPI), the CSC, and remote file shares.
  • Search Filter Host process This process (which runs as SearchFilterHost.exe) hosts IFilters, which are used to extract text from files and other items. IFilters are hosted within a separate process instead of within the main indexer process to protect the Windows Search service from possible crashes and ensure the stability and security of the indexing engine. This process is needed because, although many IFilters are written by Microsoft, other IFilters may be written by third-party vendors and are therefore considered to be untrusted code. Hosting IFilters within a separate process (such as a filtering host) that has very restricted permissions (such as a restricted token) provides a level of isolation that protects the main indexer process if an IFilter crashes. The indexer process runs a single instance of SearchFilterProcess.exe, and this process holds all IFilter parsing documents that come from the system-wide and per-user SearchProtocolHost processes. This Search Filter Host process only reads streams of content, runs IFilters, and returns text to the indexer process.

In normal operation, each of these processes starts immediately after Windows boots and the desktop appears. The main indexer process (SearchIndexer.exe) is the only one that always continues to run, however-the other processes may or may not be running, depending on the immediate needs of the Windows Search engine. The main indexer process uses the standard service control mechanism (Service Control Manager) to detect when the service is not running and restart itself. The conditions for restarting the service can be found on the Recovery tab of the Windows Search Service Properties dialog box, which can be viewed using the Services console. These restart conditions are as follows:

  • Restart the service immediately after the first failure occurs.
  • Restart the service immediately after the second failure occurs.
  • Take no action after subsequent failures occur.
  • Reset the failure count after 1 day.

Additional applications can also attempt to restart the indexer if it stops. For example, Windows Explorer does this whenever you attempt to execute a search from either the Start menu or Search Explorer. You can see this by stopping the Windows Search service and then typing in the Start menu or the Explorer search box. To prevent Windows Explorer or any other application from restarting the Windows Search service, you must disable the service, not just stop it.

[Previous] [Contents] [Next]

In this tutorial:

  1. Managing Search
  2. Search and Indexing Enhancements
  3. Search in Windows XP
  4. Search in Windows Vista
  5. Search in Windows 7
  6. Understanding the Windows Search Versions
  7. Search Versions Included in Windows 7 and Windows Vista
  8. Search Versions Included in Windows Server 2008
  9. Search Versions Available for Earlier Versions of Windows
  10. How Windows Search Works
  11. Understanding Search Engine Terminology
  12. Windows Search Engine Processes
  13. Enabling the Indexing Service
  14. Windows Search Engine Architecture
  15. Understanding the Catalog
  16. Default System Exclusion Rules
  17. Understanding the FANCI Attribute
  18. Default Indexing Scopes
  19. Initial Configuration
  20. Understanding the Indexing Process
  21. Modifying IFilter Behavior
  22. How Indexing Works
  23. Rebuilding the index
  24. Viewing Indexing Progress
  25. Understanding Remote Search
  26. Managing Indexin
  27. Configuring the Index
  28. Configuring the Index Location Using Group Policy
  29. Configuring Indexing Scopes and Exclusions Using Group Policy
  30. Configuring Offline Files Indexing
  31. Configuring Indexing of Encrypted Files
  32. Configuring Indexing of Encrypted Files Using Control Panel
  33. Configuring Indexing of Similar Words
  34. Configuring Indexing of Text in TIFF Image Documents
  35. Other Index Policy Settings
  36. Using Search
  37. Configuring Search Using Folder Options
  38. Configuring What to Search
  39. Configuring How To Search
  40. Using Start Menu Search
  41. Searching Libraries
  42. Advanced Query Syntax
  43. Using Federated Search
  44. Deploying Search Connectors
  45. Troubleshooting Search and Indexing Using the Built-in Troubleshooter