TwitterFacebookLinkedIn Perhaps youre working happily on a remote Windows server, then find a process that runs awry using up valuable CPU cycles. What do you do? Kill it! Show
In this tutorial, you will learn how to kill a Windows process using native utilities, third-party utilities, and PowerShell. You will first learn how to examine the running processes in Windows and then kill running processes. Table of Contents
PrerequisitesIf youd like to follow along with the steps in this tutorial, be sure you have the following ahead of time:
Querying Remote Windows Process with TasklistSince Windows XP, there has been a helpful tool called tasklist. Tasklist is a handy tool that queries processes on remote computers. Before you can kill a process, you must first discover them! Open a PowerShell session or command prompt on your desktop and type in the following command to display all the running processes on your remote computer. The command below queries a remote computer (/S) authenticating the connection with the administrator username (/U) and password (/P). tasklist /S WIN-BANGJIEFNOC.local.net /U administrator /P passwordYoull notice below that the Session Name does not appear. Since youre running tasklist on a remote computer, tasklist does not provide the Session Name. list of processes on a remote server Perhaps you prefer only to list a single process. Not a problem. To do that, specify the /FI parameter. The /FI parameter accepts a query that is passed to the tasklist to filter out specific processes. tasklist /S WIN-BANGJIEFNOC.local.net /fi "imagename eq notepad.exe" /U administrator /P 'password'The output of tasklist showing a specific process Querying Remote Windows Process with PSListAnother tool to view running processes is PSList, and this utility is part of the Sysinternals Suite. This suite of tools has been around for many years and was created by Mark Russinovich, CTO of Azure! Lets get started on how you can view running processes on a remote computer. 1. Open a PowerShell session or command prompt on your desktop and change the directory to where you extracted the Sysinternal Suite. 2. In your PowerShell session, run the following command to display the running processes on the remote computer and associated CPU usage in real-time. The command below runs pslist to query all remote Windows processes on the WIN-BANGJIEFNOC computer authenticating the Administrator username (-u) and password (-p). The command uses the -s switch turns pslist into task manager mode that repeatedly updates the list. .\pslist \\WIN-BANGJIEFNOC.local.net -u Administrator -p 'password' -s You now see the following output from running that command; for this article, you are concerned with 3 of these values. As shown below.
The other values are memory-related and beyond the scope of this article. Output in real-time of pslist 3. Since step two used the -s switch, hit Ctrl-C to quit pslist to get back to the console.
Killing Processes By Process Name with PSKillOnce you know how to find remote processes, lets now dive into how to kill them. To start, lets cover the pskill utility. First, learn how to kill processes by process name. 1. Ensure you have a process you can kill on your remote server. This tutorial will use the notepad process. 2. Open a PowerShell session or command prompt on your local desktop and change the directory to where you extracted the Sysinternal Suite and run the following command. You can see the syntax for pskill is similar to pslist. .\pskill.Exe \\WIN-BANGJIEFNOC.local.net -u administrator -p 'password' -e notepad.exeOutput of pskill 3. Now, run pslist, as explained in the previous section, to confirm the process is indeed stopped. .\pslist \\WIN-BANGJIEFNOC.local.net -u Administrator -p 'password' -e notepad.exeOutput of pslist Killing Processes By Process ID with PSKillKilling the process by name might be good enough for your needs if only a single instance of that process is running or you want to kill all processes with that name. What if youre going to kill a particular instance of a running process? The following steps will demonstrate this. 1. On your remote server, open Notepad twice; you will kill one of these processes in this demonstration; you can of course, substitute other processes. 2. Run the following command taking note of one of the Pids as shown below; you need that for the next step. .\pslist \\WIN-BANGJIEFNOC.local.net -u Administrator -p password -e notepadUsing pslist to list PIDs of Notepad 3. Using the PID, now run pskill, providing the PID as the last argument. .\pskill.Exe \\WIN-BANGJIEFNOC.local.net -u administrator -p password 1984The output of pskill for a particular PID 4. Finally, check that you still have one instance of Notepad running by rerunning pslist. You should now only see a single instance of Notepad running. Output of pslist Killing Remote Windows Processes with TaskKill by NameThe taskkill utility is native to Windows and includes further command-line options for restarting processes by username and application name. Lets get started and kill Notepad again! Kill Process by Name1. On your remote server, open Notepad; Notepad is the process you will kill in this demonstration; you can, of course, substitute another process. 2. Open a PowerShell session or command prompt on your desktop. Typing the following command will kill notepad.exe taskkill /S WIN-BANGJIEFNOC.local.net /you administrator /p password /IM notepad.exeThe output is shown below: /IM is the parameter for Image; in this case, it is notepad.exe The output of taskkill command 3. To confirm the process is stopped, run tasklist. You should now see no tasks are matching that filter. tasklist /S WIN-BANGJIEFNOC.local.net /fi "imagename eq notepad.exe" /U administrator /P 'password'Output of tasklist using imagename Killing Remote Windows Processes with TaskKill by PIDKilling a process with taskkill using a PID isnt much different than using the process name. But, since you cant use the name, youll first need to find the PID and then pass that to taskkill. Assuming you Notepad running on your remote Windows host: 1. Run tasklist as shown below to find the PID of the Notepad process. Take note of one of the PIDs as shown below; you need that for the next step. tasklist /S WIN-BANGJIEFNOC.local.net /fi "imagename eq notepad.exe" /U administrator /P 'password'the output of tasklist to view PIDS 2. Now, run taskkill providing the PID as the last argument. taskkill /S WIN-BANGJIEFNOC.local.net /u administrator /p 'password' /PID 3776The output of taskkill specifying a particular PID 3. Finally, run tasklist to confirm the process is stopped. Output of tasklist Killing a Remote Windows Process with PowerShellPowerShell gives you a couple of options for killing remote processes; the first cmdlet Stop-Process cannot natively kill a remote process, as it does not have an option to specify a computer name. But, you can get around this issue by running Stop-Process remotely via PowerShell Remoting. Related:PowerShell Remoting: The Ultimate Guide 1. If your host and remote server are not in an Active Directory domain, first provide a username and password, creating a PSCredential object. Related:Using the PowerShell Get-Credential Cmdlet and all things credentials $credentials = Get-CredentialSetting up credentials 2. Next, since the tutorial will use SSL to connect to the remote computer and use a self-signed certificate, create a PSSessionOption that will skip the certificate check for a trusted certificate authority. $PSSessionOption = New-PSSessionOption -SkipCACheck3. Now, connect to the server with the Enter-PSSession command, which establishes an interactive session to the remote server. The command below is connecting to the WIN-BANGJIEFNOC.local.net computer using the username and password provided above (Credential), skipping the certification authority check (SessionOption), and connecting via SSL (UseSSL). Enter-PSSession -ComputerName WIN-BANGJIEFNOC.local.net -Credential $credentials -SessionOption $PSSessionOption -UseSSLUsing Enter-PsSession for an interactive session 4. Once youre connected to the remote host, check the process you want to kill by running Get-Process. In this case, youll see the notepad process. Get-Process -ProcessName NotepadOutput of Get-Process 5. To kill this process, run Stop-Process, as shown below. Stop-Process -ProcessName Notepad6. Finally, confirm youve killed the process by rerunning Get-Process, and you should receive an error message. Checking for Notepad as a running process
ConclusionYou have learned about different methods of killing remote processes and how to overcome situations where network firewall rules might stop utilities from working correctly; this tutorial might have also helped you fix Windows. The utilities you learned about are potent tools; use with care! Subscribe to Stay in TouchNever miss out on your favorite ATA posts and our latest announcements!Subscribe to Adam the Automator for updates: More from Adam The Automator & Friends
RelatedMeet Our SponsorsPluralSight Courses
|