Thursday, June 14, 2012

How to kill process running in a remote computer using command prompt

Windows servers maintaining is not a simple task and most of the time need to log in to servers and kill some running process and some time need to start the processes or applications. So this is a method to kill a process running on a remote computer using dos command in windows environment. You can use this method to kill a process in you local PC too. You can directly run this command in command prompt or also can run as saved bat file.


TASKKILL /S system /U username /P password /FI filter /PID processid or /IM imagename /F /T





Parameter List:
-----------------------------------------------------------------------------------------------------------
/S system Specifies the remote system to connect to.

/U [domain\]user Specifies the user context under which
the command should execute.

/P [password] Specifies the password for the given
user context. Prompts for input if omitted.

/F Specifies to forcefully terminate
process(es).

/FI filter Displays a set of tasks that match a
given criteria specified by the filter.

/PID process id Specifies the PID of the process that
has to be terminated.

/IM image name Specifies the image name of the process
that has to be terminated. Wildcard '*'
can be used to specify all image names.

/T Tree kill: terminates the specified process
and any child processes which were started by it.

/? Displays this help/usage.



Filters:
-----------------------------------------------------------------------------------------------------------
STATUS eq, ne RUNNING | NOT RESPONDING
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eq, ne, gt, lt, ge, le Session number.
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format
of hh:mm:ss.
hh - hours,
mm - minutes, ss - seconds
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB
USERNAME eq, ne User name in [domain\]user
format
MODULES eq, ne DLL name
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title

NOTE: Wildcard '*' for the /IM switch is accepted only with filters.

NOTE: Termination of remote processes will always be done forcefully
irrespective of whether /F option is specified or not.

Examples:
-----------------------------------------------------------------------------------------------------------
TASKKILL /S system /F /IM notepad.exe /T
TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
TASKKILL /F /IM notepad.exe /IM mspaint.exe
TASKKILL /F /FI "PID ge 1000" /FI "WINDOWTITLE ne untitle*"
TASKKILL /F /FI "USERNAME eq NT AUTHORITY\SYSTEM" /IM notepad.exe
TASKKILL /S system /U domain\username /FI "USERNAME ne NT*" /IM *
TASKKILL /S system /U username /P password /FI "IMAGENAME eq note*"



3 comments:

  1. My partner and I absolutely love your blog and find a lot of your post's to be precisely what I'm looking for. Do you offer guest writers to write content in your case? I wouldn't mind composing a post or elaborating on a few of the subjects you write regarding here.

    ReplyDelete
  2. It might be beneficial to bundle this with PowerShell to add an ability to search process by name, not by process id.

    For example search for Dropbox.exe process id:
    Get-WmiObject -Class Win32_Process -Computer RemoteComputerName | Select-Object Name, ProcessId | Where-Object -FilterScript {$_.Name -like "Dropbox.exe"}

    Or search for the same exe on all computers in an AD domain:
    Get-ADComputer | ForEach-Object {Get-WmiObject -Class Win32_Process -Computer RemoteComputerName | Select-Object Name, ProcessId | Where-Object -FilterScript {$_.Name -like "Dropbox.exe"}}

    You can easily add taskkill as shown in this article to kill process by name on all computers in an AD domain.

    Here is more detailed syntax on how to search/filter processes on remote computers: https://www.action1.com/kb/list_of_running_processes_on_remote_computer.html

    ReplyDelete