For the longest time I’ve been using Sysinternals’ pstools to list and kill tasks on the remote computers without knowing that Windows actually has similar command lines already included with maybe even features. Let’s take look.
Tasklist
Tasklist can be used to provide a current list of all tasks currently running on your PC. Sounds redundant with Task Manager? But it comes with a lot more features.
Running tasklist alone without any parameters returns a full list of running tasks on your computer. Adding a /SVC switch will show the services related to each task, or /v to obtain more details on each task, or /M to locate all associated .dll files. Moreover, you can use /FI to filter out the noise to display the only ones you want to see.
For example, the following command returns a list of .dll files used to run Internet Explorer.
tasklist /m /fi "imagename eq iexplore.exe"
You can also use /fo to specify the output format, either List, Table, or CSV. Running
tasklist /m /fi "imagename eq iexplore.exe" /fo list
actually returns something like this:
And with “> filename” added to the end you can export the list to a plain text file that you can email to someone else.
To access these same info from a remote computer, simply add “/s computername” to the command. For example, the following command lists all running tasks from a remote system called “kc-vm7”.
tasklist /s kc-vm7
Interested? Check out tasklist /?
for more information.
TaskKill
You can terminate one or multiple tasks using Taskkill command by either process id (PID) or image name.
Command taskkill /im iexplore.exe
kills all Internet Explorer browsers on your computer.
You can apply a filter with /FI to kill a bunch of tasks at once. Or use /T to terminate the specified process and any child processes started by it. For those stubborn ones, use /F to forcefully terminate them.
Same as Tasklist, to terminate tasks running on a remote computer, simply use /s computername. For example, running the following command kills all Internet Explorer process on a remote computer called kc-vm7.
taskkill /s kc-vm7 /im iexplore.exe
With the ability checking and terminating processes running on remote computers, it makes things a lot easier to my day-to-day work.
PowerShell
To get a list of processes running on a remote computer:
Get-WmiObject -Class Win32_Process -ComputerName $computer | Select-Object -Property Name, CommandLine
To find a specific process running on a remote computer:
Get-WmiObject -Class Win32_Process -ComputerName $computer | Where-Object {$_.name -eq $processname}
To terminate that specific process on a remote computer:
(Get-WmiObject -Class Win32_Process -ComputerName $computer | Where-Object {$_.name -eq $processname}).Terminate()
Or,
$process = Get-WmiObject -Class Win32_Process -ComputerName $computer | Where-Object {$_.name -eq $processname} if ($process) { $process.Terminate() } else { $processname + " is not running on " + $computer }