How to Kill a Windows Process on a Remote System

choubertsprojects

VPN offers!

1. NordVPN

2. Surfshark

3. ExpressVPN

Learn how to kill a process on a remote system using the built-in tools in Windows.

The “taskkill remote computer” is a command-line tool that allows users to kill processes on a remote system. It can be used in many different ways, but the most common use is to kill tasks on a remote computer.

How to Kill a Windows Process on a Remote System

Perhaps you’re blissfully working on a distant Windows server when you notice a process that’s hogging CPU cycles. So, what exactly do you do? Assassinate it!

You’ll learn how to stop a Windows process using native tools, third-party programs, and PowerShell in this article. You’ll first learn how to investigate running processes in Windows before moving on to killing them.

Prerequisites

If you want to follow along with this lesson, make sure you have the following items on hand:

  • A computer that runs on Windows — All of the demonstrations in this lesson will run on Windows 10, however Windows 7 and above will also function.
  • To kill the remote tasks, use a Windows Server or another Windows desktop as your target. The remote server in this tutorial is a solitary Windows Server 2016.
  • The Microsoft Sysinternals Suite.
  • Windows PowerShell 5 or above is required. PowerShell v7.1.3 is used in this lesson.

Using Tasklist to Interrogate Remote Windows Processes

A useful feature named tasklist has been available since Windows XP. Tasklist is a useful tool for checking the status of processes on distant machines. You must first uncover a process before you can terminate it!

To see all the running processes on your remote computer, open a PowerShell session or a command prompt on your desktop and execute the following command.

The command below connects to a remote computer (/S) by using the administrator username (/U) and password (/P) to authenticate the connection.

/U administrator /P password tasklist /S WIN-BANGJIEFNOC.local.net

You’ll note that the Session Name is missing from the list below. Because tasklist is operating on a remote machine, it does not supply the Session Name.

a list of remote server processes a list of remote server processes

Perhaps you’d rather simply include one procedure. It’s not an issue. Use the /FI argument to do this. To filter out certain processes, the /FI argument takes a query that is supplied to the tasklist.

/U administrator /P ‘password’ tasklist /S WIN-BANGJIEFNOC.local.net /fi “imagename eq notepad.exe”

The tasklist output displaying a particular process. The tasklist output displaying a particular process.

PSList Querying Remote Windows Processes

PSList, which is part of the Sysinternals Suite, is another tool for seeing ongoing processes. This set of tools has been around for a long time and was designed by Azure’s CTO, Mark Russinovich!

Let’s look at how you can see what’s going on on a distant computer.

1. On your desktop, open a PowerShell session or a command prompt and go to the location where you extracted the Sysinternal Suite.

2. Run the following command in your PowerShell session to see the running processes on the remote machine and their corresponding CPU utilization in real time.

The command below uses the Administrator account (-u) and password to query all remote Windows processes on the WIN-BANGJIEFNOC PC using pslist (-p).

The -s option causes pslist to enter “task manager mode,” which refreshes the list on a regular basis.

If you’re using a Sysinternals utility for the first time, a banner may display asking you to accept the EULA; click OK.

.pslist WIN-BANGJIEFNOC.local.net -u Administrator -p ‘password’ -s WIN-BANGJIEFNOC.local.net -u Administrator -p ‘password’ -s

You should now get the following output from that command; you’re only interested in three of these numbers for this article. As indicated in the diagram below.

  • The name of the procedure.
  • The PID number may be utilized to terminate a remote process. Pid: Process Identifier, a vital value used in this tutorial. It’s a process’s numerical identifier.
  • CPU: This displays the use of your total available CPU in near real-time.

The other values have to do with memory and are outside the scope of this essay.

pslist output in real-time pslist output in real-time

3. Since the -s option was used in step two, press Ctrl-C to exit pslist and return to the terminal.

Use the -e option followed by the process name to narrow down the list of processes returned, for example, -e Winlogon.

PSKill allows you to kill processes by their names.

Let’s look at how to stop remote processes now that you know how to detect them. Let’s start with the pskill command. Learn how to stop processes by their names first.

1. Make sure you have a process on your remote server that you can terminate. The notepad method will be used in this lesson.

2. On your local desktop, open a PowerShell session or a command prompt, move to the location where you extracted the Sysinternal Suite, and enter the following command. The syntax of pskill is identical to that of pslist.

WIN-BANGJIEFNOC.local.net.pskill.Exe -u administrator -p ‘password’ -e notepad.exe WIN-BANGJIEFNOC.local.net.pskill.Exe WIN-BANGJIEFNOC.local.net.pskill.Exe WIN-BANGJIEFNOC.

pskill's output pskill’s output

3. Now, as described in the previous step, run pslist to verify that the process has been terminated.

.pslist WIN-BANGJIEFNOC.local.net -u Administrator -p ‘password’ -e notepad.exe WIN-BANGJIEFNOC.local.net -u Administrator -p ‘password’ WIN-BANGJIEFNOC.local.net -u Administrator -p

pslist's output pslist’s output

PSKill: Killing Processes by Process ID

If just a single instance of that process is running or you wish to terminate all processes with that name, killing the process by name could suffice. What if you want to terminate a specific instance of a running process? This will be shown in the phases that follow.

1. Open Notepad twice on your distant server; you will terminate one of these processes in this example; other processes may, of course, be substituted.

2. Execute the following command, noting one of the Pids as given below; you’ll need it in the next step.

.pslist WIN-BANGJIEFNOC.local.net -u Administrator -p password -e notepad WIN-BANGJIEFNOC.local.net -u Administrator -p password -e notepad

Using pslist to list PID's of Notepad Using pslist to get a list of Notepad’s PIDs

3. Now, using the PID, run pskill with the PID as the last input.

WIN-BANGJIEFNOC.local.net.pskill.Exe -u administrator -p password 1984

The pskill's output for a particular PID The pskill’s output for a particular PID

4. Finally, restart pslist to see whether you still have one instance of Notepad running. There should only be one instance of Notepad running now.

pslist's output pslist’s output

TaskKill by Name: Killing Remote Windows Processes

Taskkill is a native Windows program that supports additional command-line parameters for resuming processes by username and application name. Let’s get this party started by killing Notepad once again!

Kill Processes by Their Names

1. Open Notepad on your remote server; Notepad is the process you’ll kill in this demonstration; you can, of course, use another process instead.

2. On your desktop, open a PowerShell session or a command prompt. The following command will terminate notepad.exe.

/you administrator /p password /IM notepad.exe taskkill /S WIN-BANGJIEFNOC.local.net

The following is the output:

The argument for Image is /IM, which in this instance is notepad.exe.

The taskkill command's output The taskkill command’s output

3. Run tasklist to ensure the process has been terminated. There should be no jobs that fit that criteria presently.

/U administrator /P ‘password’ tasklist /S WIN-BANGJIEFNOC.local.net /fi “imagename eq notepad.exe”

Tasklist output with imagename Tasklist output with imagename

TaskKill by PID kills remote Windows processes

Using a PID to terminate a process with taskkill is similar to using the process name. However, since you won’t be able to use the name, you’ll have to first locate the PID and then send it to taskkill.

Assume you’re using Notepad on your remote Windows host:

1. To discover the PID of the Notepad process, run tasklist as shown below. Make a mental note of one of the PIDs listed below; you’ll need it for the following step.

/U administrator /P ‘password’ tasklist /S WIN-BANGJIEFNOC.local.net /fi “imagename eq notepad.exe”

To see PIDS, use the tasklist output. To see PIDS, use the tasklist output.

2. Then, as the final parameter, execute taskkill with the PID.

/S WIN-BANGJIEFNOC.local.net /u administrator /p ‘password’ /PID 3776 taskkill /S WIN-BANGJIEFNOC.local.net /u administrator /p ‘password’

The taskkill output that specifies a specific PID. The taskkill output that specifies a specific PID.

3. Finally, run tasklist to ensure that the process has been terminated.

The tasklist's output The tasklist’s output

Using PowerShell to Terminate a Remote Windows Process

PowerShell has a handful of alternatives for terminating remote processes; however, the first cmdlet Stop-Process does not include an option to supply a machine name, therefore it cannot natively terminate a remote process. However, you may get around this problem by using PowerShell Remoting to perform Stop-Process remotely.

The Ultimate Guide to PowerShell Remoting

1. If your host and remote server are not in the same Active Directory domain, create a PSCredential object by providing a username and password.

Using the Get-Credential Cmdlet in PowerShell and all things credentials

Get-Credential $credentials

Creating login credentialsCreating login credentials

2. Next, add a PSSessionOption that skips the certificate verification for a trustworthy certificate authority since the tutorial will utilize SSL to connect to the remote machine and use a self-signed certificate.

$PSSessionOption = New-PSSessionOption -SkipCACheck; $PSSessionOption = New-PSSessionOption -SkipCACheck; $PSSes

3. Use the Enter-PSSession command to connect to the server, which opens an interactive session with the remote server.

The command below connects to the WIN-BANGJIEFNOC.local.net machine over SSL, using the username and password supplied above (Credential), bypassing the certification authority check (SessionOption), and using the username and password provided above (Credential) (UseSSL).

-ComputerName WIN-BANGJIEFNOC.local.net -Credential Enter-PSSession -SessionOption $PSSessionOption -UseSSL $credentials

For an interactive session, use Enter-PsSession. For an interactive session, use Enter-PsSession.

4. Once you’ve established a connection to the remote server, use Get-Process to identify the process you wish to terminate. You’ll observe the notepad procedure in this situation.

Notepad -ProcessName Get-Process

Get-Process output Get-Process output

5. Run Stop-Process as mentioned below to terminate this process.

-ProcessName Notepad -Stop-Process

6. Finally, run See-Process again to make sure you’ve stopped the process; you should get an error message.

Checking for the presence of Notepad as an active process Checking for the presence of Notepad as an active process

If you’d like to stop a remote Windows process non-interactively, use the Invoke-Command command using the following parameters: Invoke-Command -ComputerName WIN-BANGJIEFNOC.local.net -Credential $credentials -ScriptBlock {-ProcessName Notepad -Stop-Process} -UseSSL. Encapsulating the Stop-Proces command in the ScriptBlock parameter sends the command to the remote host.

Conclusion

This lesson may have also assisted you in fixing Windows by teaching you how to terminate remote programs and how to circumvent instances when network firewall restrictions prevent tools from running properly.

The tools you’ve learnt about are powerful weapons; use them with caution!

The “tasklist remote computer” command is used to list the tasks running on a remote computer. It can be useful for killing processes on a remote system.

Related Tags

  • how to open task manager on remote desktop windows 10
  • kill process remotely powershell
  • kill process on remote server linux
  • check if process is running on remote machine
  • powershell check if process is running on remote computer