Killing processes in Windows has long been the easiest way to deal with unresponsive programs that won’t close using the usual means by clicking the “X” in the top right-hand corner. Generally speaking, using the Windows Task Manager is the first method most use to find and close processes that are not responding. However, using the command line, we can leverage command prompt commands and PowerShell to kill processes. Let’s see how.
Task Manager may not be the best tool
The classic Windows Task Manager is the go-to for many when it comes to process management. However, launching Task Manager might not always be the best solution, especially in cases where processes need to be ended on remote computers or the tool won’t launch for whatever reason.
Task manager has long been the tool in Windows to kill processes.
For that, we need to use the command line, including the classic command prompt, and we can also use PowerShell to kill a process.
Tasklist and Taskkill
Let’s first look at how to use the traditional command line to find and kill processes using tasklist and taskkill.
Each running process in a Windows environment is assigned a unique process id (PID). This identification and the image name make it easier for users to single out specific processes. The process name and the PID are essential when deciding which process to terminate.
Before killing a process using taskkill, you often use tasklist to identify the running processes.
tasklist
You can use the “/?” parameter to view the command help.
Killing a Process Using its Name (Image Name)
The /IM switch allows you to specify the image name (essentially the process name) of the process you want to terminate.
taskkill /IM notepad.exe /F
Killing a Process Using its PID
Using the /PID switch, you can target a specific process using its Process ID.
taskkill /PID 1234 /F
Killing Processes Based on Session Name or Session Number
This is particularly useful in a terminal server environment.
taskkill /FI "SESSION eq 1" /F
Killing Processes Based on Status
For example, you might want to terminate all not responding processes.
taskkill /FI "STATUS eq NOT RESPONDING" /F
Killing Processes on Remote Machines
If you have the necessary permissions, taskkill also allows you to terminate processes on remote systems.
taskkill /S RemotePC1 /U username /P password /IM notepad.exe /FREM Kill all instances of Notepad on a remote computer named 'RemotePC1'
Killing Multiple Processes Simultaneously
You can specify multiple image names separated by space or comma to stop one or more processes found in the process objects:
taskkill /IM notepad.exe,calc.exe /F
PowerShell kill a process
PowerShell is a new scripting language from Microsoft that provides a noun-verb construct for entering commands that is very intuitive and powerful. It allows easy managing Windows environments and can easily be used for automation scripts that can automate repetitive tasks.
Aside from automation, it enables interacting with Windows, including managing running processes and much more. Using PowerShell’s verb-noun construct, we can take the process object and end the specified process using PowerShell’s object-oriented language.
Identifying Running Processes with PowerShell and Killing them
The first step in managing a process is process identification. With the get process command, one can easily list all running processes. The tasklist command can also be employed from the command prompt to achieve similar results.
Before you can kill a process, you often need to identify it. Open a PowerShell Window and type the “Get-Process” cmdlet.
# List all running processes
Get-Process
Filtering Processes by Name
You can filter by name if you’re interested in a specific process or a set of processes.
# List all instances of Notepad
Get-Process -Name notepad
Filtering Processes by Process ID (PID)
Each running process has a unique Process ID (PID). This allows for precise identification.
# List process with a specific PID (e.g., 1234)
Get-Process -Id 1234
PowerShell’s Stop Process Cmdlet
An alternative to the taskkill command is the stop process command in PowerShell. Combined with the where object cmdlet, this cmdlet lets users filter out processes by various criteria and then terminate them. You can kill it using its name once you’ve identified a rogue process.
# Kill all instances of Notepad
Stop-Process -Name notepad -Force
Killing a Process Using its PID
For a more targeted approach, especially if multiple instances of a process are running, use the PID.
# Kill process with PID 1234
Stop-Process -Id 1234 -Force
Advanced Filtering Using Where-Object Cmdlet
You might want to kill processes based on specific conditions. The Where-Object cmdlet is perfect for this.
# Kill all processes consuming more than 1GB of memory
Get-Process | Where-Object {$_.WS -gt 1GB} | Stop-Process -Force
Below, I queried first for 1GB and there were no processes taking that amount of memory. Next, I tried 512MB and again nothing. Then I lowered down to 100MB and you can see the processes returned.
Killing Processes on Remote Machines
Sometimes, processes may be running on remote servers or machines. With Windows Management Instrumentation capabilities, Windows PowerShell allows users to manage processes on their local computers and remote systems.
# Kill all instances of Notepad on a remote computer named 'RemotePC1'
Invoke-Command -ComputerName RemotePC1 -ScriptBlock { Stop-Process -Name notepad -Force }
Batch Termination of Processes
If you want to terminate multiple processes at the same time, you could use the following as an example:
# Kill all instances of Notepad and Calculator
Get-Process | Where-Object { $_.Name -in "notepad", "calc" } | Stop-Process -Force
The Force Switch and Risky Processes
While most processes can be halted gracefully, some may resist standard termination methods. You can use the force switch to end processes forcefully. However, be careful doing this, as it might lead to data loss or instability.
# Forcefully kill all instances of Notepad
Stop-Process -Name notepad -Force
FAQs on PowerShell Process Management
Can you use PowerShell for process management in complex Windows environments?
Absolutely.
PowerShell, especially with its deep integration into the Windows
Management Instrumentation (WMI), is tailor-made for managing processes
in intricate Windows environments. It’s capable of handling tasks in
large-scale infrastructure setups, managing remote servers, and even
scripting for automated administrative tasks.
What’s the main difference between using the Task Manager and PowerShell for process management?
While
both can terminate processes, Task Manager provides a graphical
interface mainly suited for manual interventions. On the other hand,
PowerShell offers a command-line shell and scripting language, allowing
for more complex operations, automation, and integration into other
administrative tasks.
How do the ‘taskkill command’ and ‘stop process cmdlet’ differ?
Both can terminate processes, but they come from different utilities. taskkill is a Command Prompt utility, whereas Stop-Process is a PowerShell cmdlet. The latter offers greater flexibility, especially when combined with other cmdlets or used in scripts.
Why might one need to use the force switch with the Stop-Process cmdlet?
Sometimes,
processes can resist normal attempts at termination. This could be due
to unsaved data prompting user confirmation or the process being
unresponsive. The force switch ensures that PowerShell terminates the process even in these scenarios.
Is there a way to use PowerShell to list all the processes on a remote computer?
Yes, you can use a combination of cmdlets to achieve this. For example:
Invoke-Command -ComputerName RemotePC1 -ScriptBlock { Get-Process }
This fetches all the processes running on the remote machine named ‘RemotePC1’.
How do I target a process by its image name using PowerShell?
The term “image name” is more common with the Command Prompt’s tasklist utility. In PowerShell, you’d typically use the process name. For instance, to target Notepad, you’d use:
Get-Process -Name notepad
Can I create scripts in PowerShell to automate killing risky processes?
Yes,
PowerShell’s scripting capabilities allow you to automate almost any
task, including monitoring and terminating processes deemed risky or
unnecessary. By combining cmdlets like Get-Process, Where-Object, and Stop-Process, you can craft scripts tailored to your needs.
Wrapping up
As we’ve seen, PowerShell provides an excellent set of tools for handling all types of processes, from a simple notepad process to more complex Windows processes. The command line and using PowerShell are the best ways to manage and stop processes at scale using automation.
As shown, you can even use PowerShell to kill a process remotely. The next time you have a hung process, use PowerShell instead of the Task Manager, and you will be surprised at the ease with which you can stop processes from the PowerShell terminal.
0 Comments