Pular para o conteúdo principal

Quick Tip: Kill rogue processes with taskkill in Microsoft Windows

Quick Tip: Kill rogue processes with taskkill in Microsoft Windows: "

There are times, regardless of your operating system, when you will need to manually kill a rogue process. Most of the time, this can easily be done with the help of the Microsoft Windows 7 Task Manager. There are times, however, when that tool doesn’t seem to have the ability to kill a rogue process. I have seen this plenty of times when trying to kill an Acronis process that has gone astray. When this happens, I have to employ a more powerful tool, taskkill, which is used from the command line.


This blog post is also available in the PDF format in a TechRepublic Download.


Note: In order to run the taskkill command you will have to have the command window open. To do this click Start | Run and type cmd in the text field or just enter cmd in the Run Dialog (access Run Dialog by clicking Win+R). (Figure A)


Figure A



Start the command window

Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic’s Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!


Using taskkill


The general syntax of the command looks like this:


taskkill [OPTIONS] [PID]


As you might expect, there are plenty of options available for this command. Some of the more helpful options are:



  • /s COMPUTER - (Where COMPUTER is the IP or address of a remote computer). The default is the local computer, so if working with a command on the local machine you do not have to use this option.

  • /u DOMAIN\USER - (Where DOMAIN is the domain and USER is the username you authenticate to). This option allows you run taskkill with the account permissions of the specified USERNAME or DOMAIN\USERNAME.

  • /p - If you use the /u option, you will also need to include the /p option which allows you to specify the user password.

  • /fi - Allows you to run the taskkill command with filters.

  • /f - Forces the command to be terminated.

  • /IM - Allows you to use a application name instead of the PID (Process ID number) of the application.


One of the most useful options is the help switch (Figure B):


taskkill /?


Figure B



Help for the taskkill command

Killing with application name


The simplest way to kill a rogue application with taskkill is using the /IM option. This is done like so:


taskkill /IM APPLICATION_NAME


Where APPLICATION_NAME is the name of the application you want to kill. Say, for example, Outlook is refusing to close. To close this with taskkill you would execute the command:


taskkill /IM outlook.exe


Killing with PID


Let’s say you do not know the name of the application, but instead you know the PID of the application. To kill a process with a PID of, say, 572, you would issue the command:


taskkill /PID 572


Killing all processes owned by a particular user


What if you want to kill all processes owned by a single user? This can come in handy if something has gone awry with a user account, the user has logged out, but some of the processes owned by that user will not go away. To manage this you would issue the taskkill command like so:


taskkill /F /FI “USERNAME eq username”


In this case, the username is the actual username that owns the processes. Note: The USERNAME option must be used in order to tell the taskkill command a username will be specified.


Killing processes on a remote machine


This one is very handy. Say something has locked up your desktop and you know exactly what application is the culprit. Let’s stick with our Outlook example from earlier. You can hop onto another machine and remotely kill that application like so:


taskkill /s IP_ADDRESS /u DOMAIN\USERNAME /IM Outlook.exe


Where IP_ADDRESS is the Address of the remote machine (Note: The hostname can be substituted if the machines are able to see one another by hostname), DOMAIN is the domain (if applicable), and USERNAME is the username used to authenticate to the remote machine.


Final thoughts


The ability and power that comes with the taskkill command can be a very valuable tool that might save you from having to forcibly reboot a machine. Having a solid grasp of this tool, in conjunction with using the Windows Task Manager, will help to keep your Windows machines enjoying longer uptime and, should the occasion strike, the ability to manage a task when a virus, rootkit, or trojan has taken over your machine.





"

Comentários

Postar um comentário

Postagens mais visitadas deste blog

Improve Windows Security By Closing Open Ports

Improve Windows Security By Closing Open Ports : " A standard Windows operating system has a number of ports open after installation. Some of these ports are needed for the system to function properly while others might not. These ports can pose a security risk as every open port on a system might be an entry point for a malicious user. A port basically allows communication to or from the device. Characteristics are a port number, an IP address and a protocol type. This article will give you the tools at hand to identify and evaluate the open ports on your Windows system to make a decision in the end whether they can or should be closed or left open. Software programs and tools that we will use: CurrPorts : Available for 32-bit and 64-bit editions of Windows. It is a port monitor that displays all open ports on a computer system. We will use it to identify the ports and the programs that are using them. Windows Task Manager: Also used to identify the programs and link some p
Postar um comentário
Leia mais

Diagnosing a Blue Screen of Death Error in Windows

Diagnosing a Blue Screen of Death Error in Windows : For many years now the famous Blue Screen of Death (BSoD) has been the ultimate indication that something disastrous has happened to make your computer die, but how useful is the information in the BSoD and the respective crash dump file that Windows produces? The best article I ever found explaining the BSoD in depth is here on the Microsoft website, however it’s quite technical and doesn’t discuss how to actually troubleshoot a problem. The crash dump file is just technical details of what was being held in the computer’s memory at the time of the crash, and this will include details on every driver and service that was loaded, and every piece of software that was running. The most useful pieces of information are to be found on the BSoD itself and are highlighted on the screenshot below. These are the BSoD error name, the stop error code and the name of the driver or service that has failed (this last one might not always appea
Postar um comentário
Leia mais

Use BGInfo to Build a Database of System Information of Your Network Computers

Use BGInfo to Build a Database of System Information of Your Network Computers : " One of the more popular tools of the Sysinternals suite among system administrators is BGInfo which tacks real-time system information to your desktop wallpaper when you first login. For obvious reasons, having information such as system memory, available hard drive space and system up time (among others) right in front of you is very convenient when you are managing several systems. A little known feature about this handy utility is the ability to have system information automatically saved to a SQL database or some other data file. With a few minutes of setup work you can easily configure BGInfo to record system information of all your network computers in a centralized storage location. You can then use this data to monitor or report on these systems however you see fit. BGInfo Setup If you are familiar with BGInfo, you can skip this section. However, if you have never used this tool, it takes ju
Postar um comentário
Leia mais