Thursday, 5 July 2012

How to kill a rogue process with taskkill in windows

How to kill a rogue process with taskkill in windows

There are times, regardless of your operating system, when you will need to manually kill a rogue process. Most
of the time, this can easily be done with the help of the Microsoft Windows 7 Task Manager. There are times,
however, when that tool doesn't seem to have the ability to kill a rogue process. I have seen this plenty of times
when trying to kill an Acronis process that has gone astray. When this happens, I have to employ a more powerful
tool, taskkill, which is used from the command line.
Note: In order to run the taskkill command you will have to have the command window open. To do this click Start
| Run and type cmd in the text field or just enter cmd in the Run Dialog (access Run Dialog by clicking Win+R).

Using taskkill


The general syntax of the command looks like this:
taskkill [OPTIONS] [PID]
As you might expect, there are plenty of options available for this command. Some of the more helpful options
are:
/s COMPUTER - (Where COMPUTER is the IP or address of a remote computer). The default is the local
computer, so if working with a command on the local machine you do not have to use this option.
/u DOMAIN\USER - (Where DOMAIN is the domain and USER is the username you authenticate to).
This option allows you run taskkill with the account permissions of the specified USERNAME or
DOMAIN\USERNAME.
/p - If you use the /u option, you will also need to include the /p option which allows you to specify the
user password.
/fi - Allows you to run the taskkill command with filters.
/f - Forces the command to be terminated.
/IM - Allows you to use a application name instead of the PID (Process ID number) of the application.
One of the most useful options is the help switch :
taskkill /?


Killing with application name
 

The simplest way to kill a rogue application with taskkill is using the /IM option. This is done like so:
taskkill /IM APPLICATION_NAME
Where APPLICATION_NAME is the name of the application you want to kill. Say, for example, Outlook is refusing
to close. To close this with taskkill you would execute the command:
taskkill /IM outlook.exe
 

Killing with PID
 

Let's say you do not know the name of the application, but instead you know the PID of the application. To kill a
process with a PID of, say, 572, you would issue the command:
taskkill /PID 572


Killing all processes owned by a particular user
 

What if you want to kill all processes owned by a single user? This can come in handy if something has gone
awry with a user account, the user has logged out, but some of the processes owned by that user will not go
away. To manage this you would issue the taskkill command like so:
taskkill /F /FI "USERNAME eq username"
In this case, the username is the actual username that owns the processes. Note: The USERNAME option must
be used in order to tell the taskkill command a username will be specified.
 

Killing processes on a remote machine
 

This one is very handy. Say something has locked up your desktop and you know exactly what application is the
culprit. Let's stick with our Outlook example from earlier. You can hop onto another machine and remotely kill that
application like so:
taskkill /s IP_ADDRESS /u DOMAIN\USERNAME /IM Outlook.exe
Where IP_ADDRESS is the Address of the remote machine (Note: The hostname can be substituted if the
machines are able to see one another by hostname), DOMAIN is the domain (if applicable), and USERNAME is
the username used to authenticate to the remote machine.
 

Final thoughts
 

The ability and power that comes with the taskkill command can be a very valuable tool that might save you from
having to forcibly reboot a machine. Having a solid grasp of this tool, in conjunction with using the Windows Task
Manager, will help to keep your Windows machines enjoying longer uptime and, should the occasion strike, the
ability to manage a task when a virus, rootkit, or trojan has taken over your machine.

No comments:

Post a Comment