February 5, 2011

Kill rogue processes with taskkill in Microsoft Windows

There are times, regardless of your operating system, when you will need to manually kill a rogue process. Most of the time, this can easily be done with the help of the Microsoft Windows 7 Task Manager. There are times, however, when that tool doesn’t seem to have the ability to kill a rogue process. I have seen this plenty of times when trying to kill an Acronis process that has gone astray. When this happens, I have to employ a more powerful tool, taskkill, which is used from the command line.



Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com


Note: In order to run the taskkill command, you will have to open the command window. To do this, click Start | Run and type cmd in the text field or just enter cmd in the Run dialog box (access Run dialog box by clicking Win+R) (Figure A).

Figure A
Open the command window.

Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic’s Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!

Using taskkill
The general syntax of the command looks like this:

taskkill [OPTIONS] [PID]

As you might expect, there are plenty of options available for this command. Some of the more helpful options are:

* /s COMPUTER — (Where COMPUTER is the IP or address of a remote computer). The default is the local computer, so if you’re working with a command on the local machine, you do not have to use this option.
* /u DOMAIN\USER — (Where DOMAIN is the domain and USER is the username you authenticate to). This option allows you run taskkill with the account permissions of the specified USERNAME or DOMAIN\USERNAME.
* /p — If you use the /u option, you will also need to include the /p option, which allows you to specify the user password.
* /fi — Allows you to run the taskkill command with filters.
* /f — Forces the command to be terminated.
* /IM — Allows you to use an application name instead of the PID (Process ID number) of the application.

One of the most useful options is the help switch (Figure B):

taskkill /?

Figure B
Use the help switch for the taskkill command.
Killing with application name
The simplest way to kill a rogue application with taskkill is using the /IM option. This is done like so:

taskkill /IM APPLICATION_NAME

Where APPLICATION_NAME is the name of the application you want to kill. Say, for example, Outlook is refusing to close. To close this with taskkill, you would execute the command:

taskkill /IM outlook.exe

Killing with PID
Let’s say you do not know the name of the application, but instead you know the PID of the application. To kill a process with a PID of, say, 572, you would issue the command:

taskkill /PID 572

Killing all processes owned by a particular user
What if you want to kill all processes owned by a single user? This can come in handy if something has gone awry with a user account or if the user has logged out, but some of the processes owned by that user will not go away. To manage this you would issue the taskkill command like so:

taskkill /F /FI “USERNAME eq username”

In this case, the username is the actual username that owns the processes. Note: The USERNAME option must be used in order to tell the taskkill command a username will be specified.

Killing processes on a remote machine
This one is very handy. Say something has locked up your desktop and you know exactly what application is the culprit. Let’s stick with our Outlook example from earlier. You can hop onto another machine and remotely kill that application like so:

taskkill /s IP_ADDRESS /u DOMAIN\USERNAME /IM Outlook.exe

Where IP_ADDRESS is the address of the remote machine (Note: The hostname can be substituted if the machines are able to see one another by hostname), DOMAIN is the domain (if applicable), and USERNAME is the username used to authenticate to the remote machine.

Final thoughts
The ability and power that comes with the taskkill command can be a very valuable tool that might save you from having to forcibly reboot a machine. Having a solid grasp of this tool, in conjunction with using the Windows Task Manager, will help to keep your Windows machines enjoying longer uptime and, should the occasion strike, the ability to manage a task when a virus, rootkit, or trojan has taken over your machine.

No comments:

Bookmark and Share