7 Ways to Manage Windows Processes Remotely

Manage Windows Processes RemotelyA while back we talked about ways you can manage Windows services remotely. Today, we’ll show you seven ways you can “manage” Windows processes remotely in general. By manage we mean start, query, and kill a remote Windows process. Keep in mind pretty much all of these tools and techniques here assume you have appropriate permissions on the remote computer.

Starting processes remotely

1. PsExec, PowerShell, and WMI

We’ve already touched on ways you can start processes remotely using tools like PsExec, but with a little bit of scripting effort, you can also use tools like PowerShell’s Invoke-Command cmdlet or even a WMI query.

Query processes remotely

Without interactively connecting to a remote Windows computer you can easily query its current list of processes with a variety of tools.

2. tasklist

Since Windows XP there is a built-in command line utility named “tasklist“. By running the command “tasklist /s hostname” where “hostname” is the remote computer you want to query, it will return a list of processes on the remote machine and some basic details about each process (PID, session number, memory usage, etc.).

The tasklist command also allows you to specify different credentials on the command line if you need to authenticate to the remote computer with a different username and password. Just remember if you specify the password on the command line it will be visible to other administrators on the local computer who look at the local computer’s process list details.

tasklist

In a command prompt run “tasklist /?” for more information about its usage.

3. PsList

Once again, if you’ve followed our articles for awhile, you know we’re big fans of the SysInternals PsTools suite. The PsList utility is another part of the PsTools suite. PsList is very similar to tasklist, but it gives you much more detailed information on threads (counts, states, context switches, etc.), CPU usage (user time, kernel time, etc.), and memory usage (private byes, working set, virtual memory, page faults, etc.).

PsList can also target a specific PID or process name (or name pattern). And one of my favorite features of PsList is the -t option to show you the process tree structure.

Much like the tasklist command, PsList also allows you to specify different credentials on the command line if you need to authenticate to the remote computer with a different username and password. Again, remember if you specify the password on the command line it will be visible to other administrators on the local computer who look at the local computer’s process list details.

pslist

After downloading PsList, in a command prompt run “pslist -?” for more information about its usage.

4. Scripting

And of course, if you want to go the scripting route, you can use things like PowerShell’s Get-Process cmdlet or again, even WMI queries to get details about remote Windows processes.

Killing processes remotely

Just like how you don’t need an interactive login to a remote Windows computer to get running process details, you don’t need an interactive login to terminate Windows processes on a remote computer either.

You obviously want to be very careful with these remote kill commands as you can pretty easily knock out an important service or process on the remote machine. Proceed with caution.

5. taskkill

The taskkill command is very similar to the tasklist command. You can specify a process name to kill by running a command like “taskkill /s hostname /IM notepad.exe” or one ore more PIDs with “taskkill /s hostname /PID 1234 /PID 5678”, where hostname is the name of the remote computer. The taskkill command also has a /t option to terminate an entire process tree (i.e. kill the process and any child processes it spawned).

Just like the tasklist command, taskkill also allows you to specify different credentials on the command line if you need to authenticate to the remote computer with a different username and password. Again, remember if you specify the password on the command line it will be visible to other administrators on the local computer who look at the local computer’s process list details.

In a command prompt run “taskkill /?” for more information about its usage.

6. PsKill

Just like how tasklist has the sister command taskkill, PsList has a sister command in PsKill. PsKill is also part of the SysInternals PsTools suite. PsKill is nearly identical to taskkill in that it will let you specify a process name or PID to kill, it has a -t option to terminate an entire process tree, and it allows you to specify different credentials on the command line. And just to drive it home… once again, remember if you specify the password on the command line it will be visible to other administrators on the local computer who look at the local computer’s process list details.

After downloading PsKill, in a command prompt run “pskill -?” for more information about its usage.

7. Scripting

Unfortunately PowerShell’s Stop-Process cmdlet doesn’t take a “-ComputerName” argument for remote execution, however you can workaround this by combining Stop-Process with Invoke-Command to remotely execute the cmdlet like:

Invoke-Command -ComputerName hostname {Stop-Process -name "notepad"}

And of course, good ol’ WMI provides a way for you to terminate a remote Windows process as well.

So as you can see, there are many tools and techniques – most built-in to Windows – that allow you to manage Windows processes remotely. Have fun with your processes!

 
Comments

and how do I *Start* a process on a remote computer? invoke-command doesn’t leave the processes running when it finishes.

Leave a Reply