Register for Semperis' Hybrid Identity Protection (HIP) Conference - June 30 - July 1 Register for Semperis' Hybrid Identity Protection (HIP) Conference - June 30 - July 1
Windows Server

Command Line Task Management

Introduction

Managing processes on remote computers is a typical task for the IT Pro. We have a number of tools at our disposal, including Windows PowerShell. But I’m a big believer in the right tool for the job. Sometimes you need a quick way to manage processes on remote machines. For those situations, the legacy CMD.EXE prompt still has much to offer.

The first command to check out is TASKLIST.EXE. Open a CMD.EXE prompt and run:

C:\> tasklist /?

Tasklist.exe

Figure 1 – Tasklist.exe Help
To connect to a remote computer, which is most likely, use the /S parameter followed by the computername. The utility will use your current credentials to authenticate but you can specify alternate credentials with the /U and /P passwords.

C:\> tasklist /s chi-fp01

Tasklist for Remote Computer
Figure 2  – Tasklist for a remote computer

By default you get all processes, but you can do some basic filtering using the /FI parameter. After the parameter, specify a filtering expression using these operators and key words.

Filters:

Filter Name     Valid Operators           Valid Value(s)

-----------     ---------------           --------------------------

STATUS          eq, ne                    RUNNING |

NOT RESPONDING | UNKNOWN

IMAGENAME       eq, ne                    Image name

PID             eq, ne, gt, lt, ge, le    PID value

SESSION         eq, ne, gt, lt, ge, le    Session number

SESSIONNAME     eq, ne                    Session name

CPUTIME         eq, ne, gt, lt, ge, le    CPU time in the format

of hh:mm:ss.

MEMUSAGE        eq, ne, gt, lt, ge, le    Memory usage in KB

USERNAME        eq, ne                    User name in [domain\]user

format

SERVICES        eq, ne                    Service name

WINDOWTITLE     eq, ne                    Window title

MODULES         eq, ne                    DLL name

Therefore, if I wanted to find all processes using more than 50MB I might use an expression like this:

C:\> tasklist /fi "memusage gt 50000"

I can get even more detail using the /V parameter. If you do that, you might want to change the formatting. The default is a table but you can use /FO and specify List or CSV.

C:\> tasklist /fi "memusage gt 50000" /v /fo List

Task List Filtering

Figure 3 – Tasklist Filtering
The other feature I really like is the ability to discover what processes are running for differing services, especially all those svchost processes.

C:\> tasklist /s chi-fp01 /svc

Task List Services

Figure 4 – Tasklist Services
The other side to process management is killing processes. For that, we have a complementary TASKKILL.EXE command. This utility uses almost the same syntax as TASKLIST.EXE.TaskKill - Terminate Tasks via Command Line

Figure 5 – Taskkill.exe
I can kill processes by ID, name or some other filter. For example, Notepad is running on a remote computer and I want to terminate the process. This is a simple command from my Windows 7 desktop.

C:\>taskkill /s chi-fp01 /im notepad.exe

Killing a Remote Process via Command Line

Figure 6 – Killing a Remote Process

If there were multiple instances of Notepad open, all of them would be terminated. One thing to be careful of is that there is no WhatIf or Confirm like there is in PowerShell. However, because the syntax is so similar between the two commands you can first check for the processes.

C:\>tasklist /s chi-fp01 /fi "imagename eq notepad.exe"

If these are the processes you want to kill, press the Up arrow, move the cursor to the beginning of the line and change the command to taskkill.

C:\> taskkill /s chi-fp01 /fi "imagename eq notepad.exe"

Conclusion

Using these command lines tools doesn’t require any special skill and nothing extra has to be installed or configured. They should work in most domain environments and if you want to automate a little bit, they certainly lend themselves to batch file scripting.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Register for the Hybrid Identity Protection (HIP) Europe Conference!

Hybrid Identity Protection (HIP) Europe 2021 - Virtual Conference

Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. And with radical transformation come new business risks. Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric practitioners. At the inaugural HIP Europe, join your local IAM experts and Microsoft MVPs to learn all the latest from the Hybrid Identity world.