Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Windows Server

Command Line Task Management

Introduction

Managing processes on remote computers is a typical task for the IT Pro. We have a number of tools at our disposal, including Windows PowerShell. But I’m a big believer in the right tool for the job. Sometimes you need a quick way to manage processes on remote machines. For those situations, the legacy CMD.EXE prompt still has much to offer.

The first command to check out is TASKLIST.EXE. Open a CMD.EXE prompt and run:

​C:\> tasklist /?

Tasklist.exe

Figure 1 – Tasklist.exe Help
To connect to a remote computer, which is most likely, use the /S parameter followed by the computername. The utility will use your current credentials to authenticate but you can specify alternate credentials with the /U and /P passwords.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

​C:\> tasklist /s chi-fp01

Tasklist for Remote Computer
Figure 2  – Tasklist for a remote computer

By default you get all processes, but you can do some basic filtering using the /FI parameter. After the parameter, specify a filtering expression using these operators and key words.

Filters:

​Filter Name     Valid Operators           Valid Value(s)

-----------     ---------------           --------------------------

STATUS          eq, ne                    RUNNING |

NOT RESPONDING | UNKNOWN

IMAGENAME       eq, ne                    Image name

PID             eq, ne, gt, lt, ge, le    PID value

SESSION         eq, ne, gt, lt, ge, le    Session number

SESSIONNAME     eq, ne                    Session name

CPUTIME         eq, ne, gt, lt, ge, le    CPU time in the format

of hh:mm:ss.

MEMUSAGE        eq, ne, gt, lt, ge, le    Memory usage in KB

USERNAME        eq, ne                    User name in [domain\]user

format

SERVICES        eq, ne                    Service name

WINDOWTITLE     eq, ne                    Window title

MODULES         eq, ne                    DLL name

Therefore, if I wanted to find all processes using more than 50MB I might use an expression like this:

​C:\> tasklist /fi "memusage gt 50000"

I can get even more detail using the /V parameter. If you do that, you might want to change the formatting. The default is a table but you can use /FO and specify List or CSV.

​C:\> tasklist /fi "memusage gt 50000" /v /fo List

Task List Filtering

Figure 3 – Tasklist Filtering
The other feature I really like is the ability to discover what processes are running for differing services, especially all those svchost processes.

C:\> tasklist /s chi-fp01 /svc

Task List Services

Figure 4 – Tasklist Services
The other side to process management is killing processes. For that, we have a complementary TASKKILL.EXE command. This utility uses almost the same syntax as TASKLIST.EXE.TaskKill - Terminate Tasks via Command Line

Figure 5 – Taskkill.exe
I can kill processes by ID, name or some other filter. For example, Notepad is running on a remote computer and I want to terminate the process. This is a simple command from my Windows 7 desktop.

C:\>taskkill /s chi-fp01 /im notepad.exe

Killing a Remote Process via Command Line

Figure 6 – Killing a Remote Process

If there were multiple instances of Notepad open, all of them would be terminated. One thing to be careful of is that there is no WhatIf or Confirm like there is in PowerShell. However, because the syntax is so similar between the two commands you can first check for the processes.

​C:\>tasklist /s chi-fp01 /fi "imagename eq notepad.exe"

If these are the processes you want to kill, press the Up arrow, move the cursor to the beginning of the line and change the command to taskkill.

​C:\> taskkill /s chi-fp01 /fi "imagename eq notepad.exe"

Conclusion

Using these command lines tools doesn’t require any special skill and nothing extra has to be installed or configured. They should work in most domain environments and if you want to automate a little bit, they certainly lend themselves to batch file scripting.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: