Managing processes on remote computers is a typical task for the IT Pro. We have a number of tools at our disposal, including Windows PowerShell. But I’m a big believer in the right tool for the job. Sometimes you need a quick way to manage processes on remote machines. For those situations, the legacy CMD.EXE prompt still has much to offer.
The first command to check out is TASKLIST.EXE. Open a CMD.EXE prompt and run:
C:\> tasklist /?
Figure 1 – Tasklist.exe Help
To connect to a remote computer, which is most likely, use the /S parameter followed by the computername. The utility will use your current credentials to authenticate but you can specify alternate credentials with the /U and /P passwords.
C:\> tasklist /s chi-fp01
Figure 2 – Tasklist for a remote computer
By default you get all processes, but you can do some basic filtering using the /FI parameter. After the parameter, specify a filtering expression using these operators and key words.
Filter Name Valid Operators Valid Value(s) ----------- --------------- -------------------------- STATUS eq, ne RUNNING | NOT RESPONDING | UNKNOWN IMAGENAME eq, ne Image name PID eq, ne, gt, lt, ge, le PID value SESSION eq, ne, gt, lt, ge, le Session number SESSIONNAME eq, ne Session name CPUTIME eq, ne, gt, lt, ge, le CPU time in the format of hh:mm:ss. MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB USERNAME eq, ne User name in [domain\]user format SERVICES eq, ne Service name WINDOWTITLE eq, ne Window title MODULES eq, ne DLL name
Therefore, if I wanted to find all processes using more than 50MB I might use an expression like this:
C:\> tasklist /fi "memusage gt 50000"
I can get even more detail using the /V parameter. If you do that, you might want to change the formatting. The default is a table but you can use /FO and specify List or CSV.
C:\> tasklist /fi "memusage gt 50000" /v /fo List
Figure 3 – Tasklist Filtering
The other feature I really like is the ability to discover what processes are running for differing services, especially all those svchost processes.
C:\> tasklist /s chi-fp01 /svc
Figure 4 – Tasklist Services
The other side to process management is killing processes. For that, we have a complementary TASKKILL.EXE command. This utility uses almost the same syntax as TASKLIST.EXE.
Figure 5 – Taskkill.exe
I can kill processes by ID, name or some other filter. For example, Notepad is running on a remote computer and I want to terminate the process. This is a simple command from my Windows 7 desktop.
C:\>taskkill /s chi-fp01 /im notepad.exe
Figure 6 – Killing a Remote Process
If there were multiple instances of Notepad open, all of them would be terminated. One thing to be careful of is that there is no WhatIf or Confirm like there is in PowerShell. However, because the syntax is so similar between the two commands you can first check for the processes.
C:\>tasklist /s chi-fp01 /fi "imagename eq notepad.exe"
If these are the processes you want to kill, press the Up arrow, move the cursor to the beginning of the line and change the command to taskkill.
C:\> taskkill /s chi-fp01 /fi "imagename eq notepad.exe"
Using these command lines tools doesn’t require any special skill and nothing extra has to be installed or configured. They should work in most domain environments and if you want to automate a little bit, they certainly lend themselves to batch file scripting.