Command Line Task Management

Introduction

Managing processes on remote computers is a typical task for the IT Pro. We have a number of tools at our disposal, including Windows PowerShell. But I’m a big believer in the right tool for the job. Sometimes you need a quick way to manage processes on remote machines. For those situations, the legacy CMD.EXE prompt still has much to offer.

The first command to check out is TASKLIST.EXE. Open a CMD.EXE prompt and run:

​C:\> tasklist /?

Figure 1 – Tasklist.exe Help
To connect to a remote computer, which is most likely, use the /S parameter followed by the computername. The utility will use your current credentials to authenticate but you can specify alternate credentials with the /U and /P passwords.

​C:\> tasklist /s chi-fp01

Figure 2  – Tasklist for a remote computer
By default you get all processes, but you can do some basic filtering using the /FI parameter. After the parameter, specify a filtering expression using these operators and key words.
Filters:

​Filter Name     Valid Operators           Valid Value(s)
-----------     ---------------           --------------------------
STATUS          eq, ne                    RUNNING |
NOT RESPONDING | UNKNOWN
IMAGENAME       eq, ne                    Image name
PID             eq, ne, gt, lt, ge, le    PID value
SESSION         eq, ne, gt, lt, ge, le    Session number
SESSIONNAME     eq, ne                    Session name
CPUTIME         eq, ne, gt, lt, ge, le    CPU time in the format
of hh:mm:ss.
MEMUSAGE        eq, ne, gt, lt, ge, le    Memory usage in KB
USERNAME        eq, ne                    User name in [domain\]user
format
SERVICES        eq, ne                    Service name
WINDOWTITLE     eq, ne                    Window title
MODULES         eq, ne                    DLL name

Therefore, if I wanted to find all processes using more than 50MB I might use an expression like this:

​C:\> tasklist /fi "memusage gt 50000"

I can get even more detail using the /V parameter. If you do that, you might want to change the formatting. The default is a table but you can use /FO and specify List or CSV.

​C:\> tasklist /fi "memusage gt 50000" /v /fo List

Figure 3 – Tasklist Filtering
The other feature I really like is the ability to discover what processes are running for differing services, especially all those svchost processes.
C:\> tasklist /s chi-fp01 /svc

Figure 4 – Tasklist Services
The other side to process management is killing processes. For that, we have a complementary TASKKILL.EXE command. This utility uses almost the same syntax as TASKLIST.EXE.
Figure 5 – Taskkill.exe
I can kill processes by ID, name or some other filter. For example, Notepad is running on a remote computer and I want to terminate the process. This is a simple command from my Windows 7 desktop.
C:\>taskkill /s chi-fp01 /im notepad.exe

Figure 6 – Killing a Remote Process

If there were multiple instances of Notepad open, all of them would be terminated. One thing to be careful of is that there is no WhatIf or Confirm like there is in PowerShell. However, because the syntax is so similar between the two commands you can first check for the processes.

​C:\>tasklist /s chi-fp01 /fi "imagename eq notepad.exe"

If these are the processes you want to kill, press the Up arrow, move the cursor to the beginning of the line and change the command to taskkill.

​C:\> taskkill /s chi-fp01 /fi "imagename eq notepad.exe"

Conclusion

Using these command lines tools doesn’t require any special skill and nothing extra has to be installed or configured. They should work in most domain environments and if you want to automate a little bit, they certainly lend themselves to batch file scripting.