Cain Manor

Your Guide To All Things Cain™

How to view and kill processes on Remote Windows Computers

September 5, 2007 by Greg Cain

Win­dows pro­vides sev­eral meth­ods to view processes remotely on another com­puter. Ter­mi­nal Server is one way or you can use the com­mand line util­ity pslist from Microsoft Sys­in­ter­nals site. While both options are good alter­na­tives, Win­dows XP and Vista pro­vides a built in util­ity for view­ing and killing process on remote Com­put­ers using Tasklist and Taskkill commands.

Both tasklist.exe and taskkill,exe can be found in %SYSTEMROOT%\System32 (typ­i­cally C:\Windows\System32) directory.

To view processes on a remote Com­puter in your home, you will need to know the user­name and pass­word on the Com­puter you want to view the processes. Once you have the user account infor­ma­tion, the syn­tax for using tasklist follows:

tasklist.exe /S SYSTEM /U USERNAME /P PASSWORD

(To view all tasklist options, type tasklist /? at the com­mand prompt)

To exe­cute, click on Start \ Run… and in the run win­dow type cmd to open a com­mand prompt. Then type the tasklist com­mand, sub­sti­tut­ing SYSTEM for the remote com­puter you want to view processes, USERNAME and PASSWORD with an account/password on the remote Computer.

(NOTE: if you are in a Domain envi­ron­ment and have Admin­is­tra­tor rights to the remote Com­puter, you will may not need to spec­ify a User­name and Password)

Now if there was a process that needed to be killed, you can use the taskill com­mand. As with tasklist, you will also need the User­name and Pas­soword on the remote Com­puter. The syn­tax for using taskkill is

taskkill.exe/S SYSTEM /U USERNAME /P PASSWORD /IM PROCESS

(To view all taskkill options, type tasklll /? at the com­mand prompt)

Where SYSTEM, USERNAME, PASSWORD is the same as above for the tasklist com­mand, and IM is the process image name you want to kill. In the above screen shot we will kill firefox.exe by typ­ing the fol­low­ing at the com­mand prompt:

taskkill.exe /S wtn1 /U joe /P ddd1234 /IM firefox.exe
SUCCESS: The process “firefox.exe” with PID 196 has been terminated

You can also kill a process using the PID (Process ID) of the process. In the above exam­ple the PID for firefox.exe is 196:

taskkill.exe /S wtn1 /U joe /P ddd1234 /PID 196

If the process does not ter­mi­nate, you can use /F to force­fully ter­mi­nate the process.

taskkill.exe /S wtn1 /U joe /P ddd1234 /PID 196 /F

Comments are closed.