In this video we will look at the command Taskkill, which allows you to terminate certain processes from the command line in the Windows operating system. But first, as always, let’s look at why this might be needed at all.
On regular workstations, this command is not particularly in demand, since you can end the process through the task manager. Although, this does not always work out and in this situation the Taskkill command is useful, but this is rather an exception to the rule.
This command is mainly used by system administrators and I personally encountered the following situations:
1) Updating programs on the terminal server - when administering a terminal server, a large number of people can run the same application. But, in most cases, when updating a program, you must first close it, i.e. complete its process. If there are not many clients, then you can use the task manager, but if there are about 100 of them, then this is already problematic. And the Taskkill command allows you to kill all processes for a specific application.
2) Automatic restart of the program - as you know, not all programs work perfectly and sometimes they freeze. And if this program must work 24 hours a day and 7 days a week, then you have to periodically check its performance.
Personally, I came across the following situation: there is an online store into which product data is uploaded from 1C. But the handler is written somehow crookedly, as a result of which the exchange freezes once a day, or even every 2-3 hours. Therefore, it became necessary to forcefully restart the handler every hour, regardless of whether the program froze or not.
And so, let's move on to practice.
Let's launch the Google Chrome browser and try to end its process ( Start\Accessories\Run\cmd \ taskkill /? - to see the command syntax)
/s COMPUTER, where COMPUTER is the IP or address of the remote computer. By default, the operation is performed on the local system. If this is what you are interested in, you don’t have to use this option.
/u DOMAIN\USER, where DOMAIN is the domain name and USER is the name of the user for whom you want to run the command. This option allows you to run taskkill with the rights of a specific account or domain.
/p- must be used in combination with the /u option to specify the password for the user account.
/fi- allows you to execute the taskkill command with certain filters.
/f- forcefully terminates the execution of the command.
/IM- allows you to use the application name instead of the process ID.
/T- completion of the process tree.
Now we need to find out the name of the application that uses this process. This can be done through the task manager ( Ctrl+ Alt+ Del\Run Task Manager\Processes\chrome. exe).
If you do not have the ability to launch the task manager, let’s say you connected to the computer remotely via the command line, then you can use the command tasklist, it also displays all processes.
Taskkill / f / im chrome. exe– force quit the application named chrome.exe
Chrome has completed its work, but the errors "The process could not be terminated, no instances of the job are running" appeared. This message appears because these processes were connected and when the main one terminated, the others automatically terminated.
Now let's launch Chrome under different users to simulate the operation of a terminal server; to do this, let's launch under a regular user and under an XP user ( Chrome \ Shift\ RMB \ Run as another user \ OK). Now we see that the same application is running under different users, let’s repeat the command Taskkill / f / im chrome. exe to check if the process will complete for all users.
Now let's try to automatically restart the application, the task scheduler will help us with this ( Start \ All Programs \ Accessories \ System Tools \ Task Scheduler \ Scheduler Library \ RMB \ Create Folder \ RestartChrome– depending on your goal)
Create a launch task ( Create a new task\Run\Run with highest rights\Trigger: scheduled, daily, starting at 11:00, repeat every hour indefinitely, enabled\Actions: launch the program,chrome\ OK)
Let's create a task to terminate the process (Create a new task \ Terminate \ Run with highest rights \ Trigger: scheduled, daily, starting at 10:59:50, repeat every hour indefinitely, enabled \ Actions: launch the program, Taskkill, additional arguments: /f / im chrome. exe\ OK)
Now let's launch Chrome and set the clock to a closer time to see how Chrome shuts down and then starts again.
However, sometimes you need to ban only a process running under a specific user. This is exactly the situation I had with the 1C processor, which uploaded product data to the site.
The fact is that you can restart a frozen 1C every hour, but if you terminate all 1C processes, then all remote users will be logged out of it, and this cannot be allowed. Therefore, you need to terminate the process running under a specific account.
To do this, add the following line to the additional arguments / fi “ username eq station-4-7” This command filters by user name and ends the process only of the one whose name matches the one specified in the filter.
Let's launch Chrome under a different user and see if the filter works.
You're probably familiar with the traditional way to end a process in Windows using the Task Manager. This method is effective, but the command line method gives you more control and the ability to kill multiple processes at once.
The command gives us the ability to terminate a process from the command line TaskKill. You can kill a process from the command line by its identifier (PID) or by image name (exe file name). Launch the console as administrator and enter the command tasklist to view all running processes.
C:\tasklist Image name PID Session name Session number Memory ======================== ======== ===== =========== =========== ============ System Idle Process 0 Services 0 24 KB System 4 Services 0 1 256 KB conhost .exe 5944 Console 2 2 888 KB notepad.exe 3100 Console 2 7 400 KB tasklist.exe 8892 Console 2 6 100 KB WmiPrvSE.exe 7340 Services 0 6 864 KB smss.exe 372 Services 0 544 KB csrss.exe 536 Services 0 3 336 KB wininit.exe 812 Services 0 436 KB
In the above example, you can see the image name and PID for each process. If you want to kill the Notepad process? then you need to enter:
taskkill /IM notepad.exe /F
Flag /F– needed to forcefully terminate the process. If you do not use it, then in some cases nothing will happen, the application will continue to work. As an example, attempting to terminate the explorer.exe process without this flag will lead to nothing.
If you have multiple instances of applications, such as chrome, then running the command taskkill /IM. chrome.exe will terminate them all. By specifying a PID, only specific Chrome processes can be terminated.
IN taskkill There are filtering options that allow you to use the following variables and operators:
Variables
- STATUS (status)
- IMAGENAME (image name)
- PID (value)
- SESSION (session number)
- CPUTIME (CPU time)
- MEMUSAGE (memory usage in kB)
- USERNAME (username)
- MODULES (DLL name)
- SERVICES (service name)
- WINDOWTITLE (window title)
Operators
- eq (equal)
- ne (not equal)
- gt (more than)
- lt (less than)
- ge (greater than or equal to)
- le (less than or equal)
- * (any characters)
You can use variables and operators with the /FI flag.
For example, let’s say you want to end all processes whose window title begins with “Internet”, then the command will be as follows:
taskkill /FI “WINDOWTITLE eq Internet*” /F
To terminate all processes running as Marina:
taskkill /FI “USERNAME eq Marina” /F
In the same way, you can terminate a process running on another computer from the command line. For example, the computer name is OperatorPC, you must enter:
taskkill /S OperatorPC /U User_name_on_remote_machine/P Password_from_remote_machine/IM notepad.exe /F
You can always get detailed information by running taskkill with key /?
End a process from the command line
Taskkill Team Terminates one or more jobs or processes in the Windows operating system. I'll tell you from my experience - this is a very useful Cmd command! Processes can be killed by process code or image name. Personally, I use the command to terminate the process tree on servers - one command can terminate 100 frozen processes, this is very convenient.
Tip - to view the current processes of the system (find out the pid of processes) on the command line, use the TASKLIST command.
TASKKILL Command Syntax and Options
taskkill ]] |
- /s computer - Specifies the name or IP address of the remote computer (do not use a backslash). The default is local computer.
- /u domain\user - Execute the command with the permissions of the user account specified as user or domain\user. By default, the permissions of the currently logged on user on the computer from which the command is issued are used.
- /p password - Specifies the password for the user account specified by the /u parameter.
- /fi filter_name - Apply a filter to select a set of tasks.
- /pid process_code - Indicates the process code that needs to be terminated.
- /im image_name - Specifies the name of the process image to terminate. Use the wildcard (*) to specify all image names.
- /f - Indicates that the process(es) should be forced to terminate. This option has no effect on remote processes; all remote processes are terminated forcefully.
- /t - Specifies the termination of all child processes along with the parent, this action is usually known as killing the tree.
- /? - Displays help on the command line.
Examples of the TASKKILL command
- taskkill /s comp1 /f /im notepad.exe
- taskkill /s comp1 /u teplosnab\ivanov /p p@ssW23 /im *
- taskkill /s comp1/u teplosnab\ivanov/fi "USERNAME ne NT*" /im *
- taskkill /f /fi "PID ge 1000" /im *
- taskkill /pid 1230 /pid 1241 /pid 1253
- taskkill /f /fi "USERNAME eq NT AUTHORITY\SYSTEM" /im notepad.exe
How to terminate a Windows service process stuck in stopping status? I think most Windows administrators have encountered situations where, when trying to stop (restart) a service from the graphical interface of the service management console (Services.msc), the service freezes and hangs in status Stopping. After this, you cannot stop the service in the console, because Service action buttons become unavailable. The easiest way is to reboot the server, but this is not always possible. Let's consider an alternative method that allows forcefully terminate a frozen service or process without the need for a reboot.
If within 30 seconds after trying to stop the service, it does not stop, Windows displays the following message:
The xxxxxxx Windows service on the local computer could not be stopped.
Error 1053: The service did not respond to the request in a timely manner.
Windows Could not stop the xxxxxx service on Local Computer
Error 1053: The service did not respond in a timely fashion.
When you try to stop such a service with the command: net stop wuauserv, a message appears:
The service is starting or stopping. Please try again letter.
Terminating a stuck service with TaskKill
The easiest way to terminate a frozen service is to use the utility taskkill. First of all, you need to determine PID(process ID) of our service. As an example, let's take the Windows Update service, its system name is wuauserv(the name can be viewed in the service properties in the services.msc console).
Quite often this problem happens, especially after installing updates on Windows Server 2012 R2 / 2008 R2.
Important. Be careful. Forcing a critical Windows service process to retire may result in a BSOD or system reboot.
On the command line with administrator rights (this is important, otherwise there will be an access denied error):
sc queryex wuauserv
In this case, the process PID is 816.
To force terminate a hung process with PID 816:
taskkill /PID 816 /F
SUCCESS: The process with PID 816 has been terminated.
This command will forcefully terminate the service process. Later, you can return to the service management console and manually start the service (or completely, if it is not needed).
Headshotting a frozen service can be done more elegantly without manually determining the process PID. The taskkill utility has a /FI parameter that allows you to use a filter to select the necessary services or processes. You can stop a specific service with the command:
TASKKILL /F /FI “SERVICES eq wuauserv”
Or you can not specify the name of the service at all, ending all services in a frozen state using the command:
taskkill /F /FI “status eq not responding”
After this, the service stuck in the Stopping status should stop.
Force termination of a frozen service from PowerShell
You can also use PowerShell to force stop the service. You can use the following command to get a list of services that are in the Stopping state:
Get-WmiObject -Class win32_service | Where-Object ($_.state -eq "stop pending")
The cmdlet will help end the process for all found services Stop-Process. By combining both operations into a loop, we get a script that automatically terminates all processes of suspended services in the system:
$Services = Get-WmiObject -Class win32_service -Filter "state = "stop pending""
if ($Services) (
foreach ($service in $Services) (
try (
Stop-Process -Id $service.processid -Force -PassThru -ErrorAction Stop
}
catch (
Write-Warning -Message "Error. Error details: $_.Exception.Message"
}
}
}
else(
Write-Output "No services with "Stopping".status"
}
Analyzing hung processes using Resmon
You can determine the process that is causing the service to hang using the resmon resource monitor.
Process Explorer: Terminating a hung process from under SYSTEM
Some processes launched under SYSTEM cannot be terminated even by the local server administrator. The fact is that he simply may not have rights to some processes or services. To terminate such a process(es), you need to grant the local Administrators group rights to the service(s) and then terminate them. To do this, we need two utilities: psexec.exe and ProcessExplorer (available on the Microsoft website).
Hello everyone. Does it ever happen to you that you need to end some process, but you just can’t do it through the task manager? Is this a familiar situation? Well, today we will deal with this matter!
But in what cases can such a situation arise? You know, I think that this kind of thing happens rarely with ordinary programs, but with all sorts of not very necessary programs it happens often. All these programs that are installed, so to speak, on your computer without your knowledge, all these programs do everything to make them difficult to remove later. And this is a process that cannot be completed, this is one of their tricks. It also happens that the files of such programs cannot be deleted, here I advise you to look in the direction of the program, it deletes non-deletable files, the program is suitable. In general, guys, if you cannot complete the process or delete some suspicious folder or file, then it smells like a virus...
Speaking of viruses, do you think you don’t have them? No, I don’t want you to have them, but believe me, now there are such viruses... They can live for months and you won’t even know about it: not all viruses are interested in your VKontakte account, your mail, many are simply interested in the power of your hardware. To use a small percentage of this power for your own tasks.. After all, a small percentage is more difficult to notice.. Do you think it’s nonsense? No way guys! In short, this is all talk, I just wrote this to say that be careful (not only on the computer, but in life in general) and REGULARLY check your computer with these two FREE utilities: and . These are the best utilities, believe me!
So, let's get down to business, to end a process that does not end in the manager, you need to download the Process Explorer program. This is a free program and do you know why you can trust it? Because it is on the Microsoft website, so download it guys! When you go to the page, on the right side you will need to click on Download Process Explorer
So, have you downloaded it? Great! But you remember where you downloaded that. It’s just that Process Explorer DOES NOT INSTALL, it works like this, without installation, just launch it and that’s it! So, we launched it and this is the window that will open, this is what Process Explorer looks like:
Well, what can I say? Everything was done very cool, because it’s very convenient to see the processes, who started who, and a lot of information! In short, the program is super and it’s noticeable. It turns out that this is an advanced task manager! In this program, to end a process, you need to right-click on it and select Kill Process or Kill Process Tree. The first command simply terminates the process, while the second terminates the process tree. These are the points:
If you move the mouse to some process, you can also see interesting information in the tooltip like this (I brought the mouse to the svchost.exe process):
As you can see, there is nothing complicated, everything is simple and convenient. But you know what, I found another very important function here, of course I don’t know whether you need it or not, that is, whether it’s interesting or not, but I’ll show it to you, because it’s unique. In short, you can find out the service that launched the process, because some processes are launched by services, but not all! In any Windows there are several svchost.exe processes in the task manager, but they are launched by different services, that’s the funny thing! In short, to find out which service launched a certain process, you need to right-click on the process (I’ll take svchost.exe again as an example) and select Properties there:
A window will open, there will be all sorts of tabs, and there will also be a Services tab (if it is not there, then it was not the service that started the process), here is some information on it:
That is, it became clear that the svchost.exe process on which we clicked and selected Properties, this process ensures the operation of the built-in Windows Defender. Well, this is how things are guys, I don’t know if this is interesting to you or not, but I had to show you this...
By the way, you can still put the process to sleep. Well, that is, stop it, so to speak, freeze it, to do this, right-click on the process and select Suspend. Then, to resume work, you also right-click and select Resume
Now let’s return a little more to our topic, namely how to terminate a process that cannot be terminated in the dispatcher. The fact is that, in principle, this can be done without the Process Explorer program, but I’m not sure that this will always work. In short, look, hold down Win + R and write a command like cmd there and click OK:
Attention, guys! If you have Windows 10, then you need to right-click on the Start icon and select Command Prompt (Administrator)!
So, after this you will have a black window where you can enter different commands. Well, there is one command that can forcefully terminate the process, this command:
taskkill.exe /F /IM test.exe
This command forcefully terminates the test.exe process. It’s clear that where test.exe is, this is where you install the required process. You see, there is something like /F, /IM in the command, do you see? These are the launch keys. Now, if you add the /T switch, the command will also terminate all child processes. Here I have a process CCleaner64.exe (this is from the CCleaner cleaner), which I can easily terminate, so let me do it through this command. So I paste the command into the black cmd window:
Here she appeared:
Now I pressed enter and this is the result:
As you can see, the operation was completed successfully, everything is normal! We completed the process by its name, or you can also by its identifier, that is, by PID. But how do you find out this PID? Look, in the task manager there are some numbers next to each process:
Have you noticed this? Oh, they probably didn’t notice! Because this process ID column must be manually enabled, it is NOT SHOWED by default! But it’s not difficult to enable it; to do this, you need to click View at the top, and there will be a Select Columns item:
And that’s it, then you need to check the process ID (PID), click OK and you will also have such a column. Well, guys, in this column there is just such a thing as PID, that is, the process ID. To terminate a process by PID, you need to enter the following command:
taskkill.exe /F /PID 0000
Where 0000 is, then you indicate the PID of the process taken from the task manager. Well, I think it’s more or less clear to you, right? I sincerely hope so
Guys, I don’t know, but it seems like I wrote everything I needed, or did I forget something? I hope I haven’t forgotten, what else can I tell you? Don’t forget to regularly check your computer with antivirus utilities, especially since they are free. Which ones exactly? Well, I have already given the links above, if anything, then I’ll remind you, here is the utility, and here
Well, I hope that everything I wrote here is accessible to you and everything is clear to you. I wish you good luck, that you don’t get sick and that everything is fine with you
09.12.2016
