mag72

Tutorial: PowerShell Kill Process Command

Powershell Kill Process Command

Diego Asturias

Managing processes in complex Windows environments can be an overwhelming and time-consuming experience. Having to be constantly logging into different machines at different times, hitting the “Ctrl+Alt+Del”, looking for specific processes, and “Ending Tasks” is a long and tedious process.

Thankfully, you can leverage PowerShell (PS) to automate those tedious administrative tasks, like dealing with unresponsive or frozen programs.

With PowerShell (PS), you can programmatically find and stop a service. You can use PS’s cmdlets to create scripts to look for and stop a specific service, scripts that kill a process based on specific criteria, auto-startup scripts, or whatever sets your imagination.

In this tutorial, you’ll learn how to locate and kill any process using two different commands available in PowerShell, the TASKKILL and the Stop-Process cmdlet. The advantage of using PowerShell over simple CMD, is that you can create automation routines to close processes.

Table of Contents 

  1. Kill a process using PowerShell 
    • Why would you want to kill a process?
  2. Install and Open PowerShell. 
    •  Open the PowerShell Interface.
  3. Killing a process with TASKKILL
    • How to use TASKKILL?
    • Forceful (/f) vs Graceful?
    • Task Listing.
    • Using TASKKILL in PowerShell?
  4. Killing a Process with PowerShell’s Stop-Process
    • TASKKILL vs Stop-Process?
    • A Stop-Process Example?
  5. Conclusion 

1. Kill a Process Using PowerShell

When an application (or service) starts, Windows OS creates a process for the executable file. This process contains the code and the current activity. Additionally, the OS also creates a unique Process Identifier (PID) for that particular process. This PID is a decimal number that can be used for debugging or troubleshooting.

An example is when you open an application such as Chrome or Skype, Windows creates a particular PID for each of those applications. You can use this PID to attach a debugger, monitor it, or kill the process.

Why would you want to kill a process?

There are several reasons why you would want to kill a process. For example, sysadmins would kill processes; if an application is taking too long to respond, it has stopped responding, is behaving abnormally, or just doesn’t allow you to quit. But developers would also kill processes when testing new software, or servers.

The two traditional ways to kill a process are via the Windows Task Manager and the CMD command prompt. The third way, not so common but very efficient, is using PowerShell. 

2. Install and Open PowerShell 

Powershell (PS) is Microsoft’s automation and configuration management framework. It comes with its own command-line shell and scripting language. PS works well with any tool and is optimized to work with structured data (CSV, XML, JSON, etc), and REST APIs.

Microsoft’s PSis open-source and available as a cross-platform. It is available on Windows, Linux, or macOS.

To download, install, or update the latest stable version of PowerShell, visit the GitHub repository: https://github.com/PowerShell/PowerShell/

Now, let’s open the PowerShell Interface.

Press “Windows + R” keys to open the run box, and type “PowerShell”. Clicking “Ok” will open a regular PS interface. But you can also open an interface with elevated permissions, by pressing Ctrl+Shift+Enter. 

PowerShell Interface

Bear in mind that some processes run with Administrator privileges, so you will not be able to kill them unless you open the PS interface with Administrator rights. Windows PowerShell with Administrator rights gives you more control over all your processes.

PowerShell Interface

Although the PS interface looks a lot like Windows Command Prompt (cmd), PS is a more advanced “version” of cmd. As mentioned before PS comes with its own scripting language and command-line shell.

With PowerShell, you can run any cmd command, like ListTask or KillTask.

3. Killing a process with TASKKILL

Let’s start by defining the TASKKILL utility (taskkill.exe) and how to use it.

TASKKILL is a Microsoft utility that allows you to terminate one or more processes (or tasks). At the basic level, TASKKILL is like clicking the X button on the top-right corner of any Windows application. It will “gracefully” exit the program and will prompt you “whether to save changes” before exiting. However, the TASKKILL utility gives you more flexibility on how you would want to kill a process— you can go gracefully or forcefully.

This utility can be used from the command line with different configuration arguments such as /F, /T, PID, and /IM.

To learn more about the TASKKILL utility (or see the help), you can simply open the command prompt and type:

  • taskkill/?

taskkill.exe

The TASKKILL command syntax is (As shown in the screenshot above):

  • TASKKILL [/S system [/U [/P [password]]]] {[/FI filter] [/PID process id | /IM imagename]} [/T][/F]

The useful parameters to kill a process with TASKKILL are: 

  • /S (System) Define the remote system to connect to.
  • /U (Username) Specify the username.
  • /P (password) Determines the password for that specific user.
  • /PID (Process ID) Specify the ID of the process you want to terminate.
  • /IM (Image name) Specify the image name of the process you want to terminate.
  • /T (Terminate) Terminate the PID along with any child processes associated with it. 
  • /F (Forceful) Forcefully terminate the process.

How to use TASKKILL?

Let’s put together a couple of TASKKILL parameters.

The basic command syntax to forcefully kill a specific process is as follows:

  • taskkill /PID process-number /F

Additionally, if you want to forcefully kill a process using a specific image name, use the following command:

  • taskkill /IM process-name /F

Forceful (/f) vs Graceful?

As many of us have probably experienced before, the graceful way to exit a program (the “X” on top of a Windows bar) will usually not work, if an application is frozen or buggy.

When you force a process to exit (forceful kill), you are doing the same as Alt+F4 or going to the task manager with Ctrl+Alt+Del and clicking on “End Task”. Without the parameter (/F) is like clicking on the (X) on the top bar of any window.

So, you’ll need to force a program to exit with (/f) in some cases.

Task Listing

If you don’t know the running processes and their IDs, you can use the command: “tasklist” to display all the tasks running on the computer. Adding the “ | more” filter will separate the output in pages so that you can view them easily.

  • “tasklist | more”

You can also filter your search based on some criteria using the “/fi” parameter. For example:

  • tasklist /fi “imagename eq notepad.exe”

Again, if you want to know more about the Tasklist command, type “tasklist/?” on the command prompt.

taskkill.exe

Using TASKKILL in PowerShell?

Let’s perform a kill (or forceful exit) to the notepad.exe application using PS. Remember, to forcefully kill a process, you would need to open PS using administrator rights.

First, as mentioned before, use the TASKLIST command to find the Image Name and its PID:

  • tasklist | more

Find the name of the process and record the PID or image name (i.e., notepad.exe).

In this example, “notepad.exe” is using the PID:13252

To kill the process on PowerShell, use any of the following commands: 

  • To gracefully kill the notepad process with pid: taskkill /pid 13252
  • To forcefully kill the notepad process with pid: taskkill /pid 13252 /f
  • To forcefully kill the notepad process using image name: taskkill /im notepad.exe /f

4. Kill a Process with PowerShell’s Stop-Process

The Stop-Process is PowerShell’s own way to kill a process (although they prefer to use the word “Stop” rather than killing!). Stop-Process is a cmdlet that performs similar to the TASKKILL command but gives you a slightly different set of options.

The Syntax for the Stop-Process command is as follows:

  • Stop-Process [-id] <Int32[]> [-passThru] [-Force] [WhatIf][-confirm] [<CommonParameters>]
  • Stop-Process -name string[] [-passThru] [-Force] [-WhatIf] [-confirm] [<CommonParameters>]
  • Stop-Process -inputObject Process[] [-passThru] [-WhatIf] [-Force] [-confirm] [<CommonParameters>]

TASKKILL vs Stop-Process?

Both the TASKKILL and Stop-Process allow you to kill a process forcefully with a PID or name. A big difference with Stop-Process is that it lets you define a process object (a variable or command). Also, you can’t define things like system name, username, or password, as you would in the TASKKILL command.

PowerShell’s Stop-Process, on the other hand, helps you create an autonomous task with scripting powers. For example, the “-passthru” parameter allows you to return objects from commands, which you can later use for scripting. The Stop-Process also includes two risk mitigation parameters (-WhatIf) and (-Confirm) to avoid the Stop-Process from making dramatic changes to the system.

A Stop-Process Example?

We’ll kill the notepad process forcefully, first by defining its PID, and then by its process name.

Step 1. Find it

Use the “Tasklist” command to see all your processes (or create a filter).

Tasklist command

Step 2. Stop the process with its PID:

Tasklist command

Optional: You can also stop the process using its name. For example:

  • Stop-process -name notepad -Force

Tasklist command

Other examples: 

  • Stop-Process -name CMD -Force
  • Stop-process -name putty -Force
  • Stop-Process -Name Chrome -Force

To return a process object to the PowerShell console, use the PassThru command. This command is useful for keeping track of process objects. For example, if you want to monitor the newly opened Notepad process.

The below screenshot starts the process with a -PassThru parameter and later stops the same process with a -PassThru. You can store the returned process object into a variable and use it to monitor metrics like CPU or PM, etc.

Conclusion

Buggy or problematic services and applications can be overwhelming. They are time-consuming to manage and can make entire servers slow— or even crash them.

Instead of having to every time restart the entire server, you can kill the specific service that is giving you headaches, and get the server back to normal.

In this tutorial, we went through two ways to kill a process using PowerShell. The TASKKILL is simple and easy to use. You can connect to remote servers and kill processes using its PID or name. The PowerShell’s Stop-Process cmdlet can do the same but goes beyond by allowing you to automate tasks. With Stop-Process, you can create auto-restart scripts that monitor and kill risky processes.