Kill all matching processes on Windows from command prompt

Everyone knows how to kill a process in Windows using Task Manager. However, when you’re on a Terminal Server Environment with 20 other users and you need to kill all matching processes on Windows from Command prompt it is just not possible because there might be 100 processes running. But hey, if you ask me, I would simply force disconnect all users using Task Manager but then I might get into trouble! :grin: Anywho, you can use tasklist to list all Windows processes and taskkill to kill all matching processes on Windows from command prompt, similar to kill or kill -9 on Linux. The best part (knowing Windows and all, you can actually search and match filters while doing it; no … it doesn’t have grep but similarish!)

All of this is possible with the TaskKill command. First, let’s cover the basics. You can kill a process by the process ID (PID) or by image name (EXE filename).

Open up an Administrative level Command Prompt and run tasklist to see all of the running processes:

C:\WINDOWS\system32>tasklist

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0          8 K
System                           4 Services                   0      9,720 K
Registry                       120 Services                   0      9,668 K
smss.exe                       444 Services                   0        484 K
csrss.exe                      628 Services                   0      2,004 K
wininit.exe                    732 Services                   0      3,256 K
services.exe                   804 Services                   0      7,584 K
lsass.exe                      824 Services                   0     12,408 K
svchost.exe                    996 Services                   0        344 K
svchost.exe                     96 Services                   0     19,960 K
fontdrvhost.exe                364 Services                   0        768 K
svchost.exe                    928 Services                   0     10,700 K
svchost.exe                   1040 Services                   0      5,244 K
svchost.exe                   1296 Services                   0      2,300 K
svchost.exe                   1304 Services                   0      5,376 K

In the example above you can see the image name and the PID for each process. If you want to kill the firefox process run:

C:\>Taskkill /IM firefox.exe /F

or

C:\>Taskkill /PID 26356 /F

The /F flag is kills the process forcefully. Failure to use the /F flag will result in nothing happening in some cases. One example is whenever I want to kill the explorer.exe process I have to use the /F flag or else the process just does not terminate.

If you have multiple instances of an image open such as multiple firefox.exe processes, running the taskkill /IM firefox.exe command will kill all instances. When you specify the PID only the specific instance of firefox will be terminated.

The real power of taskkill are the filtering options that allow you to use the following variables and operators.

Variables:

STATUS
IMAGENAME
PID
SESSION
CPUTIME
MEMUSAGE
USERNAME
MODULES
SERVICES
WINDOWTITLE

Operators:

eq (equals)
ne (not equal)
gt (greater than)
lt (less than)
ge (greater than or equal)
le (less than or equal)

"*" is the wildcard.

You can use the variables and operators with the /FI filtering flag. For example, let’s say you want to end all processes that have a window title that starts with “Internet”:

C:\>taskkill /FI "WINDOWTITLE eq Internet*" /F

How about killing all processes running under the Steve account:

C:\>taskkill /FI “USERNAME eq Steve” /F

It is also possible to kill a process running on a remote computer with taskkill. Just run the following to kill notepad.exe on a remote computer called SteveDesktop:

C:\>taskkill /S SteveDesktop /U RemoteAccountName /P RemoteAccountPassword /IM notepad.exe /F

To learn more about taskkill run it with the /? command just like any other Windows command.

Check Also

Enabling AMD GPU for Hashcat on Kali Linux: A Quick Guide

Enabling AMD GPU for Hashcat on Kali Linux: A Quick Guide

If you’ve encountered an issue where Hashcat initially only recognizes your CPU and not the …

Boot Ubuntu Server 22.04 LTS from USB SSD on Raspberry Pi 4

Boot Ubuntu Server 22.04 LTS from USB SSD on Raspberry Pi 4

This is a guide for configuring Raspberry Pi4 to boot Ubuntu from external USB SSD …

Leave your solution or comment to help others.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from blackMORE Ops

Subscribe now to keep reading and get access to the full archive.

Continue reading

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.