Thursday, July 24, 2008

Killing Processes Remotely

Often, people have things running on their computer that they don't even know about. In our infrastructure, we have implemented file screening on our file servers to help control storage use. We have one user that has BitTorrent running on his machine. He obviously isn't actively using it, because it just keeps trying to download and save the same file onto the server. Each time someone attempts to save one of these (unauthorized) files to the server we (the infrastructure team) receive an email notification. I am growing weary of this same notification from this user.

Using the awesome Sysinternal tools (now part of Microsoft's Technet), I was able to easily find the process (bittorrent) that was running and kill it remotely. These two commands (pslist and pskill) are command line tools.

  1. Use pslist to find the name of the process that you want to kill.
    pslist \\machine -u Domain\username
  2. Use pskill to kill it.
    pskill \\machine -u Domain\username Process Name or PID

No comments: