Windows

Quick Tip: Kill rogue processes with taskkill in Microsoft Windows

Use taskkill to stop a rogue system process in Microsoft Windows 7 when the Task Manager is just not powerful enough.

There are times, regardless of your operating system, when you will need to manually kill a rogue process. Most of the time, this can easily be done with the help of the Microsoft Windows 7 Task Manager. There are times, however, when that tool doesn't seem to have the ability to kill a rogue process. I have seen this plenty of times when trying to kill an Acronis process that has gone astray. When this happens, I have to employ a more powerful tool, taskkill, which is used from the command line.

This blog post is also available in PDF format in a TechRepublic download. Note: In order to run the taskkill command, you will have to open the command window. To do this, click Start | Run and type cmd in the text field or just enter cmd in the Run dialog box (access Run dialog box by clicking Win+R) (Figure A).

Figure A

Open the command window.
Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!

Using taskkill

The general syntax of the command looks like this:

taskkill [OPTIONS] [PID]

As you might expect, there are plenty of options available for this command. Some of the more helpful options are:

  • /s COMPUTER -- (Where COMPUTER is the IP or address of a remote computer). The default is the local computer, so if you're working with a command on the local machine, you do not have to use this option.
  • /u DOMAIN\USER -- (Where DOMAIN is the domain and USER is the username you authenticate to). This option allows you run taskkill with the account permissions of the specified USERNAME or DOMAIN\USERNAME.
  • /p -- If you use the /u option, you will also need to include the /p option, which allows you to specify the user password.
  • /fi -- Allows you to run the taskkill command with filters.
  • /f -- Forces the command to be terminated.
  • /IM -- Allows you to use an application name instead of the PID (Process ID number) of the application.
One of the most useful options is the help switch (Figure B):

taskkill /?

Figure B

Use the help switch for the taskkill command.

Killing with application name

The simplest way to kill a rogue application with taskkill is using the /IM option. This is done like so:

taskkill /IM APPLICATION_NAME

Where APPLICATION_NAME is the name of the application you want to kill. Say, for example, Outlook is refusing to close. To close this with taskkill, you would execute the command:

taskkill /IM outlook.exe

Killing with PID

Let's say you do not know the name of the application, but instead you know the PID of the application. To kill a process with a PID of, say, 572, you would issue the command:

taskkill /PID 572

Killing all processes owned by a particular user

What if you want to kill all processes owned by a single user? This can come in handy if something has gone awry with a user account or if the user has logged out, but some of the processes owned by that user will not go away. To manage this you would issue the taskkill command like so:

taskkill /F /FI "USERNAME eq username"

In this case, the username is the actual username that owns the processes. Note: The USERNAME option must be used in order to tell the taskkill command a username will be specified.

Killing processes on a remote machine

This one is very handy. Say something has locked up your desktop and you know exactly what application is the culprit. Let's stick with our Outlook example from earlier. You can hop onto another machine and remotely kill that application like so:

taskkill /s IP_ADDRESS /u DOMAIN\USERNAME /IM Outlook.exe

Where IP_ADDRESS is the address of the remote machine (Note: The hostname can be substituted if the machines are able to see one another by hostname), DOMAIN is the domain (if applicable), and USERNAME is the username used to authenticate to the remote machine.

Final thoughts

The ability and power that comes with the taskkill command can be a very valuable tool that might save you from having to forcibly reboot a machine. Having a solid grasp of this tool, in conjunction with using the Windows Task Manager, will help to keep your Windows machines enjoying longer uptime and, should the occasion strike, the ability to manage a task when a virus, rootkit, or trojan has taken over your machine.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

9 comments
tessa83
tessa83

It won't let me kill a task because it says access is denied. What does that mean and what do I do? I'm the administrative account (at least I thought I was) so I don't understand why I don't have access to it?

peter
peter

Oops - sorry I'm wrong these routines are built in to the unix kernel and just work

bjosephs
bjosephs

Thanks for the great tip. I have been having trouble with sony digital voice editor that comes bundled with some of their recorders. Process DVEdit.exe is often stubborn about shutting down - although task manager usually handles it ok. I'm just trying to set up a one-click workaround. I've successfully used sysinternals pskill tool. I was excited to come across this post, and successfully executed a number of times. However, I was just unsuccessful after repeated attempts. (PSKill still worked..). Any advice? Is that what the /f switch for?

tdhclueless50
tdhclueless50

invalid argument and is not recognized as internal or external command. tdhclueless50@hotmail.com

jwamsley
jwamsley

I created a quick kill shortcut and placed it on the quick launch bard C:\Windows\System32\taskkill.exe /f /fi "status eq not responding" Very effective, especially when IE gets non-responsive.

Dave O
Dave O

Works in XP too.

Mark W. Kaelin
Mark W. Kaelin

How often do you have to kill processes and/or applications in Windows 7?

T3CHN0M4NC3R
T3CHN0M4NC3R

That depends on what application you have on your Windows. From my experience, I tried to remove a HP Office jet AIO printer and it only got half removed. I have to use Process Explorer and look down into svchost.exe and kill a few HP related processes in order to completely remove all the HP related driver software.