- AccessChk: View effective permissions on files and folders - Thu, Apr 13 2023
- Read NTFS permissions: View read, write, and deny access information with AccessEnum - Wed, Mar 29 2023
- Kill Windows a process with Tskill and Taskkill - Mon, Mar 13 2023
In my previous post, you learned how to List Windows processes with PsList. Today, I explain how to terminate a Windows process using PsKill. PsKill is a very old and simple tool with only one option. It is available in both 32-bit (pskill.exe) and 64-bit versions (pskill64.exe). Both versions provide the same result.
PsKill has only one feature option
Locally, administrative rights are not required if you only want to terminate a process running in the same security context as PsKill. In other words, you can only terminate your own processes. To terminate a system or a different user process, administrative rights are required. The same applies to terminating a process on a remote system.
Generally, you should be careful using PsKill, as it terminates the process immediately and forcibly without any further warning. This means that the process does not have an opportunity to shut down clearly and save its data. Terminating a system-critical process will lead to an immediate blue screen of death (BSOD). Luckily, starting with Windows 8.1, many system-critical processes are protected and cannot be killed by PsKill any longer.
PsKill allows you to terminate processes by process ID (PID) or process name. To terminate a process by PID, enter its decimal value as a parameter:
pskill 9792
Only one PID can be specified in the command. Terminating multiple processes by PID is no longer supported. To terminate a process by its name, use the syntax below. Note that PsKill does not accept wildcards; the process name must be an exact match.
pskill msedge
Adding .exe to the process name is needed only when the process name happens to be a number. Be careful when using a process name; PsKill will attempt to terminate all processes on the system that have that name. This means that when you run PsKill with administrative permissions, you can kill processes you didn't intend to (another user's process, for example).
Using PsKill with process name terminates all processes
In previous versions of PsKill, it was possible to specify multiple PID or name values in a single command, but this is no longer supported.
PsKill can also terminate the whole process tree, which includes the target process itself and all descendant processes. Use the -t option to do so.
pskill -t powershell
PsKill can terminate the whole process tree
Terminating a process on remote systems
All the PsTools utilities support remote operations using a syntax that is consistent across the entire suite. Not all the utilities perform the operation the same way; there might be different requirements. PsKill requires that the Admin$ share be accessible on remote systems.
PsKill does not support terminating a process on multiple computers in one command. To terminate a process on a remote system:
pskill \\ws2022 msedge or pskill \\192.168.1.10 msedge.exe
Another common feature across PsTools is the use of alternate credentials on the remote system. As you may imagine, this is handy when you run the query from an account that does not have administrative permissions on the remote system. The syntax is as follows:
pskill \\ws2022 -u LAB\Administrator -p Passw0rd msedge.exe
Using PsKill with different credentials
If you have a space in the username, simply use the "LAB\User Name" syntax. If you omit the -p, the tool will prompt for the password. All the utilities use the WNetAddConnection2 API, so the passwords are not sent in clear text over the network.
Subscribe to 4sysops newsletter!
Final words
In this post, you have learned how to use PsKill to terminate processes on Windows systems. As mentioned, the tool is very old and was developed in early Windows versions. Today, you can use commands such as Taskkill.exe or Tskill.exe, which offer more options and capabilities.
In addition to PsKill you have explain PsList about which can give you a processes names.
As well as about “Net stop / Net start”. These three commands (programs) are about the same.
PsList is mentioned in the post as it was released before this one.
Net commands work a bit differently, they use normal Windows API to stop a service gracefully, while PsKill terminates the process instantly. Big difference there 🙂
Thanks Leos for your article, helpful as usual.PSkill is one of most used command of the Sysinternals suite.
List Windows processes with PsList
Yes, I know PsList and how to use it. I just wanted to say that speaking about Skill without description of PsList is not quite complete.
Thank you for this great article.
Kindly consider a follow up for the additional tools you mentioned – Taskkill and Tskill, especially since they offer more options and capabilities.