PsKill is a command-line tool that is part of the Sysinternals suite. As the name suggests, it allows you to terminate (kill) Windows processes on local or remote Windows systems.

In my previous post, you learned how to List Windows processes with PsList. Today, I explain how to terminate a Windows process using PsKill. PsKill is a very old and simple tool with only one option. It is available in both 32-bit (pskill.exe) and 64-bit versions (pskill64.exe). Both versions provide the same result.

PsKill has only one feature option

PsKill has only one feature option

Locally, administrative rights are not required if you only want to terminate a process running in the same security context as PsKill. In other words, you can only terminate your own processes. To terminate a system or a different user process, administrative rights are required. The same applies to terminating a process on a remote system.

Generally, you should be careful using PsKill, as it terminates the process immediately and forcibly without any further warning. This means that the process does not have an opportunity to shut down clearly and save its data. Terminating a system-critical process will lead to an immediate blue screen of death (BSOD). Luckily, starting with Windows 8.1, many system-critical processes are protected and cannot be killed by PsKill any longer.

PsKill allows you to terminate processes by process ID (PID) or process name. To terminate a process by PID, enter its decimal value as a parameter:

pskill 9792

Only one PID can be specified in the command. Terminating multiple processes by PID is no longer supported. To terminate a process by its name, use the syntax below. Note that PsKill does not accept wildcards; the process name must be an exact match.

pskill msedge

Adding .exe to the process name is needed only when the process name happens to be a number. Be careful when using a process name; PsKill will attempt to terminate all processes on the system that have that name. This means that when you run PsKill with administrative permissions, you can kill processes you didn't intend to (another user's process, for example).

Using PsKill with process name terminates all processes

Using PsKill with process name terminates all processes

In previous versions of PsKill, it was possible to specify multiple PID or name values in a single command, but this is no longer supported.

PsKill can also terminate the whole process tree, which includes the target process itself and all descendant processes. Use the -t option to do so.

pskill -t powershell
PsKill can terminate the whole process tree

PsKill can terminate the whole process tree

Terminating a process on remote systems

All the PsTools utilities support remote operations using a syntax that is consistent across the entire suite. Not all the utilities perform the operation the same way; there might be different requirements. PsKill requires that the Admin$ share be accessible on remote systems.

PsKill does not support terminating a process on multiple computers in one command. To terminate a process on a remote system:

pskill \\ws2022 msedge or pskill \\192.168.1.10 msedge.exe

Another common feature across PsTools is the use of alternate credentials on the remote system. As you may imagine, this is handy when you run the query from an account that does not have administrative permissions on the remote system. The syntax is as follows:

pskill \\ws2022 -u LAB\Administrator -p Passw0rd msedge.exe
Using PsKill with different credentials

Using PsKill with different credentials

If you have a space in the username, simply use the "LAB\User Name" syntax. If you omit the -p, the tool will prompt for the password. All the utilities use the WNetAddConnection2 API, so the passwords are not sent in clear text over the network.

Subscribe to 4sysops newsletter!

Final words

In this post, you have learned how to use PsKill to terminate processes on Windows systems. As mentioned, the tool is very old and was developed in early Windows versions. Today, you can use commands such as Taskkill.exe or Tskill.exe, which offer more options and capabilities.

avataravatar
6 Comments
  1. Alex 9 months ago

    In addition to PsKill you have explain PsList about which can give you a processes names.
    As well as about “Net stop / Net start”. These three commands (programs) are about the same.

    avatar
    • Author
      Leos Marek (Rank 4) 9 months ago

      PsList is mentioned in the post as it was released before this one.
      Net commands work a bit differently, they use normal Windows API to stop a service gracefully, while PsKill terminates the process instantly. Big difference there 🙂

      avataravatar
  2. Thanks Leos for your article, helpful as usual.PSkill is one of most used command of the Sysinternals suite.

    avatar
    • Alex 9 months ago

      Yes, I know PsList and how to use it. I just wanted to say that speaking about Skill without description of PsList is not quite complete.

  3. Oz Edri 9 months ago

    Thank you for this great article.
    Kindly consider a follow up for the additional tools you mentioned – Taskkill and Tskill, especially since they offer more options and capabilities.

    avatar

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account