## How to brutally kill a process in Windows environment

Today we’ll go over the various methods to kill a process. Can be useful especially if the process is stuck somehow and you’re having trouble closing/killing it.

## Kill process with WMI queries

Open cmd.exe and run command:

wmic process where name='myprocessname.exe' delete

## Batch kill in command prompt

Open cmd.exe and run command:

taskkill /IM "myprocessname" /T /F

/IM is required to pick process, but the extra parameters /T and /F are optional. They’re quite useful though:

/T = also kills child processes/F = force termination of your process

## Kill it the powerful way

Indeed. You can also kill it using Powershell, but you need to find the process ID first. Open Powershell prompt and simply type

Get-Process myprocessname | Select -expand id# use the id returned in the next command:kill -id id

## Kill process using graphical user interface

You’re probably familiar with Task Manager. Open it by right-clicking on the taskbar and click on “Task Manager”. If that fails, or if you need to run it as another user, you can browse to %windir%\system32\ and run the executable file, taskmgr.exe.

If you’re lucky you can just kill the process and get on with your life. But, if you want to figure out what’s wrong, then a great tip is to open the Resource Monitor and Filter by process. This will show you all disk I/O file handles related to your process so you might actually see what exactly is hanging.

## Create a cmd alias/shortcut for issuing commands on remote computer

Before we begin, you must:

1) Open your text editor of choice and paste the following code:

C:\path\to\PSTools\PsExec.exe \\%1 cmd /c %2

Correct the path for PsExec.exe. Save it as rce.bat in the %windir%\system32 folder. If not permitted, save it elsewhere and copy it into the system32 folder manually (will probably show UAC prompt).

Fun fact: RCE is short for Remote Code Execution, typically the holy grail of vulnerability exploits

2) Actually there’s no more steps, you’re done.

Lets try it out. Open cmd.exe and run the following command:

rce computername ipconfig

Note that if the command uses several separated words, you must enclose it with ” ”

rce computername "net stats workstation"

You might also be interested in this other article showing you how to make a sudo-like command for opening an elevated command prompt:

Create a su command for Windows Command Prompt

## Simple Robocopy backup script

Robocopy syntax to copy all NEW or EDITED files from source to destination dir:

robocopy "%src%" "%dest%" /E /W:1 /R:1 /XC /log+:"robocopy_log.txt"

Description of the parameters:

• /E = Copies subdirectories. Note that this option includes empty directories. If you wish to exclude empty directories, use /S.
• /W:1 = Specifies the wait time between retries, in seconds. The default value of N is 30 (wait time 30 seconds).
• /R:1 = Specifies the number of retries on failed copies. The default value of N is 1,000,000 (one million retries).
• /XC = Excludes changed files.
• /log+: = Writes the status output to the log file (appends the output to the existing log file).

Windows batch script to setup a scheduled task to run the robocopy command:

@echo off
title Robocopy Backup
echo.
echo Initial configuration for automatic backup with Robocopy + Task Scheduler
echo.

echo Step 1 - setup Robocopy:
echo.
set /p src=Backup FROM dir:
set /p dest=Backup TO dir:
(
echo cd %userprofile%\Desktop
echo robocopy "%src%" "%dest%" /E /W:1 /R:1 /XC /log+:"robocopy_log.txt"
)> %userprofile%\robocopy.bat

echo.
echo Step 2 - setup Task Scheduler:
echo.
schtasks /create /tn "Robocopy Backup" /tr "%userprofile%\robocopy.bat" /SC HOURLY
echo.
echo Done
echo.

pause

Copy & paste the text into a text editor and save it as a .bat file to make it executable.

When running this script you will setup a scheduled task which runs the robocopy.bat file every hour. Really great and time-saving if you work in a local folder on your C drive and wish to periodically take incremental backups to a network storage for instance.