Stop remote process with Get-WmiOjbect

This topic contains 13 replies, has 6 voices, and was last updated by  Ufuk Sayar 2 years, 6 months ago.

  • Author
  • #20450

    Byron Grogan

    Hi all.

    I've only been technically working in IT as a sysadmin for less than 1 year. young with very VERY little knowledge about scripting and everything for that matter. I am trying to kill processes on a number of servers that display an error from time to time saying that an instance of the program is already running. I am trying to stop the process remotely using the Get-WmiObject cmdlet and a text file with a list of IP addresses? is this the correct method?


  • #20451

    Don Jones

    Well, it's "correct" if it works, and you should be able to do that, yes.

    Get-WmiObject -computername (Get-Content names.txt) -class Win32_Process -filter "Name='my process'" | 
    Invoke-WmiMethod Stop

    Something along those lines. There are certainly other ways, but there's nothing wrong with this way. Note that on newer servers (Win2102R2+), WMI is blocked by default.

    • #20464

      Byron Grogan

      Hi All.

      I have created two Windows Server 2012 R2 machines for testing, both with local firewall disabled. I have left out the (Get-Content names.txt) cmdlet just to verify that I can stop the process on the machine first. PowerShell is asking me to supply values for the -Name parameter?
      Maybe I need to add the (Get-Content names.txt) cmdlet with text file before piping Get-WmiObject to Invoke-WmiMethod stop?

      {PS C:\Users\Administrator> Get-WmiObject -ComputerName WIN-FG4D082N2IN -Class win32_process -Filter "notepad='notepad.exe'" | Invoke-WmiMethod stop
      cmdlet Invoke-WmiMethod at command pipeline position 2
      Supply values for the following parameters:
      Name: notepad
      Get-WmiObject : Invalid query "select * from win32_process where notepad='notepad.exe'"
      At line:1 char:1
      + Get-WmiObject -ComputerName WIN-FG4D082N2IN -Class win32_process -Filter "notepa ...
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidArgument: (:) [Get-WmiObject], ManagementException
          + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand}
  • #20452

    Ondrej Zilinec

    Can you, please, share your code?

    You can use no powershell command "tasklist". To get help for this command, use "tasklist /?".

    If you want to use Powershell I would prefer to use "Invoke-Command" cmdlet.

  • #20463

    Richard Siddaway

    You have a number of choices here that centre around the connectivity to the remote servers that you have available:
    – The WMI cmdlets, as suggested above, can be used IF you have DCOM available on the remote machine. As Don said this is blocked by default by the Windows firewall on newer versions of Windows
    – You can use Invoke-Command – if you have remoting enabled on the remote machine. This is ON be default in later versions of Windows server but OFF by default on earlier versions. If you use Invoke-Command then use Get-Process | Stop-Process
    – Last choice is to use CIM cmdlets – if you have winrm running on rermote server and remote server is running PowerShell 3.0 or later

    The Get-Process | stop-process could work against the remote machine but uses RPC which usually isn't enabled by default

    • #20471

      Byron Grogan

      Richard just out of interest how would i format the syntax for Invoke-Command and Get-Process piped to Stop-Process exactly? Just purchased your Active Directory Management book btw, it's excellent! good old paper back

  • #20465

    Don Jones

    What you meant? Not...

    • #20466

      Byron Grogan

      Yes! sorry

      {PS C:\Users\Administrator> Get-WmiObject -ComputerName WIN-FG4D082N2IN -Class win32_process -Filter "name='notepad.exe'" | Invoke-WmiMethod stop
      cmdlet Invoke-WmiMethod at command pipeline position 2
      Supply values for the following parameters:
      Name: notepad.exe
      Invoke-WmiMethod : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its 
      properties do not match any of the parameters that take pipeline input.
      At line:1 char:97
      + ... otepad.exe'" | Invoke-WmiMethod stop
      +                    ~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidArgument: (\\WIN-FG4D082N2...s.Handle="3748":PSObject) [Invoke-WmiMethod], ParameterBindingException
          + FullyQualifiedErrorId : InputObjectNotBound,Microsoft.PowerShell.Commands.InvokeWmiMethod}
  • #20467

    Don Jones

    You may need to try

    Invoke-WmiMethod -Name Stop

    The problem right now is that it's not sure what input you're providing. It's probably trying to bind "notepad.exe" to -Name, using ByPropertyName. Specifying "-Name Stop" should fix that. You could also:

    Get-WmiObject -ComputerName WIN-FG4D082N2IN -Class win32_process -Filter "name='notepad.exe'" | ForEach { $_.Kill() }

    Same basic thing.

    • #20468

      Byron Grogan
      {PS C:\Users\Administrator> Get-WmiObject -ComputerName WIN-FG4D082N2IN -Class win32_process -Filter "name='notepad.exe'" | Invoke-WmiMethod -Name Stop
      Invoke-WmiMethod : This method is not implemented in any class 
      At line:1 char:97
      + ... otepad.exe'" | Invoke-WmiMethod -Name Stop
      +                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidOperation: (:) [Invoke-WmiMethod], ManagementException
          + FullyQualifiedErrorId : InvokeWMIManagementException,Microsoft.PowerShell.Commands.InvokeWmiMethod}

      Second suggestion with foreach loop and variable kill. i also tried PSKill too. same response.

      {PS C:\Users\Administrator> Get-WmiObject -ComputerName WIN-FG4D082N2IN -Class win32_process -Filter "name='notepad.exe'" | ForEach { $_.Kill() }
      Method invocation failed because [System.Management.ManagementObject] does not contain a method named 'Kill'.
      At line:1 char:107
      + ... '" | ForEach { $_.Kill() }
      +                    ~~~~~~~~~
          + CategoryInfo          : InvalidOperation: (Kill:String) [], RuntimeException
          + FullyQualifiedErrorId : MethodNotFound}
  • #20469

    Peter Jurgens

    Change kill() to terminate()

    That should do it.

    Don I think you must have been referring to the kill alias for stop-process, no?

    • #20470

      Byron Grogan

      Yes! worked like a charm, thanks everyone 🙂

      {PS C:\Windows\System32> Get-WmiObject -ComputerName WIN-FG4D082N2IN  -Class win32_process -Filter "name='notepad.exe'" | foreach { $_.terminate() }
      __GENUS          : 2
      __CLASS          : __PARAMETERS
      __SUPERCLASS     : 
      __DYNASTY        : __PARAMETERS
      __RELPATH        : 
      __PROPERTY_COUNT : 1
      __DERIVATION     : {}
      __SERVER         : 
      __NAMESPACE      : 
      __PATH           : 
      ReturnValue      : 0
      PSComputerName   : 

      Is the ReturnValue denoting the process value?

    • #20473

      Byron Grogan

      Just read that article. Return code value 0 is a Successful Completion.

  • #22324

    Ufuk Sayar

    $PC = Read-Host "Pc / Ip "
    (Get-WmiObject -ComputerName $PC -Query "select * from win32_process where name like 'internet%'").terminate()

You must be logged in to reply to this topic.