I'm blessed with some processes on my machine that I can not kill by default - Task Manager claims "Access is denied". Since I have admin access, I can kill these processes in Process Explorer by modifying their permissions and granting "Full Control" to the Administrators group before attempting to kill them.
I'd like to automate this in a script, preferrably in standard CMD, if necessary using PowerShell or .NET scripting. Could anyone point me towards the necessary invocations?
Added npocmaka's comment as an answer.
Use the following statement to kill a process as Administrator:
runas /user:Administrator taskkill /im processName* /f
Related
I have a script which has to run from an administrator level powershell/cmd prompt
Why? Because it has to use logman to get windows counters
Problem: The software for which I want to log the windows counters for has to be started with regular user level rights.
I've seen that there are lots of examples on how to run as Administrator
I don't see any on running as Regular User
Launch exe file
Start Logman (Admin level)
Run Bat File to Open Program
Bat File should run with regular user level priv's
I had a look at using RUNAS but that requires password entry, which I don't want.
Is there some other way on windows to delevate?
you could use psexec
psexec -l powershell.exe -executionpolicy unrestricted -noexit -file c:\temp\checkelevated.ps1
-l : Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity.
I'm writing a batch script, where I need to check if a specific process is run with admin privileges and I have trouble finding a proper command to do so. Tasklist command does not give me that information.
Is there any way to get info about privileges of given process (not cmd.exe, but any process) with a command (and possibly without 3rd party software)?
Edit:
I don't need to determine which account has launched the process, nor do I need to check if cmd.exe process is running with admin privileges. I need to check if a given process is running with admin privileges or not, because later i want to call program which needs to have the same privileges as a given process.
Admin is easily confirmed by calling a PowerShell script from a .bat file script. Place these two (2) files in the same directory. Running Confirm-Admin.bat will return True in the output and 1 as the ERRORLEVEL if the process is being run as admin. If not being run as admin, it will return False as the output and zero (0) as the ERRORLEVEL.
=== Confirm-Admin.ps1
function ExitWithCode($exitcode) {
$host.SetShouldExit($exitcode)
exit $exitcode
}
$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
if ($currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
Write-Output "True"
ExitWithCode 1
} else {
Write-Output "False"
ExitWithCode 0
}
=== Confirm-Admin.bat
powershell -NoLogo -NoProfile -File "%~dp0%~n0.ps1"
To run Confirm-Admin.ps1 in PowerShell, invoke another Powershell to run it.
C:>powershell -NoLogo -NoProfile -File "Confirm-Admin.ps1"
True
PS 10:59 C:\src\t
C:>$LASTEXITCODE
1
If you only want to stay in the cmd.exe world, see https://stackoverflow.com/a/11995662/447901
Okay, so after some research and experimenting, I've managed to partially solve my problem.
Firstly, I check if batch script is running with admin privileges:
fsutil dirty query %SYSTEMDRIVE% >nul
if %errorLevel% == 0 (
set isBatchElevated=true
) else (
set isBatchElevated=false
)
Then, I look for a specific process by getting list of all tasks running by current user and finding a process by name:
tasklist /fi "username eq %USERDOMAIN%\%USERNAME%" | find /i "processname" > nul
if errorlevel 1 (
:: batch script doesn't have admin privileges, but the process has
)
So, there are four possible scenarios of running script and process with or without admin privileges.
1) Batch script without admin privileges, process with admin privileges
Running tasklist command won't find the given process with elevated rights and will set exit code to 1. Therefore, you can be 100% sure, that the process is running with elevated privileges, but only if batch script is running without admin privileges.
2) Batch script without admin privileges, process without admin privileges
Running tasklist command will find the given process. Basing on the 1) outcome, you can be 100% sure, that the process is running without elevated privileges, but only if batch script is running without admin privileges.
3)/4) Batch script with admin privileges, process with/without admin privileges
Those are problematic scenarios. When the script is running with elevated privileges, then the given process will be found, but there would be no difference between process with and without elevated rights when running tasklist.
After the privileges check I need to run a program with the same rights as the given process. The difference in the privileges will cause an error and the given won't be running without admin privileges only, so running the batch script without admin rights only won't solve the issue.
I wonder how you can write a batch file or powershell script that, given an input of a user name, that it goes and kill every processes that is owned by that user.
For example, if I input user name: testuser. I want the script to go and kill every system processes that its owner is testuser.
On a Windows Server 2008, 2012.
Thanks.
use the command taskkill on windows server, you can kill any processes owned by specific user.
TASKKILL /F /FI "USERNAME eq "
Using powershell you can list all processes started by a specified user:
Get-Process -IncludeUserName | where {$_.UserName -eq "<Username here>"}
To kill/stop a process, either call .kill() on each result or feed the result into Stop-Process.
I have a batch file to start an application as a Windows service. It is called start.bat
#ECHO off
START c:\Ruby193\bin\ruby c:\Ruby193\bin\thin start -R c:\coolapp\config.ru -p 4321 -a localhost -e production
My challenge is that this program only runs properly if it is "Run as Administrator" with admin privileges. So, I would like to add a line to check if this script is actually run with administrative privileges, and only execute if it is being run as administrator.
How can I do that from within the script?
Something like this might be what you need:
set isadmin=0
whoami /all | findstr /c:" S-1-16-12288 ">nul && set isadmin=1
That should result in the %isadmin% variable being either 1 or 0 depending on whether the shell was run as administrator or not.
This assumes the existance of the whoami utility which won't necessarily be available on older versions of Windows - I believe it was included from Windows Vista onwards though.
Two options:
Provoke elevation from a WSH script, like documented in the blog post Scripting Elevation on Vista.
Use an external executable that provokes the UAC prompt, such as Elevate32.exe/Elevate64.exe.
For your scenario, #2 may be preferable because you can detect whether the elevation prompt was canceled (exit code 1223) and you can also wait for the launched executable to finish before continuing (-w parameter).
Bill
It would probably be easier to convert the script to VBScript, then you can more easily check for Admin privileges and even elevate the script to Admin.
See here for how to do the check in VBScript: VBScript: Check if the script has administrative permissions
Occasionally a program on a Windows machine goes crazy and just hangs. So I'll call up the task manager and hit the "End Process" button for it. However, this doesn't always work; if I try it enough times then it'll usually die eventually, but I'd really like to be able to just kill it immediately. On Linux I could just kill -9 to guarantee that a process will die.
This also could be used for writing batch scripts and writing batch scripts is programming.
Is there some program or command that comes with Windows that will always kill a process? A free third-party app would be fine, although I'd prefer to be able to do this on machines I sit down at for the first time.
"End Process" on the Processes-Tab calls TerminateProcess which is the most ultimate way Windows knows to kill a process.
If it doesn't go away, it's currently locked waiting on some kernel resource (probably a buggy driver) and there is nothing (short of a reboot) you could do to make the process go away.
Have a look at this blog-entry from wayback when: http://blogs.technet.com/markrussinovich/archive/2005/08/17/unkillable-processes.aspx
Unix based systems like Linux also have that problem where processes could survive a kill -9 if they are in what's known as "Uninterruptible sleep" (shown by top and ps as state D) at which point the processes sleep so well that they can't process incoming signals (which is what kill does - sending signals).
Normally, Uninterruptible sleep should not last long, but as under Windows, broken drivers or broken userpace programs (vfork without exec) can end up sleeping in D forever.
taskkill /im myprocess.exe /f
The "/f" is for "force".
If you know the PID, then you can specify that, as in:
taskkill /pid 1234 /f
Lots of other options are possible, just type taskkill /? for all of them. The "/t" option kills a process and any child processes; that may be useful to you.
Process Hacker has numerous ways of killing a process.
(Right-click the process, then go to Miscellaneous->Terminator.)
JosepStyons is right. Open cmd.exe and run
taskkill /im processname.exe /f
If there is an error saying,
ERROR: The process "process.exe" with PID 1234 could not be
terminated.
Reason: Access is denied.
then try running cmd.exe as administrator.
Get process explorer from sysinternals (now Microsoft)
Process Explorer - Windows Sysinternals | Microsoft Docs
One trick that works well is to attach a debugger and then quit the debugger.
On XP or Windows 2003 you can do this using ntsd that ships out of the box:
ntsd -pn myapp.exe
ntsd will open up a new window. Just type 'q' in the window to quit the debugger and take out the process.
I've known this to work even when task manager doesn't seem able to kill a process.
Unfortunately ntsd was removed from Vista and you have to install the (free) debbugging tools for windows to get a suitable debugger.
setup an AT command to run task manager or process explorer as SYSTEM.
AT 12:34 /interactive "C:/procexp.exe"
If process explorer was in your root C drive then this would open it as SYSTEM and you could kill any process without getting any access denied errors. Set this for like a minute in the future, then it will pop up for you.
FYI you can sometimes use SYSTEM or Trustedinstaller to kill tasks ;)
google quickkill_3_0.bat
sc config TrustedInstaller binPath= "cmd /c TASKKILL /F /IM notepad.exe
sc start "TrustedInstaller"
I had this issue too, here is how I solved it.
1/ Open the « task manager «
2/ Locate the application name in the list
3/ Once found, right click on its name then click on « properties »
4/ In the properties interface, click on « security «
5/ Click on « edit » to change permissions
6/ « Deny » all permissions for all users, click on « apply » then « ok »
7/ click on « advanced » for special permissions settings
8/ Remove permissions for all users
9/ click on « apply » then « ok »
10/ click on « apply » then « ok » again
11/ you can now kill the process on task manager as well as uninstall the app of you want to.
When ntsd access is denied, try:
ZeroWave was designed to be a simple tool that will provide a multilevel termination of any kind of process.
ZeroWave is also a easy-to-use program due to its simple installation and its very friendly graphical interface.
ZeroWave has three termination modes and with the "INSANE" mode can terminate any kind of process that can run on Windows.
It seems that ZeroWave can't kill avp.exe
wmic process where processid="11008" call terminate