ByteInTheSky

How to Kill Process on Remote Computer Using PowerShell

Tagged: PowerShell

Problem

As a system administrator, you may need to kill a process on a remote computer using PowerShell for several reasons, as follows:

  • Troubleshooting: Sometimes, a process can become unresponsive or consume too many resources on a remote computer, causing the system to slow down or even crash. In such cases, killing the process may be necessary to restore the system’s performance and stability.

  • Security: Malware and other malicious software may run in the background without the user’s knowledge, consuming system resources and compromising the system’s security. As a system administrator, you may need to kill these processes to prevent further damage.

  • Maintenance: During system maintenance or upgrades, some processes may need to be stopped to ensure a smooth transition. Killing processes remotely using PowerShell can be an efficient way to manage this process.

In this blog post, we will walk you through how to kill process on remote computer using PowerShell.

Solution

To connect to remote computer, we can create interactive session using Enter-PSSession cmdlet.

In this context, we have two computers named vm1 and vm2 respectively. The client will be vm1 and we want to kill MS Edge processess in vm2.

Since the computers are not in the same domain and we don’t use domain administrator account that typically has privilege to access other computers in the domain, we need to complete some prerequisites. Otherwise, we can jump to how to use Enter-PSSession section.

  1. Enable Windows Remote Management (WinRM) service for both computers

Set-Service -Name WinRM -Status Running -StartupType Automatic
  1. Add servers we want to connect to TrustedHosts list on client computer

Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value 'vm2'
  1. Enable firewall rule for WinRM to allow other IPs to connect

Set-NetFirewallRule -Name 'WINRM-HTTP-In-TCP' -RemoteAddress Any
Enable-NetFirewallRule -Name 'WINRM-HTTP-In-TCP'

Or you can also do it manually:

1. Open Windows Defender Firewall with Advanced Security
2. Click Inbound Rules
3. Double-click Windows Remote Management (HTTP-In) for the Public profile
4. Click the Scope tab
5. Under Remote IP address, set it to `Any IP Address`
6. Enable Rule
Set-NetFirewallRule -Name 'WINRM-HTTP-In-TCP' -RemoteAddress Any Enable firewall rule for Windows Remote Management (HTTP-In)

Connect to remote computer using Enter-PSSession cmdlet

To create session to remote computer, we can use Enter-PSSession and specify the computer name we want to connect as well as the credential (username and password).

To close the session, we can use Exit-PSSession cmdlet.


Enter-PSSession vm2 -Credential (Get-Credential)

Stop-Process -Name 'msedge'

Exit-PSSession
connect to remote computer using enter-pssession stop process on remote computer

Conclusion

To kill process on remote computer, we can create session to remote computer using Enter-PSSession. Then, we can use Stop-Process cmdlet to kill the process. Lastly, to close the session we can use Exit-PSSession cmdlet.

← How to Open Visual Studio Code Using PowerShell
How to Add Computers to TrustedHosts List Using PowerShell →