Tasklist and taskkill

Tasklist
　
Function: A command is used to display all processes running on a local computer or a remote computer. It can monitor user operations.
　
Command Format:
　
Tasklist [/S system [/u username [/P [Password] [/M [module] |/svc |/V] [/FI filter] [/FO format] [/NH]
　
Parameter description
　
/S system specifies the remote system to connect.
　
/U [domain/] User specifies which user to use to execute this command.
　
/P [Password] specifies the password for the specified user.
　
/M [module] lists all processes that call the specified DLL module. If no module name is specified, all modules loaded by each process are displayed.
　
/Svc displays the services in each process.
　
/V displays details.
　
Operation instance:
　
Enter "tasklist/s 192.168.1.8/u administrator/P test" (excluding quotation marks) at the command prompt to view the process of the remote system whose IP address is 192.168.1.8. "192.168.1.8" after the/S parameter indicates the IP address of the remote system to be viewed, and "Administrator" after/u indicates the user account used by the tasklist command, it must be a valid account on the remote system, and the "test" after/P indicates the password of the administrator account. (Figure 6)
　
　　

 

　
Tip: when you use the tasklist command to view the processes in the remote system, the remote machine RPC service is required. Otherwise, the command cannot be used normally.
　
Supplement: the "tasklist" command corresponds to the "taskkill" command, which is used to shut down the process. In addition to disabling local processes, you can also disable remote computer processes to help administrators Control LAN users to run certain programs.
　
For example, to shut down the qq.exe process with the IP address 192.168.1.8133, you can use either of the following methods:
　
Method 1:
　
First use tasklist to find its PID. We can see from Figure 6 that the PID value of the QQ. EXE process is 892, and then run:
　
Taskkill/f/PID 1132 "command. The "/PID" parameter is followed by the PID value of the process to be terminated, and/F is forced to end.
　
　　

　
Method 2:
　
Run the "taskkill/f/IM qq.exe" command directly. The "/im" parameter is followed by the process image name.
　
Summary: in fact, there are some very practical commands in the system. The flexible use of these tools by network administrators can free themselves to the greatest extent possible. At the same time, it saves the trouble of downloading and installing specialized tools and is more common.