NIM Posted July 9, 2007 Share Posted July 9, 2007 Introduction to Stopping Processes with WMIIf ever you wish to stop or terminate a Windows process, then this is the page for you. Before you begin killing processes, you may wish to list processes running on a the Windows Server 2003 or XP computer. Task Manager is a great utility to match the names of the programs with their processes, you would not want to inadvertently kill the wrong process!Scenario - Why you would want to Terminate a Process?Perhaps you wish to restart a process, if so, then obviously you need to stop the process before you can start it again. Before the WMI script, can stop the program you need to know the precise name of the corresponding program. One way to investigate the names would be to Launch Task Manager, select the Application tab, right click the Task and then choose, Go to Process. Examples of processes that you could terminate include, spoolsv.exe, outlook.exe.Another reason why you may wish to investigate, then kill processes is if a virus manages to launch itself as a process. Once you spot the impostor, then the next step is to create a WMI script, which terminates that virus \ process.Example 1 - WMI Script to Terminate a Process on the Local MachineThe purpose of this script is to terminate a process on the local Windows machine. Think of this script as a preliminary script leading the main event in Example 2.Prerequisites for your WMI ScriptRun this script on Windows Server 2003 or XP. Naturally, if the named process does not exist, there is nothing for the script to terminate. Therefore, you need to start the process referenced on line 9, in my example this process (program) is calc.exe. Consider running my StartProcessScript first.Note the .terminate method does not work with NT 4.0 or Windows 9x machines.Instructions for Terminating a ProcessCopy and paste the example script below into notepad or a VBScript editor. Save the file with a .vbs extension, for example: ProcessKill.vbs Double click ProcessKill.vbs and check Task Manger, Application Tab. You may actually wish to start both Calc.exe and Task manager before your run the script. Option ExplicitDim objWMIService, objProcess, colProcessDim strComputer, strProcessKill strComputer = "."strProcessKill = "'calc.exe'" Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" _ & strComputer & "\root\cimv2") Set colProcess = objWMIService.ExecQuery _("Select * from Win32_Process Where Name = " & strProcessKill )For Each objProcess in colProcessobjProcess.Terminate()Next WSCript.Echo "Just killed process " & strProcessKill _& " on " & strComputerWScript.QuitWMI Tutorial - Learning PointsFrom a WMI perspective1) This script builds on the basic WMI command in Example 1. The heart of the script is the Win32_Process. Once we have selected the strProcessKill, then we call for the .Terminate method to close the program without issuing any warning to the user.From a VBScript perspective2) Study the VBScript syntax used just before the variable strProcessKill: ("Select * from Win32_Process Where Name = " & strProcessKill). For example, see where the speech marks end in relation to the bracket.3) Although the script only terminates one process, it still has to loop through all the running processes to select the process = strProcessKill. For Each... In... Next handles this scripting structure.Example 2 - WMI Script to Terminate a Process on a Distant MachineThis script builds on Example 1 and adds the ability to terminate a process on a remote machine.Prerequisites for your WMI ScriptNaturally, if the named process does not exist, there is nothing for the script to terminate. Therefore, you need to start the process referenced on line 9, in my example this process (program) is calc.exe.Note the .terminate method does not work with NT 4.0 or Windows 9x machines.Instructions for Terminating a ProcessCopy and paste the example script below into notepad or a VBScript editor. Save the file with a .vbs extension, for example: ProcessKill.vbs Double click ProcessKill.vbs and check processes in Task Manger, there should be no calc.exe.Option ExplicitDim objWMIService, objProcess, colProcessDim strComputer, strProcessKill, strInput strProcessKill = "'calc.exe'" ' Input Box to get name of machine to run the processDo strComputer = (InputBox(" ComputerName to Run Script",_ "Computer Name")) If strComputer <> "" Then strInput = TrueIf IsEmpty (sourcePC) Then WScript.Quit End ifLoop until strInput = TrueSet objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" _ & strComputer & "\root\cimv2") Set colProcess = objWMIService.ExecQuery _("Select * from Win32_Process Where Name = " & strProcessKill )For Each objProcess in colProcess objProcess.Terminate()Next WSCript.Echo "Just killed process " & strProcessKill _& " on " & strComputerWScript.QuitWMI Tutorial - Learning PointsFrom a WMI perspective1) This script builds on the basic WMI command in Example 1. The heart of the script is the Win32_Process. Once we have selected the strProcessKill, then we call for the .Terminate method to close the program without issuing any warning to the user.From a VBScript perspective2) Study the VBScript syntax used just before the variable strProcessKill: ("Select * from Win32_Process Where Name = " & strProcessKill). For example, see where the speech marks end in relation to the bracket.3) Although the script only terminates one process, it still has to loop through all the running processes to select the process = strProcessKill. For Each... In... Next handles this scripting structure. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.