Search Tools Links Login

Stop-ProcessRemote


In an interesting design choice, Get-Process lets you work with processes on remote machines, but Stop-Process does not. This cmdlet uses WMI to stop a process on a remote machine.

The cmdlet uses your current credentials, I would like to expand it to run under alternate credentials if necessary.

Function Stop-ProcessRemote()
{
<#
.SYNOPSIS
 Stops a process on a remote computer
.DESCRIPTION
 Uses WMI to connect to a remote computer and terminate a process.
 Assumes the user has administrative priviledges on the remote
 computer.
.NOTES
 Author      : Brian Wahoff
 Requires    : Powershell V2
.PARAMETER ComputerName
 The remote computer to which you want to connect
.PARAMETER Id
 The PID of the process to stop (See Get-Process)
.PARAMETER ProcessName
 The name of the process to stop. Will stop all processes with the same name
#>
 param(
  [Parameter(Position=0, Mandatory=$TRUE)]
  [string]$ComputerName,
  
  [Parameter(ParameterSetName="p1",Position=1,ValueFromPipeline=$TRUE)]
  [int]$Id,
  
  [Parameter(ParameterSetName="p2",Position=1, ValueFromPipeline=$TRUE)]
  [string]$ProcessName)
 if ($Id) {
  $query = "select * from Win32_Process Where ProcessID = {0}" -f $Id
 } else {
  if ($ProcessName) {
   $query = "select * from Win32_Process Where Name = '{0}'" -f $ProcessName
  } else {
   throw 'Either $Id or $ProcessName is required'
  }
 }
 $process = Get-WMIObject -computer $ComputerName -query $query
 if ($process) {
  if ($process.count -gt 1) {
   foreach ($p in $process) {
    Stop-WMIProcess($p)
   }
  } else {
   Stop-WMIProcess($process)
  }
 } else {
  if ($ProcessName)
  {
   "Process '{0}' was not running on \\{1}" -f $ProcessName, $ComputerName
  } else {
   "Process '{0}' was not running on \\{1}" -f $Id, $ComputerName
  }
 }
}
Function Stop-WMIProcess($WmiProcess) {
<#
.SYNOPSIS
 Stop a WmiProcess
.DESCRIPTION
 Wrapper function around WmiProcess.Terminate. Displays message
 based on all documented return values. Not intended to be called
 directly.
.NOTES
 Author  : Brian Wahoff
 Requires : Powershell V2
.PARAMETER WmiProcess
 The WMI Process object to terminate
#>
 $ret = $WmiProcess.Terminate()
 switch ($ret.ReturnValue)
 {
  0 {
   "Process {0}:{1} terminated" -f $WmiProcess.Name, $WmiProcess.ProcessID
  }
  2 {
   "Access was denied terminating {0}" -f $WmiProcess.Name
  }
  3 {
   "Insufficient Privilege terminating {0}" -f $WmiProcess.Name
  }
  8 {
   "Unknown failure terminating {0}" -f $WmiProcess.Name
  }
  9
  {
   "Path Not Found"
  }
  21
  {
   "WMI Parameter Invalid"
  }
 }
}

About this post

Posted: 2017-12-10
By: bwahoff
Viewed: 560 times

Categories

Scripting

Powershell

Windows

PowerShell Code Cache

Attachments

No attachments for this post


Loading Comments ...

Comments

No comments have been added for this post.

You must be logged in to make a comment.

ADODB.Connection error '800a0e79'

Operation is not allowed when the object is open.

/assets/inc/inc_footer.asp, line 37