Add to Reddit
Syntax
First, you will need to understand how taskkill commands are built. Below is taskkill's syntax, as stated in Microsoft's own documentation. Take a look.
taskkill [/s Computer] [/u Domain\User [/p Password]] [/fi FilterName] [/pid ProcessID]|[/im ImageName] [/f][/t]
As you can see, taskkill supports a variety of parameters. You can think of them as options. They allow you to use taskkill to perform the tasks that you want.
At the very minimum, you need to include at least one parameter for taskkill to actually do something. But you can tack on up to 7 different parameters at the same time to perform very specific tasks.
Let's take a look at the different parameters that taskkill supports.
Parameters
Taskkill supports 9 different parameters, but you can only create commands using anywhere from one to seven parameters at the same time. Here are the supported parameters and an explanation of what they do :
/s Computer : Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer.
/u Domain\User : Runs the command with the account permissions of the user specified by User or Domain\User. The default is the permissions of the current logged on user on the computer issuing the command.
/p Password : Specifies the password of the user account that is specified in the /u parameter.
/fi FilterName : Specifies the types of process(es) to include in or exclude from termination. The following are valid filter names, operators, and values.
Name |
Operators |
Value |
Hostname |
eq, ne |
Any valid string. |
Status |
eq, ne |
RUNNING|NOT RESPONDING |
Imagename |
eq, ne |
Any valid string. |
PID |
eg, ne, gt, lt, ge, le |
Any valid positive integer. |
Session |
eg, ne, gt, lt, ge, le |
Any valid session number. |
CPUTime |
eq, ne, gt, lt, ge, le |
Valid time in the format of hh:mm:ss. The mm and ss parameters should be between 0 and 59 and hh can be any valid unsigned numeric value. |
Memusage |
eg, ne, gt, lt, ge, le |
Any valid integer. |
Username |
eq, ne |
Any valid user name ([Domain\]User). |
Services |
eq, ne |
Any valid string. |
Windowtitle |
eq, ne |
Any valid string. |
/pid ProcessID : Specifies the process ID of the process to be terminated.
/im ImageName : Specifies the image name of the process to be terminated. Use the wildcard (*) to specify all image names.
/f : Specifies that process(es) be forcefully terminated. This parameter is ignored for remote processes; all remote processes are forcefully terminated.
/t : Specifies to terminate all child processes along with the parent process, commonly known as a tree kill.
/? : Displays help at the command prompt.
Now, take a look again at the taskkill command examples Microsoft created :
taskkill /pid 1230 /pid 1241 /pid 1253
taskkill /f /fi "USERNAME eq NT AUTHORITY\SYSTEM" /im notepad.exe
taskkill /s srvmain /f /im notepad.exe
taskkill /s srvmain /u maindom\hiropln /p p@ssW23 /fi "IMAGENAME eq note*" /im *
taskkill /s srvmain /u maindom\hiropln /fi "USERNAME ne NT*" /im *
taskkill /f /fi "PID ge 1000" /im *
Try deciphering the sample taskkill commands above using the list of parameters. Do you now see what they do?
Taskkill is truly a powerful tool once you learn how to use it. It's unfortunate that most people aren't even aware it exists!
Some Important Notes
Here are some things that you should be aware of when creating taskkill commands.
- The wildcard character (*) is accepted only when specified along with the filters.
- Termination for remote processes will always be done forcefully regardless of whether the /f parameter is specified.
- Supplying a computer name to the HOSTNAME filter will cause a shutdown and all processes will be stopped.
Disclaimer
This guide was based on Microsoft's
Windows XP Professional Product Documentation. Any similarity between articles is intended. Credit
goes to Microsoft. 
Questions & Comments
Please feel free to post your questions or comments here!
| Date | Revision | Revision History |
| 01-03-2006 | 1.0 | Initial release. |
