Stop remote process with Get-WmiOjbect

Hi all.

I’ve only been technically working in IT as a sysadmin for less than 1 year. young with very VERY little knowledge about scripting and everything for that matter. I am trying to kill processes on a number of servers that display an error from time to time saying that an instance of the program is already running. I am trying to stop the process remotely using the Get-WmiObject cmdlet and a text file with a list of IP addresses? is this the correct method?


Well, it’s “correct” if it works, and you should be able to do that, yes.

Get-WmiObject -computername (Get-Content names.txt) -class Win32_Process -filter "Name='my process'" | 
Invoke-WmiMethod Stop

Something along those lines. There are certainly other ways, but there’s nothing wrong with this way. Note that on newer servers (Win2102R2+), WMI is blocked by default.

Can you, please, share your code?

You can use no powershell command “tasklist”. To get help for this command, use “tasklist /?”.

If you want to use Powershell I would prefer to use “Invoke-Command” cmdlet.

You have a number of choices here that centre around the connectivity to the remote servers that you have available:

  • The WMI cmdlets, as suggested above, can be used IF you have DCOM available on the remote machine. As Don said this is blocked by default by the Windows firewall on newer versions of Windows
  • You can use Invoke-Command - if you have remoting enabled on the remote machine. This is ON be default in later versions of Windows server but OFF by default on earlier versions. If you use Invoke-Command then use Get-Process | Stop-Process
  • Last choice is to use CIM cmdlets - if you have winrm running on rermote server and remote server is running PowerShell 3.0 or later

The Get-Process | stop-process could work against the remote machine but uses RPC which usually isn’t enabled by default

Hi All.

I have created two Windows Server 2012 R2 machines for testing, both with local firewall disabled. I have left out the (Get-Content names.txt) cmdlet just to verify that I can stop the process on the machine first. PowerShell is asking me to supply values for the -Name parameter?
Maybe I need to add the (Get-Content names.txt) cmdlet with text file before piping Get-WmiObject to Invoke-WmiMethod stop?

{PS C:\Users\Administrator> Get-WmiObject -ComputerName WIN-FG4D082N2IN -Class win32_process -Filter "notepad='notepad.exe'" | Invoke-WmiMethod stop
cmdlet Invoke-WmiMethod at command pipeline position 2
Supply values for the following parameters:
Name: notepad
Get-WmiObject : Invalid query "select * from win32_process where notepad='notepad.exe'"
At line:1 char:1
+ Get-WmiObject -ComputerName WIN-FG4D082N2IN -Class win32_process -Filter "notepa ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-WmiObject], ManagementException
    + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand}

What you meant? Not…


Yes! sorry

{PS C:\Users\Administrator> Get-WmiObject -ComputerName WIN-FG4D082N2IN -Class win32_process -Filter "name='notepad.exe'" | Invoke-WmiMethod stop
cmdlet Invoke-WmiMethod at command pipeline position 2
Supply values for the following parameters:
Name: notepad.exe
Invoke-WmiMethod : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its 
properties do not match any of the parameters that take pipeline input.
At line:1 char:97
+ ... otepad.exe'" | Invoke-WmiMethod stop
+                    ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (\\WIN-FG4D082N2...s.Handle="3748":PSObject) [Invoke-WmiMethod], ParameterBindingException
    + FullyQualifiedErrorId : InputObjectNotBound,Microsoft.PowerShell.Commands.InvokeWmiMethod}

You may need to try

Invoke-WmiMethod -Name Stop

The problem right now is that it’s not sure what input you’re providing. It’s probably trying to bind “notepad.exe” to -Name, using ByPropertyName. Specifying “-Name Stop” should fix that. You could also:

Get-WmiObject -ComputerName WIN-FG4D082N2IN -Class win32_process -Filter "name='notepad.exe'" | ForEach { $_.Kill() }

Same basic thing.

{PS C:\Users\Administrator> Get-WmiObject -ComputerName WIN-FG4D082N2IN -Class win32_process -Filter "name='notepad.exe'" | Invoke-WmiMethod -Name Stop
Invoke-WmiMethod : This method is not implemented in any class 
At line:1 char:97
+ ... otepad.exe'" | Invoke-WmiMethod -Name Stop
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Invoke-WmiMethod], ManagementException
    + FullyQualifiedErrorId : InvokeWMIManagementException,Microsoft.PowerShell.Commands.InvokeWmiMethod}

Second suggestion with foreach loop and variable kill. i also tried PSKill too. same response.

{PS C:\Users\Administrator> Get-WmiObject -ComputerName WIN-FG4D082N2IN -Class win32_process -Filter "name='notepad.exe'" | ForEach { $_.Kill() }
Method invocation failed because [System.Management.ManagementObject] does not contain a method named 'Kill'.
At line:1 char:107
+ ... '" | ForEach { $_.Kill() }
+                    ~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Kill:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound}

Change kill() to terminate()

That should do it.

Don I think you must have been referring to the kill alias for stop-process, no?

Yes! worked like a charm, thanks everyone :slight_smile:

{PS C:\Windows\System32> Get-WmiObject -ComputerName WIN-FG4D082N2IN  -Class win32_process -Filter "name='notepad.exe'" | foreach { $_.terminate() }

__GENUS          : 2
__CLASS          : __PARAMETERS
__RELPATH        : 
__DERIVATION     : {}
__SERVER         : 
__NAMESPACE      : 
__PATH           : 
ReturnValue      : 0
PSComputerName   : 

Is the ReturnValue denoting the process value?

Richard just out of interest how would i format the syntax for Invoke-Command and Get-Process piped to Stop-Process exactly? Just purchased your Active Directory Management book btw, it’s excellent! good old paper back

Just read that article. Return code value 0 is a Successful Completion.

$PC = Read-Host "Pc / Ip "
(Get-WmiObject -ComputerName $PC -Query “select * from win32_process where name like ‘internet%’”).terminate()