PsTools Part 3: PsList and PsKill

If you are familiar with the Linux command-line world, PsList and PsKill will have some similarities in function to ps and kill but not syntax. Personally I think PsList and PsKill are far more intuitive, and they are extremely helpful when managing Windows Server Core installations.

PsList will list all processes on either local or remote hosts. In Linux you could ps -ax | grep [name] to find a process with a specific name, and with PsList you can simply pslist \\remotehost processname. Using the very helpful -t flag, you will list the processes and their descendants. Using the -d, -m, and -x are helpful when troubleshooting the performance of a specific process such as the notorious sqlservr.
Perhaps the most important capability of PsList is it's "task manager" mode which gives you live streaming metrics when you use the -s flag.


PsKill kills a targeted process. It's very important that you specify the correct process on the correct host before executing a PsKill. That's why I strongly recommend you use process IDs (PIDs) when targeting a process to kill. Similarly with PsList, the -t will kill the targeted process and its descendants.



Note: As always you need to have administrative credentials and port 135 (WMI) open for remote hosts. In any PsTools application, you can specify a username (-u) and a password (-p). If the remote host is not on a common domain, you should specify the domain within the username (domain\username or username@domain). When using local credentials to the remote host, you will specify the remote host as the domain (remotehost\username or username@remotehost). With both PsList and PsKill you cannot specify multiple hosts in the same command.