Windows Process Management

812502Today’s technologies are making it easy for users to remotely connect to a workload and accomplish their tasks from their living room couch. As a System Administrator, you are responsible for the availability and performance of the workload, and will likely

welcome anyways available to make it easier to manage your connections.

To ensure that you deliver the services your customers expect, sometimes you have to know which processes are running, and who is connected to a specific workload; sometimes you have to terminate some processes and connections to free up CPU load and memory for other valuable tasks.

In this blog post today, I would like to refresh your memory about a built-in Windows command-line tool that can help you accomplish this task.

Start

To start the management of your Windows remote process, you must run the command line tool CMD.exe. At the command window, type this command:

NetStat

If you run that command without parameters, you will be greeted with a long list of the running processes. From this list, you can learn:

  • Protocol Used
  • Local address and port listing
  • Remote Connection IP and Port
  • and the State of the connection

For Example:

Screen Shot 2020-01-27 at 8.58.18 am

From that screenshot, we learn that the local server has a connection to a 3389 RDP port from the IP address 192.168.154.224.

But sometimes you want to search this list to make it easier to find a specific connection. To do that, you can use the following command to specify the port you want to find:

netstat -ano | findstr :yourPortNumber

For Example:

Let’s search for all the Remote RDP connections and present the PID number of each. To achieve this, we run the following command:

netstat -ano | findstr 3389

That command presents us with all the Remote RDP connections with the PID number, as shown in this screenshot:

Screen Shot 2020-01-27 at 9.21.55 am

Terminate

Now we have all the information we need to terminate the correct remote process. To terminate the remote process, we use the following PID Kill command:

taskkill /PID typeyourPIDhere /F

The Remote RDP connection we want to kill has a PID number of 5396. To terminate this specific process, we must refer directly to the PID, using the following command:

taskkill /PID 5396 /F

Conclusion

Sometimes you don’t have the luxury of a GUI interface.  An example is when you are managing Core infrastructure with Windows core servers; with these, a GUI does not fit well with best practice for some security and performance configurations.

The commands we have just used are part of the Windows Operating System. With a little practice, you can master these commands to help you with your server management.

 

Leave a Reply