Powershell Process Management RRS feed

  • Question

  • Sometimes at work, users end up on a phishing website, which prompts them to enter their Windows credentials. They call support to ask us for help getting them off of that site. Most of the time, this happens on Internet Explorer.

    I want to be able to stop or kill the Internet Explorer process "iexplore.exe" remotely.

    I have come across the taskkill command, which looks like it can do the job. Such as:

    taskkill /s computername /fi "IMAGENAME eq iexplore.exe"

    Was the taskkill command around before Powershell...? It appears so, given it's name doesn't match most of the Powershell cmdlet naming format.

    Does Powershell have a better or more preferred way of ending a process remotely?

    I have looked at Get-Process and Stop-Process, but they don't appear to accept a computer name as a parameter... Furthermore, in the environment at work, Invoke-Command and EnterPSSession do not appear to be viable options for Powershell remoting, unless I can easily enable them myself or convince my manager to have them enabled (a request which could be denied for security reasons).

    • Edited by mhartkem Friday, February 9, 2018 4:31 AM formatting
    • Moved by Bill_Stewart Monday, March 12, 2018 9:38 PM User should not be doing this
    Friday, February 9, 2018 4:25 AM

All replies