How to view and kill tasks or process running in a remote server

Windows has several built in command line utilities for performing various tasks, and two tools are useful for remotely viewing and killing tasks from command prompt.They are “Tasklist” and “Taskkill”. 

If you open an admin command prompt (Press Start, type cmd, press Ctrl+Shift+Enter) and type tasklist, it will give you a list of running processes on your computer. We can use same command with some modifications to view the task manager of remote computer in our network from our machine.

To view Task manager of remote computer use below format in cmd prompt [with admin privilege] from our machine

Tasklist /S remote system (name or IP address) /U username /P password

Example: Tasklist /S  192.168.1.1 /U sysnet /P P@ss@0rd

To kill process of remote computer use below format

Taskkill /S remote system /U username /P password /IM ProcessName

Example: Taskkill /S 192.168.1.1 /U sysnet /P P@ss@0rd /IM malware.exe

NOTE: You have to use IP address or Hostname of your server and your AD username and password instead of  192.168.1.100 , sysnet and P@ss@0rd respectively 

Note: To kill the process you want,Add the process name (including .exe) or the PID number along with the “/IM” argument as above example. If it works a SUCCESS message will show. If the process doesn’t get killed, try to add /F to the end of the line to force the process to be terminated.

Note: Some processes cannot be terminated such as those which are system critical or security software etc.

Read More...

Find last logged in USER in a remote computer from your network via Cmd Prompt

Imagine a scenario that you are monitoring network of offices situated at different global locations and you received a virus alert email saying that one of the computer in remote location is infected with Virus

If you can find the current user who is logged into the machine you can advise them to log off from their account and turn the machine OFF until the local network security team can investigate about the infection 

There are different tools like Lansweeper which can tell you the last logged in user in a remote computer.If you don't want to use such tools or if you are not allowed to install 3rd party tools  you can find the last logged in user in a remote computer in your network simply by running a batch file

Steps for creating the batch file

1.Open a Notepad

2.Type below text to a notepad

@echo off

echo This batch file is for finding the last user logged into a computer in your network.Please enter the IP address or Hostname of the computer below to find the last logged in USER for that particular computer

echo.

:Loop

set /p IP-or-HostName=Enter IP-or-HostName :

wmic.exe /node:%IP-or-HostName% ComputerSystem Get UserName

goto Loop

or download  batch file by clicking here  [You may get a warning from your Antivirus or chrome saying that file is Malicious ,You can ignore that because for all .cmd which was downloaded from internet you will get such warning!]

3.Save the notepad as FindUser.cmd and save it in your desktop

In future if you come across a situation to find the last logged in user in a remote computer.Just open the  FindUser.cmd batch file and provide the host name or IP address of the computer and it will show you the last user logged into that computer

Let me know if you face any trouble in creating this batch file

Read More...

Tracert from Cmd prompt and save result in a notepad [Batch file]

Steps for Tracert an IP and save result in a notepad

- Open Notepad

-Type

TRACERT 8.8.4.4 >Tracert.txt 

-Save it as Sysnet.cmd in your desktop .

Instead of "8.8.4.4" you can use any IP address you want.
Instead of "Sysnet.cmd" you can use any Name.cmd you want.

Tracert to given IP will be initiated  when you click on the Sysnet icon on your desktop.Result of tracert will be saved to the notepad named Tracert.txt in the desktop which will be automatically created when you click on Sysnet icon.

Result in notepad

Read More...

How to ping multiple ip addresses from cmd prompt

If you are working as a  Network/System administrator you might come across situations to monitor network connectivity of multiple machines in your network at same time.Companies having large network may use Network Monitoring tools like PRTG Monitor .

As we all know, ping is one of the most useful network debugging tools used for verifying IP-level connectivity.Normally when we want to ping multiple IP addresses, we open command prompts and start pinging to each IP.

If the ping command gets a response, then the connection is good, and you can concentrate on other problems.If you are getting RTO's [Request time out] there is some connectivity problem in the network

If we have to monitor connectivity of multiple IP addresses we need to open each cmd prompt and need to ping all IPs.There are lot of free software which allow you to ping multiple IPs at same time.But many of the companies will not allow admins to install and use third party softwares to do that.In such cases we can use batch files to ping multiple IPs at same time.You can PING as many IPs with a single click.

How to make a Batch file to ping multiple IP addresses

- Open a notepad 
- Type

START "Google Primary DNS" ping 8.8.8.8 -t
START "Google Secondary DNS" ping 8.8.4.4 -t  

-Save it as Sysnet.cmd in your desktop .You can use as many IP address you want.All IP addresses are opened in seperate windows when you click on the Sysnet icon on your desktop

Instead of  "Google Primary DNS" you can use any Title you want.
Instead of "8.8.8.8" and "8.8.4.4" you can use any IP address you want.
Instead of "Sysnet.cmd" you can use any Name.cmd you want.

If you are interested in free software to ping multiple IPs at same time,You can try PingInfoView which is a small, very useful and free utility that allows you to easily ping multiple host names and IP addresses, and watch the result in one table.

Related articles

• Basics : Common Networking terms
• Troubleshooting IP using ICMP (ping and traceroute)
• List of commands which can execute from cmd promt

Read More...

List of commands which can execute from cmd promt

Below are the list of commands which can be run from cmd prompt.This commands will help to get informations about your network.Some of this commands can be directly executed from Run window

Click the Start button . In the Search box, type Cmd, and then, in the list of results, click on Cmd. 

OR Press  (windows Key) + R which will open Run window and there you can type cmd and press OK.

1) Display Connection Configuration: ipconfig /all

2) Display DNS Cache Info: ipconfig /displaydns

3) Clear DNS Cache: ipconfig /flushdns

4) Release All IP Address Connections: ipconfig /release

5) Renew All IP Address Connections: ipconfig /renew

6) Re-Register the DNS connections: ipconfig /registerdns

7) Trace IP address Route: tracert <IP address>

8) Network Connections: control netconnections / control ncpa.cpl

9) Display Name of Computer Currently on: hostname

10) Test Connectivity: ping <IP address>

11) Trace IP address Route: tracert <IP address>

12) Displays the TCP/IP protocol sessions: netstat

13) Display Local Route: route

14) Display Resolved MAC Addresses: arp

15) To view "Add or Remove Programscontrol": appwiz.cpl

16) To view Admin tools: control admintools

17) Date and time:  control timedate.cpl

18) Device Manager : control hdwwiz.cpl

19) Devices and Printers : Control printers

20) Display : control desk.cpl

21) Folder Options : control folders

22) Fonts : Control fonts

23) Internet Options: control inetcpl.cpl

24) Network Setup Wizard : control netsetup.cpl

25) User Accounts: control userpasswords

26) Troubleshooting: control /name Microsoft.Troubleshooting

27) Windows Firewall: firewall.cpl

Read More...