Terminating Processes

Microsoft® Windows® 2000 Scripting Guide

microsoft windows 2000 scripting guide

« Previous | Next »   

Computer problems are often due to a process that is no longer working as expected. For example, the process might be leaking memory, or it might have stopped responding to user input. When problems such as these occur, the process must be terminated. Although this might seem like a simple enough task, terminating a process can be complicated by several factors:

  • The process might be hung and therefore no longer responds to menu or keyboard commands for closing the application. This makes it all but impossible for the typical user to dismiss the application and terminate the process.
  • The process might be orphaned. For example, a script might create an instance of Word and then exit without destroying that instance. In effect, Word remains running on the computer, even though no user interface is visible. Because there is no user interface, there are no menu or keyboard commands available to terminate the process.
  • You might not know which process needs to be terminated. For example, you might want to terminate all programs that are exceeding a specified amount of memory.
  • Because Task Manager allows you to terminate only those processes that you created, you might not be able to terminate a process, even if you are an administrator on the computer.

Scripts enable you to overcome all of these potential obstacles, providing you with considerable administrative control over your computers. For example, if you suspect users are playing games that have been prohibited in your organization, you can easily write a script to connect to each computer, identify whether the game is running, and immediately terminate the process.

Scripting Steps

You can terminate a process by:

  • Terminating a process that is currently running. For example, you might need to terminate a diagnostic program running on a remote computer. If there is no way to control the application remotely, you can simply terminate the process for that application.
  • Preventing a process from running in the first place. By continuously monitoring process creation on a computer, you can identify and instantly terminate any process as soon as it starts. This provides one method of ensuring that certain applications (such as programs that download large media files over the Internet) are never run on certain computers.

Note

  • Group Policy can also be used to restrict the programs that run on a computer. However, Group Policy can restrict only the programs run using either the Start menu or Windows Explorer; it has no effect on programs started using other means, such as the command line. By contrast, WMI can prevent a process from running regardless of how the process was started.

Terminating a process that is currently running

Listing 14.13 contains a script that terminates the process in which the application Diagnose.exe is currently running. To carry out this task, the script must perform the following steps:

  1. Create a variable to specify the computer name.
  2. Use a GetObject call to connect to the WMI namespace root\cimv2 on the computer, and set the impersonation level to "impersonate."
  3. Use the ExecQuery method to query the Win32_Process class.

    To restrict data retrieval to instances of Diagnose.exe, a WHERE clause is included that filters out all processes except those named Diagnose.exe.

  4. For each process in the collection, use the Terminate method to end the process.

Listing 14.13   Terminating a Process

1 2 3 4 5 6 7 8 
strComputer = "." Set objWMIService = GetObject("winmgmts:" _     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colProcessList = objWMIService.ExecQuery _     ("SELECT * FROM Win32_Process WHERE Name = 'Diagnose.exe'") For Each objProcess in colProcessList     objProcess.Terminate() Next

Terminating a process as soon as it starts

Listing 14.14 contains a script that uses a temporary event consumer to terminate a process as soon as it starts. To carry out this task, the script must perform the following steps:

  1. Create a variable to specify the computer name.
  2. Use a GetObject call to connect to the WMI namespace root\cimv2 on the computer, and set the impersonation level to "impersonate."
  3. Use the ExecNotificationQuery method to register for notification each time there is an instance creation (each time an instance is created within the namespace).

    To restrict data retrieval to the process named Download.exe, include a WHERE clause to filter out all instance creations that do not involve Download.exe.

  4. Create a loop that allows the script to run indefinitely.

    To stop monitoring, you need to either log off the computer or terminate the process in which the script runs.

  5. Use the NextEvent method to retrieve the properties of each event when it occurs.
  6. If Download.exe is created, use the Terminate method to terminate the new instance.

Listing 14.14   Preventing a Process from Running

1 2 3 4 5 6 7 8 9 10 11 12 13 
strComputer = "." Set objWMIService = GetObject("winmgmts:" _     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colMonitoredProcesses = objWMIService. _           ExecNotificationQuery("SELECT * FROM __InstanceCreationEvent " _         & " WITHIN 1 WHERE TargetInstance IS 'Win32_Process'") i = 0 Do While i = 0     Set objLatestProcess = colMonitoredProcesses.NextEvent     If objLatestProcess.TargetInstance.Name = "Download.exe" Then         objLatestProcess.TargetInstance.Terminate()     End If Loop


send us your feedback Send us your feedback « Previous | Next »   


Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 635

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net