How to control processes and services in Windows with Taskkill and Sc

Managing processes and services in Windows from the console has become an essential skill for any advanced user, system administrator, or IT professional looking to optimize computer performance and resolve issues effectively. Mastering command-line tools like 'taskkill', 'tasklist', and 'sc' makes it easier to gain complete control over what's happening in the background and offers more powerful alternatives to graphical interfaces.

In this article, you will find A comprehensive and enjoyable guide to identifying, monitoring, terminating rogue processes, manipulating services, and automating tasks both locally and remotely. We'll use practical examples, clarifying each difference and taking advantage of all the features of the commands most commonly used by professionals.

Difference between processes and services in Windows

Before we jump into action, It is essential to differentiate between processes and services, concepts that are often confused. Both are programs that execute instructions, but they have key differences in operation and control.

• Processing:
  • They can run both in the foreground (with a graphical interface) and in the background (without the user noticing).
  • A process can start or stop services, in addition to managing other processes.
  • Processes are terminated ("killed") and after doing so, they disappear until they are executed again.
  • They have their own life cycle, from the moment they start until their closure or forced termination..
• Service:
  • They run primarily in the background, and they usually start with the operating system.
  • They can launch their own or third-party processes.
  • Services can be started, stopped, paused, resumed, and restarted; but not directly "killed" as a process.To remove a service, it must first be stopped.
  • It remains running continuously until the user or the system stops it, or corruption occurs..

In practice, the main difference is that processes are instances of running programs, while services are designed to provide persistent tasks or functions to the system or users..

Graphical visualization of processes and services

An easy way to monitor processes and services is to use native Windows utilities such as Task Manager (Taskmgr.exe). From here, you can view active processes, resource usage, and the relationship between main processes and threads. For example, browsers like Chrome or Firefox load multiple processes when you open multiple tabs, which is reflected in grouped threads.

• Quick access to Task Manager: right click on the taskbar or press CTRL+SHIFT+ESC.
• Programs like Slack They appear as a single process, but can generate subprocesses depending on their internal operation.

From the Services tab of the Task Manager or by running services.msc, you can access most of the information and configuration of the services. Here you can start, stop, know the startup type and see the user who runs them.

Essential commands for managing processes

While the graphical interface is useful, The command line allows you to manage the system with much more flexibility, especially in remote environments or to automate scripts.

• tasklist: Shows all processes running locally or remotely.
• WMIC: Advanced interface for obtaining and exporting information.
• qprocess/query: : Query processes, sessions, users and more from the console.
• taskkill: Terminates processes by PID or name.
• tskill: Alternative to taskkill, useful for users with fewer permissions.

All these commands can be executed from DCM, batch scripts or powershell for repetitive tasks.

How to list and filter processes in Windows

The first step is usually to get an overview of what is running on the system. For this, tasklist is essential:

• tasklist: Displays the complete listing with name, PID, session and memory usage.
• task list /v: Details additional information such as status, user, and command line.
• tasklist /fi «memusage gt 15000» /fi «memusage lt 19000»: Filter by memory usage.

You can also search for specific processes by image name or by combining filters, for example:

• tasklist /fi «IMAGEAME eq firefox.exe»: Firefox only.
• tasklist /fi «IMAGENAME eq notepad.exe» & tasklist /fi «IMAGENAME eq firefox.exe»:Both, in different commands.
• tasklist /v /fi «PID gt 1000» /fo csv: Extracts all processes with PID greater than 1000 in CSV format, useful for Excel or external analysis.
• tasklist /v /fi «PID gt 1000» /fo csv > file.csv: Redirects information to a file for later review.
• tasklist /fi «USERNAME ne NT AUTHORITY\SYSTEM» /fi «STATUS eq running»: Only active non-system processes.
• tasklist /s srvmain: Query processes on a remote machine named srvmain, with provisions for custom authentication if needed.

For more advanced control you can use WMIC: More about how to use WMIC to manage processes.

The commands qprocess y Query show active processes by user, session, or across all contexts:

• query process *: Details all processes of all sessions.
• query process /ID:1: Only processes from session 1.

End processes in Windows: taskkill and tskill

Some processes stop responding or consume too many resources, and taskkill y tskill They are ideal tools to intervene in these cases. You can complement this by reviewing the management of updates and processes in Windows 11.

The basic syntax of taskkill It is very versatile and powerful:

taskkill <usuario> ]]] { }

Some practical examples:

• taskkill / pid 1230: Ends the process whose PID is 1230.
• taskkill /pid 1230 /pid 1241 /pid 1253: Kills multiple processes at once.
• taskkill /f /fi «PID ge 1000» /im *: Forcefully terminates all processes with PID greater than or equal to 1000.
• taskkill /F /FI «STATUS eq NOT RESPONDING» /FI «WINDOWTITLE ne WhatsApp»: Kill all unresponsive processes except WhatsApp.
• taskkill /s srvmain /u hostname\username /pp@ssW23 /fi «IMAGEAME eq note*» /im *: Terminates processes on a remote computer under certain filter and authentication conditions.

The command tskill It is very useful when you do not have administrator privileges, allowing you to end your own processes or, if you are an administrator, any process:

• tskill 1230: Ends the process with PID 1230.
• tskill explorer /id:1: : Shuts down the browser for a specific session.

Service control with the SC command

The command sc (Service Control) is the ultimate tool for comprehensive service management in CMD, allowing you to query, start, stop, modify and delete services.

• sc query: Check the status of one or all services.
• sc start: Starts a service.
• sc stop: Stops a running service.
• sc pause / continue: Pause or resume services that allow it.
• sc delete: Removes the service from the registry.
• sc config start=auto|demand|disabled: Sets the service startup mode.
• sc description «New description»: Change the service description.

To create a new service that runs a program automatically:

sc create NuevoServicio binpath= c:\windows\system32\NuevoServicio.exe start= auto

And, if you want to do it on a remote computer:

sc create \\miservidor NuevoServicio binpath= c:\windows\system32\NuevoServicio.exe start= auto

To delete a service:

sc delete NuevoServicio

And to consult the services in different states:

• sc query: Active services.
• sc query state= all: All services, whether active or not.

To manipulate network services, you only need administrator permissions and the name or IP of the remote computer: .

Discover processes that lock files or folders

A common problem is trying to delete, move, or rename a file and receiving the message: "The action cannot be completed because another program has the file open."To identify which process is blocking it, you can use several utilities:

1. El Resource Monitor (perfmon.exe /res), searching in the CPU tab for the blocked identifier or route.
2. The free tool Process Explorer from Sysinternals, with the option “Find Handle or DLL”.
3. Utility Handle from Sysinternals, from the command line, to locate processes that use a specific file or directory.

These utilities are essential for resolving files in use and freeing locked resources from the command line or external tools.

Automation and scripting with taskkill and sc

An important advantage of taskkill and sc is its ability to create batch scripts that automate repetitive tasks, such as closing processes at Windows startup:

@echo off TASKKILL /F /IM process1.exe TASKKILL /F /IM process2.exe TASKKILL /F /IM process3.exe

Place this file in your home folder, accessible from shell: Startup in Run, so that it runs automatically at startup. You can also manage user account control to make these tasks easier..

Remember Every command allows you to consult its help with /?. For example: uterine tasklist /? o sc /?Explore advanced settings and options to get the most out of your tools.

An additional tip: If you need to force close the browser or blocked processes, you can use combinations like:

• TASKKILL /F /IM explorer.exe & start explorer.exe: Close and restart the browser.
• TASKKILL /F /IM explorer.exe & timeout /nobreak 05 & start explorer.exe: Wait 5 seconds before restarting.

With these utilities and commands, you'll have complete control over processes and services on your system or network, improving management and resolving issues quickly and efficiently.

Mastering taskkill and sc gives you a key advantage in Windows administration and troubleshooting. With these techniques, you can identify, manage, and automate processes and services, ensuring a stable, secure system tailored to your needs.