Get-Process –Computer george | Stop-Process
Works just fine.
In Devin’s code below, gotta do the same thing with Get-Service and Set-Service.
And you gotta put the initial start-scriptblock on the same line as
invoke-command (that’s the error you got)
Invoke-Command –Computer $Server-asjob –Command {
….
}
And then wait on everything to complete
Get-Job | Receive-Job
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Orlebeck, Geoffrey
Sent: Tuesday, June 14, 2016 5:19 PM
To: 'powershell@lists.myitforum.com'
Subject: RE: [powershell] Kill Processes Across Multiple Computers:
Devin:
I went down the WMI route because the Stop-Process command doesn’t allow remote
calls like Get-Process and Set-Service do.
If I attempt the code you provided it errors out with:
Invoke-Command : Parameter set cannot be resolved using the specified named
parameters.
So is the Foreach loop necessary regardless? I tried statically assigning a
single host (Invoke-Command -ComputerName Hostname) without success as well.
I’m wondering if it stems from the $Server variable within Get-Process
-ComputerName $Server. I understand you may not have tested what you sent, so
I’m asking out of curiosity.
Thanks,
Geoff
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Devin Rich
Sent: Tuesday, June 14, 2016 9:32 AM
To: powershell@lists.myitforum.com<mailto:powershell@lists.myitforum.com>
Subject: Re: [powershell] Kill Processes Across Multiple Computers:
I forgot to note 1 thing: Invoke-Command does NOT work against your local
machine. My understanding is that because you can't establish a remote session
to yourself, it fails to connect. So be sure to test this against a remote
computer.
Thanks,
Devin Rich
Systems Administrator
On Tue, Jun 14, 2016 at 10:28 AM, Devin Rich
<dr...@firstelectronicbankusa.com<mailto:dr...@firstelectronicbankusa.com>>
wrote:
It seems like you are doing this the hard way to me. I may just not be
understanding everything correctly though. Would something like this work?
Function Stop-RedCloak {
[CmdletBinding()]
param
(
[Parameter(Mandatory=$false,ValueFromPipeline=$true)]
[string[]]$Servers = $env:COMPUTERNAME
)
Invoke-Command -ComputerName $Servers #Invoke-Command by default runs
against 32 servers at once without negatively affecting network performance.
You can turn it up with -ThrottleLimit XX
{
$Process = Get-Process -ComputerName $Server -Name
"Inspector*","Procwall*","RedCloak*"
If ($Process)
{
$Process | Stop-Process -Force
Set-Service Redcloak -StartupType Disabled
}
}
}
Thanks,
Devin Rich
Systems Administrator
On Tue, Jun 14, 2016 at 9:53 AM, Orlebeck, Geoffrey
<geoffrey.orleb...@chomp.org<mailto:geoffrey.orleb...@chomp.org>> wrote:
Hello,
We previously encountered performance issues in our VDI environment when one a
vendor kicked off a “deep scan” of all agents, causing our hypervisors to peg
CPU and bring VDI to a crawl. We ended up powering down VMs and our team (under
the gun) just used whatever methods were familiar to kill the processes
(PSExec, Taskkill, PowerCLI, etc.).
While we surely hope this doesn’t happen again, we want to be prepared with a
way to hopefully kill the processes without having to kill entire VMs and
potentially causing loss of work. I am attempting to have a script ready to
kill the relevant RedCloak processes and disable the service otherwise they
will restart (as we discovered this last go round). I have the following
script, but I’ve never worked with jobs or runspaces. I’m thinking with our
~2500 endpoints, it would be best to look into leveraging that, but I’m not
sure which is most appropriate for this type of job. Based on the below
process, should I focus my efforts on jobs or runspaces? Any helpful
examples/tips? I’ve read a few articles but having trouble understanding how to
deal with each. Anyway, if the multi-thread doesn’t seem appropriate and I can
just turn this loose on a long list of hostnames, I can do that. Just looking
for opinions/options. Thank you!
Function Stop-RedCloak{
[CmdletBinding()]
param
(
[Parameter(Mandatory=$false,ValueFromPipeline=$true)]
[string[]]$Servers = $env:COMPUTERNAME,
[string]$Query = "Name LIKE 'procwall%.exe'`
OR Name LIKE 'inspector%.exe'`
OR Name LIKE 'redcloak%.exe'"
)
Foreach($Server in $Servers)
{
$Process = Get-Process -ComputerName $Server -Name
"Inspector*","Procwall*","RedCloak*"
If($Process -ne $null)
{
(Get-WMIObject Win32_Process -ComputerName $Server -Filter
$Query).terminate()
Set-Service Redcloak -StartupType Disabled -ComputerName $Server
}
}
}
Confidentiality Notice: This is a transmission from Community Hospital of the
Monterey Peninsula. This message and any attached documents may be confidential
and contain information protected by state and federal medical privacy
statutes. They are intended only for the use of the addressee. If you are not
the intended recipient, any disclosure, copying, or distribution of this
information is strictly prohibited. If you received this transmission in error,
please accept our apologies and notify the sender. Thank you.
The information contained in this message is privileged, confidential, and
protected from disclosure. If you are not the intended recipient, you are
hereby notified that any review, printing, dissemination, distribution, copying
or other use of this communication is strictly prohibited. If you have received
this communication in error, please notify us immediately by replying to the
message and deleting it from your computer.
