RE: [powershell] Kill Processes Across Multiple Computers:

[Michael B. Smith]

Get-Process –Computer george | Stop-Process

Works just fine.

In Devin’s code below, gotta do the same thing with Get-Service and Set-Service.

And you gotta put the initial start-scriptblock on the same line as 
invoke-command (that’s the error you got)

Invoke-Command –Computer $Server-asjob  –Command {
….
}

And then wait on everything to complete

               Get-Job | Receive-Job

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Orlebeck, Geoffrey
Sent: Tuesday, June 14, 2016 5:19 PM
To: 'powershell@lists.myitforum.com'
Subject: RE: [powershell] Kill Processes Across Multiple Computers:

Devin:

I went down the WMI route because the Stop-Process command doesn’t allow remote 
calls like Get-Process and Set-Service do.

If I attempt the code you provided it errors out with:
Invoke-Command : Parameter set cannot be resolved using the specified named 
parameters.

So is the Foreach loop necessary regardless? I tried statically assigning a 
single host (Invoke-Command -ComputerName Hostname) without success as well. 
I’m wondering if it stems from the $Server variable within Get-Process 
-ComputerName $Server. I understand you may not have tested what you sent, so 
I’m asking out of curiosity.

Thanks,
Geoff

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Devin Rich
Sent: Tuesday, June 14, 2016 9:32 AM
To: powershell@lists.myitforum.com<mailto:powershell@lists.myitforum.com>
Subject: Re: [powershell] Kill Processes Across Multiple Computers:

I forgot to note 1 thing: Invoke-Command does NOT work against your local 
machine. My understanding is that because you can't establish a remote session 
to yourself, it fails to connect. So be sure to test this against a remote 
computer.

Thanks,

Devin Rich
Systems Administrator


On Tue, Jun 14, 2016 at 10:28 AM, Devin Rich 
<dr...@firstelectronicbankusa.com<mailto:dr...@firstelectronicbankusa.com>> 
wrote:
It seems like you are doing this the hard way to me. I may just not be 
understanding everything correctly though. Would something like this work?

Function Stop-RedCloak {
       [CmdletBinding()]
       param
       (
       [Parameter(Mandatory=$false,ValueFromPipeline=$true)]
       [string[]]$Servers = $env:COMPUTERNAME
       )

       Invoke-Command -ComputerName $Servers #Invoke-Command by default runs 
against 32 servers at once without negatively affecting network performance. 
You can turn it up with -ThrottleLimit XX
       {
              $Process = Get-Process -ComputerName $Server -Name 
"Inspector*","Procwall*","RedCloak*"
              If ($Process)
              {
              $Process | Stop-Process -Force
              Set-Service Redcloak -StartupType Disabled
              }

       }
}



Thanks,

Devin Rich
Systems Administrator

On Tue, Jun 14, 2016 at 9:53 AM, Orlebeck, Geoffrey 
<geoffrey.orleb...@chomp.org<mailto:geoffrey.orleb...@chomp.org>> wrote:
Hello,

We previously encountered performance issues in our VDI environment when one a 
vendor kicked off a “deep scan” of all agents, causing our hypervisors to peg 
CPU and bring VDI to a crawl. We ended up powering down VMs and our team (under 
the gun) just used whatever methods were familiar to kill the processes 
(PSExec, Taskkill, PowerCLI, etc.).

While we surely hope this doesn’t happen again, we want to be prepared with a 
way to hopefully kill the processes without having to kill entire VMs and 
potentially causing loss of work. I am attempting to have a script ready to 
kill the relevant RedCloak processes and disable the service otherwise they 
will restart (as we discovered this last go round). I have the following 
script, but I’ve never worked with jobs or runspaces. I’m thinking with our 
~2500 endpoints, it would be best to look into leveraging that, but I’m not 
sure which is most appropriate for this type of job. Based on the below 
process, should I focus my efforts on jobs or runspaces? Any helpful 
examples/tips? I’ve read a few articles but having trouble understanding how to 
deal with each. Anyway, if the multi-thread doesn’t seem appropriate and I can 
just turn this loose on a long list of hostnames, I can do that. Just looking 
for opinions/options. Thank you!


Function Stop-RedCloak{
    [CmdletBinding()]
    param
        (
        [Parameter(Mandatory=$false,ValueFromPipeline=$true)]
        [string[]]$Servers = $env:COMPUTERNAME,
        [string]$Query = "Name LIKE 'procwall%.exe'`
      OR Name LIKE 'inspector%.exe'`
OR Name LIKE 'redcloak%.exe'"
        )

    Foreach($Server in $Servers)
    {
        $Process = Get-Process -ComputerName $Server -Name 
"Inspector*","Procwall*","RedCloak*"
        If($Process -ne $null)
        {
            (Get-WMIObject Win32_Process -ComputerName $Server -Filter 
$Query).terminate()
            Set-Service Redcloak -StartupType Disabled -ComputerName $Server
        }
    }
}

Confidentiality Notice: This is a transmission from Community Hospital of the 
Monterey Peninsula. This message and any attached documents may be confidential 
and contain information protected by state and federal medical privacy 
statutes. They are intended only for the use of the addressee. If you are not 
the intended recipient, any disclosure, copying, or distribution of this 
information is strictly prohibited. If you received this transmission in error, 
please accept our apologies and notify the sender. Thank you.




The information contained in this message is privileged, confidential, and 
protected from disclosure. If you are not the intended recipient, you are 
hereby notified that any review, printing, dissemination, distribution, copying 
or other use of this communication is strictly prohibited. If you have received 
this communication in error, please notify us immediately by replying to the 
message and deleting it from your computer.