Stop-ProcessByOwner.ps1

1. #Requires –Version 2
2.  
3. <#
4. .SYNOPSIS
5.     Targets and terminates processes owned by a specified user (defaults to local user name if not specified).
6. .DESCRIPTION
7.     This script can be used in situations where certain processes get hung up on a computer and need to be terminated, rather than terminating the entire user session.  This is especially useful in terminal and citrix server environments when a user experiences a single hung process and it needs to be terminated in order to allow them to continue working.
8. .PARAMETER ComputerName
9.     Queries and terminates processes running on the specified computers. If not specified, the local computer running the script will be used.
10. .PARAMETER UserName
11.     Specifies the samAccountName (or Windows logon name) of the user who owns the process(es) you wish to terminate.  If not specified, the domain username of the account running the script will be used.
12. .PARAMETER DomainName
13.     Specifies the domain name of the user who owns the process(es) you wish to terminate.  If not specified, the domain name of the account running the script will be used.
14. .PARAMETER ProcessName
15.     Specifies the name of the process you wish to terminate.  Use full filename with extension.  Only .bat, .com, and .exe's are supported.  This is a mandatory parameter.
16. .LINK
17.     http://community.spiceworks.com
18. .NOTES
19.     Host account running the script needs to have administrative privileges over the local/remote host where the process(es) will be terminated.
20. .EXAMPLE
21.     PS C:\>.\Stop-ProcessByOwner.ps1 -ProcessName mmc.exe -UserName Rob -DomainName LocalDomain -ComputerName RemoteComputer1
22.  
23.     This command terminates all 'mmc.exe' processes owned by LocalDomain\Rob on remote computer 'RemoteComputer1' with no logging in the console.
24. .EXAMPLE
25.     PS C:\>.\Stop-ProcessByOwner.ps1 -ProcessName mmc.exe -UserName Rob -DomainName LocalDomain -ComputerName RemoteComputer1,RemoteComputer2,RemoteComputer3
26.  
27.     This command terminates all 'mmc.exe' processes owned by LocalDomain\Rob on remote computers 'RemoteComputer1,' 'RemoteComputer2,' and 'RemoteComputer3' with no logging in the console.
28. .EXAMPLE
29.     PS C:\>.\Stop-ProcessByOwner.ps1 -ProcessName mmc.exe -UserName Rob -DomainName LocalDomain -Verbose
30.  
31.     This command terminates all 'mmc.exe' processes owned by LocalDomain\Rob on the computer executing the script, with all logging displayed in the console.
32. .EXAMPLE
33.     PS C:\>.\Stop-ProcessByOwner.ps1 -ProcessName mmc.exe -UserName Rob -DomainName LocalDomain -Verbose -WhatIf
34.  
35.     This command will perform a 'WhatIf' scenario, showing which processes would be terminated (but no action is taken), with all logging displayed in the console.
36. #>
37.  
38. [CmdletBinding(SupportsShouldProcess=$true)]
39.  
40.  
41. Param(
42.     [Parameter(ValueFromPipelineByPropertyName=$true,Position=0)] [array] $ComputerName,
43.     [Parameter(ValueFromPipelineByPropertyName=$true,Mandatory=$true)]
44.     [ValidateScript({
45.         If ($_ -like "*.exe*") {
46.             $true
47.         }
48.         ElseIf ($_ -like "*.com*") {
49.             $true
50.         }
51.         ElseIf ($_ -like "*.bat*") {
52.             $true
53.         }
54.         Else {
55.             Throw "'$($_.toUpper())' does not have a valid extension (.bat, .com, .exe)."
56.         }
57.     })]
58.     [string] $ProcessName,
59.     [Parameter(ValueFromPipelineByPropertyName=$true)][string] $DomainName = $env:USERDOMAIN,
60.     [Parameter(ValueFromPipelineByPropertyName=$true)][string] $UserName = $env:USERNAME
61. )
62.  
63. BEGIN {
64. #Clear-Host
65. Write-Verbose "=========================================="
66. Write-Verbose "Script process started at $(Get-Date)"
67. Write-Verbose "Process name specified: $ProcessName"
68. Write-Verbose "Domain\User specified: $DomainName\$UserName"
69. Write-Verbose "=========================================="
70.  
71. }
72. PROCESS {
73.  
74.     ForEach ($Computer in $ComputerName) {
75.         Write-Verbose "Processing computer $Computer..."
76.         $Processes = Get-WmiObject -class win32_process -computer $Computer -Filter "name = '$ProcessName'" -ErrorAction SilentlyContinue
77.         If (!$Processes) {
78.             Write-Warning "[$Computer] No running processes named '$ProcessName' found..."
79.         }
80.         else {
81.             foreach ($Process in $Processes) {
82.                 $temp = $Process.getowner()
83.                 if (($temp.user -eq $UserName) -and ($temp.domain -eq $DomainName)) {
84.                     Write-Verbose "$($Computer.toupper()):Process $($Process.name) owned by $($temp.domain)\$($temp.user) with process ID of $($Process.processid)"
85.  
86.                     If ($PSCmdlet.ShouldProcess("$ProcessName with Process ID $($Process.ProcessId)","Terminate process")) {  
87.                         Write-Verbose "Attempting to terminate process $($Process.name)..."
88.                         #sleep 3
89.                         $Result = $Process | ForEach-Object {Invoke-WmiMethod -Name terminate -InputObject $_}
90.                         If ($Result.ReturnValue -eq 0) {
91.                             Write-Verbose "'$($ProcessName)' terminated successfully at $(Get-Date)"
92.                         }
93.                     }
94.                 }
95.                 else {
96.                     Write-Warning "[$($Computer.toUpper())] '$($Process.name)' found with process ID $($Process.ProcessId), but does not belong to $DomainName\$UserName (owner:$($temp.domain)\$($temp.user)) - skipping..."
97.                 }
98.             }
99.         }
100.     }
101. }
102. END {
103.     Write-Verbose "=========================================="
104.     Write-Verbose "Script Processing complete at $(Get-Date)."
105.     Write-Verbose "=========================================="
106. }