How to Get Processes Running on a Remote Computer in Batch Script

When troubleshooting an unresponsive application on a remote server, or investigating why a machine is sluggish, checking the running processes is often the first step. You don't need to establish a full Remote Desktop connection or use third-party monitoring tools just to see what is consuming CPU or memory. A simple Batch script can retrieve this data directly.

In this guide, we will explore the best methods to list running processes on a remote machine using the native tasklist command and WMI via wmic.

Method 1: Using `tasklist` (Simplest Approach)

The tasklist executable is a standard Windows tool used to display a list of currently running processes with their Process IDs (PIDs) and memory usage.

To query a remote computer, use the /s (system) switch followed by the computer name or IP address.

Syntax

tasklist /s RemoteComputerName

Basic Script Example

Here is a straightforward script that asks for a computer name and lists all its processes.

@echo off
setlocal EnableDelayedExpansion

set /p "TARGET_PC=Enter remote computer name: "

if "!TARGET_PC!"=="" (
    echo No input provided. Exiting.
    pause
    exit /b
)

echo.
echo Fetching running processes from !TARGET_PC!...
echo ==============================================

REM Execute tasklist against the remote machine
tasklist /s "!TARGET_PC!" 2>nul

if !ERRORLEVEL! neq 0 (
    echo.
    echo [ERROR] Could not connect to !TARGET_PC!. Check permissions and network.
)

echo ==============================================
echo Done.

endlocal
pause

Filtering with `tasklist /fi`

Listing hundreds of processes isn't always useful. You often need to find a specific executable like "SQLServer.exe" or "notepad.exe". The /fi (filter) switch is perfect for this.

Example: Searching for NotePad

tasklist /s "Server01" /fi "imagename eq notepad.exe"

Output:

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
notepad.exe                   1234 RDP-Tcp#1                  2      6,420 K

Method 2: Using WMI via `wmic` (Advanced Detail)

While tasklist is great for quick overviews, it doesn't provide the full command-line arguments used to launch a process or tell you exactly which user account is running the process. For deeper insights, you need Windows Management Instrumentation (WMI).

Queries using `wmic process`

You can use the wmic command to target the remote machine using the /node: parameter.

wmic /node:"Server01" process list brief

This returns a wide, somewhat messy format. The real power of wmic comes from requesting specific properties.

Getting the Execution Path and Arguments

If a process is running but you need to know exactly where the executable lives on the remote disk, use wmic.

wmic /node:"Server01" process where "name='java.exe'" get processid, executablepath, commandline

Output:

CommandLine                                         ExecutablePath               ProcessId
"C:\Java\bin\java.exe" -jar app.jar                 C:\Java\bin\java.exe         5432

This is incredibly useful for differentiating between multiple instances of "java.exe" or "python.exe" running different scripts.

Advanced Search Script: The Hybrid Approach

A professional batch script often wraps these commands to provide a clean, user-friendly output and handles errors gracefully.

The following script asks for a target PC and a process name to search for. It uses tasklist first because it is faster for simple checks over the network.

@echo off
setlocal

set "TARGET_PC=FileServer01"
set "PROCESS_NAME=explorer.exe"

echo Scanning %TARGET_PC% for process: %PROCESS_NAME%
echo.

REM Try tasklist first - filter and check if the process name appears in the output
tasklist /s "%TARGET_PC%" /fi "imagename eq %PROCESS_NAME%" 2>nul | find /i "%PROCESS_NAME%" >nul

if %ERRORLEVEL% equ 0 (
    echo [FOUND] %PROCESS_NAME% is actively running on %TARGET_PC%.
    echo ----------------------------------------------------

    REM Output details neatly (no header)
    tasklist /s "%TARGET_PC%" /fi "imagename eq %PROCESS_NAME%" /nh 2>nul

    echo ----------------------------------------------------
) else (
    echo [NOT FOUND] The process %PROCESS_NAME% is not running or access was denied.
)

endlocal
pause

Access Denied Errors

Both tasklist and wmic require administrative privileges on the target remote computer. If you run these scripts as a standard user, you will encounter immediate errors.

Always run your administrative scripts from an elevated command prompt configured with domain admin rights, or use the /u and /p switches carefully (tasklist /s Server01 /u Domain\AdminUser /p Password). Remember that hardcoding passwords is a security risk.

Conclusion

Getting a list of running processes on a remote machine is a staple of Windows administration. By using tasklist /s for fast overviews and filtering, and wmic /node: when you need deep details like the executable path or command-line arguments, you can vastly improve your remote troubleshooting capabilities through simple Batch scripting.

Method 1: Using tasklist (Simplest Approach)​

Syntax​

Basic Script Example​

Filtering with tasklist /fi​

Method 2: Using WMI via wmic (Advanced Detail)​

Queries using wmic process​

Getting the Execution Path and Arguments​

Advanced Search Script: The Hybrid Approach​

Conclusion​

Table of Contents