After a reboot on a machine (WS2012-R2), I observed that I could no longer use the "Details" tab in Task Manager to kill a process that I have run at startup. After checking solutions from other similar issues posted in various places, I noted that many were recommending various SysInternals tools. Using these various tools, I still receive an "Access Denied" when trying to kill the process through use of Windows (Task Manager)/SysInternals (Process Explorer) GUIs or command line taskkill/psexec.

For troubleshooting's sake, I am working with something benign like Notepad.exe - here is the output of my efforts with psexec.exe...

C:\Users\adminaccount\Desktop\PSTools>psexec -s taskkill /im Notepad.exe /f

PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com


ERROR: The process "notepad.exe" with PID 1968 could not be terminated.
Reason: Access is denied.
taskkill exited on SERVERNAME with error code 1.

C:\Users\adminaccount\Desktop\PSTools>

Oddly, Notepad.exe can be killed without issue via the "Processes" tab of Task Manager.

Upon the aforementioned reboot, it looks like MS15-111 (Elevation of Privilege) and MS15-109 (Remote Code Execution) were installed (based on my corporate IT policy). I will try to remove these, but I am not certain I will be able to easily do so.

I am using an admin account at the time in the course of troubleshooting; this admin account is the one creating the notepad process, so I'm shocked this same account cannot kill the process aside from using the "Processes" tab. In short, this admin account can no longer seem to kill anything if it can't easily do it via the "Processes" tab after the reboot.

I observed this issue trying to kill process started via "Scheduled Tasks". The "Processes" tab approach of Task Manager is not functional for processes started by the system scheduler.