Have local admin privileges on Windows XP, but getting "Error terminating process: Access is denied". How to kill the process?

On one of the Windows XP machines I use regularly, there is a process that starts up periodically. I'd like to be able to kill the process – sometimes – because it occasionally runs when I'm busy doing something machine-intensive.

I've already tried dropping the process priority to "Idle" to mitigate the effects, but it isn't the CPU that's the problem. Rather, the process is very disk-intensive and no matter the process priority, it still causes significant disk thrashing when running, impacting everything else I'm doing at the time.

Using Process Explorer, I can find the process, right-click, and choose Kill Process, but I always get the message "Error terminating process: Access is denied."

This is not an operating system process, but third-party software. What might that process be doing to prevent itself from being terminated?

How can I kill such a process? Is there a way for me to modify the process's security or access control list (ACL) somewhere, using Process Explorer or another tool, so that I can effectively kill it?

Chris W. Rea

Posted 2010-05-06T17:06:07.693

Reputation: 10 282

potential dupe: http://superuser.com/questions/48864/shortcut-to-kill-an-application or http://superuser.com/questions/66176/kill-window-or-application-just-like-linux-do ... also http://superuser.com/questions/69783/how-to-monitor-and-kill-a-process-automatically-on-windows-by-process-name or http://superuser.com/questions/66474/cannot-kill-process-in-vista-64 ... or try browsing thru this list

– quack quixote – 2010-05-06T20:47:25.840

@quack quixote: Thanks, but none of those questions deal with the "Access denied" issue central to this question. I'm also asking if there's a way to modify the process security/ACL, and I don't see those questions asking that either. – Chris W. Rea – 2010-05-07T00:34:54.587

Though I do see http://superuser.com/questions/109010 .. very close, but no cigar; I'm asking re: XP x86, not Win7 x64.

– Chris W. Rea – 2010-05-07T00:38:07.740

Can you tell us the process name? – Jet – 2014-03-07T19:13:40.083

Answers

Looks like I'm able to kill the process in question using Process Hacker, which, coincidentally, I learned about today from a SuperUser Community Promotion Ad:

One of the features listed is "powerful process termination". From the project page:

Process Hacker is a free and open source process viewer and memory editor with unique features such as powerful process termination. It can show services, processes and their threads, modules, handles and memory regions. [emphasis mine]

While I don't intend for to replace Process Explorer, this is certainly a complementary new tool worth keeping around, and I'm curious to learn more about it.

Chris W. Rea

Posted 2010-05-06T17:06:07.693

Reputation: 10 282

at 16:44 /Interactive taskmgr.exe

This would add a job to the scheduler to run the taskmgr.exe at 16:44. Select your time about 1 minute in the future from current time. The taskmgr.exe would run with the System account which has additional privileges. See if it works.

Sharjeel Aziz

Posted 2010-05-06T17:06:07.693

Reputation: 2 643

Running interactive tasks is dangerous. – kinokijuf – 2011-11-17T19:41:59.843

@kinokijuf , dangerous but not in this case. Registry is dangerous too... ;) – Jet – 2014-03-07T19:06:49.980

The process could be starting with the SeShutdownPrivilege set to Deny (or not set to Allow) for you or the group you're in.

Fire up procexp.exe, find the process, right-click --> Properties --> Security tab --> Permissions button. You may need to run procexp.exe elevated to see anything.

Bacon Bits

Posted 2010-05-06T17:06:07.693

Reputation: 6 125

taskkill /f will do it!

user33788

Posted 2010-05-06T17:06:07.693

Reputation: 478

Thanks for the suggestion, but here was the result: ERROR: The process with PID nnnn could not be terminated. Reason: Access is denied. – Chris W. Rea – 2010-05-06T17:35:39.197

and you had the /f typically I have cygwin installed and a kill -9 works everytime so I was hoping that taskkill /f would to this! if you do sc /queryex processname you should see the reason for not being able to kill the process. – user33788 – 2010-05-06T18:52:58.770

I also have cygwin installed. "kill -9 nnnn" reports: bash: kill: (nnnn) - No such process ... I don't even think cygwin's kill sees this process since it isn't a cygwin process. "ps -ef" only lists bash and ps. – Chris W. Rea – 2010-05-06T19:55:38.420

how about wmic process where "processid='xxxx'" delete – user33788 – 2010-05-06T20:31:56.440

What is the software? Sounds like it's running as a service. You'll get that error when you try to kill a process (from Task Manager or Process Explorer) that is running as a services.

squillman

Posted 2010-05-06T17:06:07.693

Reputation: 5 676