Use TaskKill to clean run away processes

Taskkill
Ends one or more tasks or processes. Processes can be killed by process ID or image name.

Syntax
taskkill [/s Computer [/u Domain\UserName [/p Password]]] {[/fi Filter [/fi Filter [ ... ]]] [{/pid ProcessID | /im ImageName}] | /pid ProcessID | /im ImageName} [/f] [/t]

Parameters
/s Computer

Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer.

/u Domain\UserName

Runs the command with the account permissions of the user specified by UserName or Domain\UserName. /u can be specified only when /s is specified. The default is the permissions of the current logged on user on the computer issuing the command.

/p Password

Specifies the password of the user account that is specified in the /u parameter.

/fi Filter

Specifies the types of process(es) to include in or exclude from termination. You can specify more than one filter. Use the wildcard (*) to specify all tasks or image names. The following are valid filter names, operators, and values.


Name Operators Value
Status
eq, ne
RUNNING | NOT RESPONDING | UNKNOWN

Imagename
eq, ne
Any valid string.

PID
eg, ne, gt, lt, ge, le
Any valid positive integer.

Session
eg, ne, gt, lt, ge, le
Any valid session number.

CPUTime
eq, ne, gt, lt, ge, le
Valid time in the format of HH:MM:SS. The MM and SS parameters should be between 0 and 59 and HH can be any valid unsigned numeric value.

Memusage
eg, ne, gt, lt, ge, le
Any valid integer.

Username
eq, ne
Any valid user name ([Domain\]UserName).

Services
eq, ne
Any valid string.

Windowtitle
eq, ne
Any valid string.

Modules
eq, ne
Any valid string.


/pid ProcessID

Specifies the process ID of the process to be terminated.

/im ImageName

Specifies the image name of the process to be terminated. Use the wildcard (*) to specify all image names.

/f

Specifies that process(es) be forcefully terminated. This parameter is ignored for remote processes; all remote processes are forcefully terminated.

/t

Terminates the specified process and any child processes which that process started.

/?

Displays help at the command prompt.

Remarks
• The "WindowTitle" and "Status" filters are not supported when a remote system is specified.

• The wildcard character (*) is accepted only when specified along with the filters.

• Termination for remote processes will always be done forcefully regardless of whether the /f parameter is specified.

• Supplying a computer name to the HOSTNAME filter will cause a shutdown and all processes will be stopped.

• Use tasklist to determine the Process ID (PID) for the process to be terminated.

• Taskkill is a replacement for the kill tool.


Examples
The following examples show how you can use the taskkill command:

taskkill /pid 1230 /pid 1241 /pid 1253

taskkill /f /fi "USERNAME eq NT AUTHORITY\SYSTEM" /im notepad.exe

taskkill /s srvmain /f /im notepad.exe

taskkill /s srvmain /u maindom\hiropln /p p@ssW23 /fi "IMAGENAME eq note*" /im *

taskkill /s srvmain /u maindom\hiropln /fi "USERNAME ne NT*" /im *

taskkill /pid 2134 /t /fi "username eq administrator"

taskkill /f /fi "PID ge 1000" /im *

MS SQL Server fixed Server Roles and Database Roles

Server Roles:

sysadmin - grants its members complete control over the SQL Server, its databases, and all of their objects. The group initially contains two logins - sa SQL login and local BUILTIN\Administrators Windows login. You can assign additional logins to it (both SQL and Windows), you can also remove Windows local BUILTIN\Administrator group from it (if you intend to separate Windows and SQL server administration), however sa login membership can not be altered (and the account can not be deleted, disabled, or renamed).

serveradmin - intended for users responsible for the configuration of SQL Server. This typically consists of modifying server-wide settings and options, such as, the amount of memory or processor time allocated to the SQL Server or query governor behavior (in essence, all operations which can be performed with sp_configure stored procedure). Members of this role can also modify table options (covered by sp_tableoption stored procedure).

setupadmin - gives its members the power to control configuration settings for linked servers and stored procedures to be executed at startup.

securityadmin - provides the ability to manage security related settings, such as changing authentication mode, creating logins or database users, and granting, denying, or revoking permissions to create databases (execute CREATE DATABASE statement).

processadmin - limited to terminating processes with the KILL command (from T-SQL) or via graphical interface in SQL Server Enterprise Manager.
dbcreator - permits its members to create, drop, and modify databases (execute CREATE DATABASE, DROP DATABASE, and ALTER DATABASE statements).

diskadmin - exists strictly for backwards compatibility purpose - allowing its members to manage disk devices created in the SQL Server 6.5.

bulkadmin - grants permissions to execute the BULK INSERT command, used to import large quantities of data into SQL Server.

Database Roles:

db_accessadmin - intended for administrators responsible for granting and revoking access to the database (which also implies the ability to create or drop users).

db_backupoperator - provides the ability to backup a database (but not restore it).

db_datareader - allows reading all database tables and views (executing SELECT statement against them).

db_datawriter - allows modifying content of all database tables and views (executing INSERT, UPDATE and DELETE statement against them). Due to the fact that functionality provided by this role includes the ability to delete all data, you should very carefully control its membership.

db_dlladmin - grants its members the ability to execute any Data Definition Language (DDL) command (which result in creation of database objects, such as tables, triggers, stored procedures, etc.). Members of this role who issue the CREATE statements automatically become their owners, which, in turn, means they have full control over them.

db_denydatareader - serving function reverse to db_datareader - denies read access to all tables and views (through DENY SELECT permissions). Since impact of the membership in this role cannot be overridden by granting permissions to individual objects, this serves as a convenient mechanism to secure them against particular users or groups of users.

db_denydatawriter - serving function reverse to db_datawriter - denies write access to all tables and views (through DENY INSERT, DENY UPDATE and DENY DELETE permissions). Just as with the db_denydatareader role, impact of the membership in this role cannot be overridden by granting permissions to individual objects, so this can also be conveniently used to secure them against particular users or groups of users.

db_owner - the most powerful role on the database level (equivalent to the sysadmin on the SQL server level) with full administrative control over all database objects and operations. The role initially contains a single user dbo, but additional user accounts can be added to it.

db_securityadmin - its members have power to grant, revoke and deny permissions on every object in the database, in addition to managing membership of fixed and custom roles.

public - contains all database users and roles (resembling Everyone Windows group) and its membership can not be altered. This is important to remember, since it means that all users who are allowed to access a particular database are automatically granted all permissions assigned to public role. In general, you should avoid granting permissions to public role.