Killing Remote PowerShell Sessions

by Jul 30, 2013

To kill a remote PowerShell session that runs on your machine, you could kill the wsmprovhost.exe task associated with it, but identifying the correct process and killing it is not a robust and recommended way.

A better way uses this approach:

$URI = ('http://{0}:5985/wsman' -f $env:computername)

$connection = Get-WSManInstance -ConnectionURI $URI -ResourceURI shell -Enumerate |
  Where-Object { $_.Owner -eq 'SomeDomain\SomeUser' }

$connection | ForEach-Object {
    Remove-WSManInstance -ConnectionURI $URI shell @{ShellID=$_.ShellID}
} 

In this example, all remote sessions initiated by the user SomeDomain\SomeUser and using port 5985 would be terminated. Note that in a non-domain environment, you first have to enable non-Kerberos authentication (remember that without Kerberos, you no longer know for sure that the target computer really is the computer it pretends to be):

Set-Item WSMan:\localhost\Client\TrustedHosts * -Force

Twitter This Tip! ReTweet this Tip!