Remote administration is a subject that's open to a lot of interpretation because one way could work for one environment and just not fit in for the next. It's pretty easy to setup a client to have a secure remote shell or remote desktop viewing software but a lot of my environments are not setup ideally so you're forced to use the tools that are on the system and free tools that you can download. Also add to the picture that you don't want to disrupt an employee working and answer may be at the command line.

In this example I'm investigating a report from the antivirus protection on a machine that its process is attempting to be disabled by a certain PID. I want to know what process is associated to that PID and why that's happening. My computer name is WORKSTATION and the PID in question is 1055.

tasklist /s WORKSTATION /FI "PID eq 1055"

You'll see that PID 1055 is a certain executable. In my case it was winlogon.exe and because the event was happening at 3:00AM, I knew that it was caused by Windows Updates being installed.

But if you noticed that a process named something like virus_hack_death.exe was running under this PID and it was trying to access your antivirus, you can use tasklist's cousin, taskkill.

taskkill /s workstation /PID 1055
OR
taskkill /s workstation /IM virus_hack_death.exe

Obviously this is a pretty weak example because whatever process you killed will most likely start again but you could also help those machines that are hung up and not accessible from the keyboard or through RDP. Connect in and kill the frozen process.