The purpose of this page is two-fold; firstly, to provide 'how to' examples
for scripting Windows processes. Secondly, to help those who want to learn more about
PowerShell's Get-Process command, methods and syntax.
One useful skill for all computer users is to check, and if necessary, Kill a process. Such processes are listed in the Task Manager, and this leads me to another useful learning technique, have the GUI
(Task Manager)
open so that you can trace precisely what the PowerShell script achieves.
It's time to launch the Task Manager; the flashiest way is to press Ctrl +Shift +Esc; next click on the Processes tab, if you click on 'Image Name', then you can sort the processes into alphabetical order.
Incidentally, when troubleshooting which Process is hogging the processor, I maximize the Task Manager window, then click on the CPU column. The result is the process with the greatest value for CPU
comes to the top of the list.
Instructions: Pre-requisite: Visit Microsoft's site and download the correct version of PowerShell for your operating system.
Launch PowerShell, in v 2.0 the ISE version is best.
For PowerShell 1.0.
Copy the lines of code below (into memory)
Right-click on the PowerShell symbol
Edit --> Paste
Press enter to execute the code.
# PowerShell Get-Process list
Get-Process *
Learning Points
Note 1: PowerShell's commands
are not case sensitive, thus you could type Get-Process, or Get-Process. Also you can omit the 'get' in
Get-Process, this is because
'get' is the default verb and PowerShell intelligently adds 'Get-' to
process.
With
Get-Process, the wildcard asterisk * is
optional, however, it does remind us that we can modify the output to produce a restricted range:
Get-Process [ab]* returns all processes beginning with the letter a or b.
Get-Process [ae]* surprised me, it only listed process beginning with 'a', or beginning with 'e'. To get a range we must
add a hyphen between the letters: Get-Process [a-e]*
If you have taken my advice and you have the Task Manager open, it's worth checking that what you see in PowerShell matches what you see in Task Manager.
Guy
Recommends: WMI Monitor and It's Free!
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft operating systems. Fortunately, Solarwinds
have created a
Free WMI Monitor so that you can discover these gems of performance
information, and thus improve your PowerShell scripts. Take the guess work out of which WMI counters to use when scripting the
operating system, Active Directory or Exchange Server.
Once again, it is worth inspecting the Task Manager
as you learn about Get-Process, in particular examine the column headings,
Image Name, PID, CPU etc. Indeed, if you click on the View menu, then
Select Columns you can add yet more columns. What helps to make
connections is to compare those columns with properties displayed by
PowerShell's Get-Member command. Incidentally, every PowerShell
command benefits from the following Get-Member 'treatment'.
Properties for PowerShell Get-Process
Here is a useful command
called Get-Member, which displays the process properties.
From the resulting list you can decide which to employ in your PowerShell task.
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
Solarwinds'
Orion performance monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
Perhaps the NPM's best feature is the way it suggests solutions to network
problems. Its
second best feature is the ability to monitor the health of individual VMWare
virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you take advantage of Solarwinds' offer.
In this example, the display of the output is controlled by format-Table. Following research with Get-Member, you can decide which properties to add, and which to delete from my example.
Example 3b - List the companies who are responsible for the
processes
# PowerShell script to list processes by company Clear-Host
Get-Process | Group-Object company | sort-Object name
Learning Points
Such a script could be the basis of detecting rogue programs.
Once you have a list of companies you could check for suspicious or unknown names.
Example 3c - List the companies who are responsible for the
processes
# PowerShell process list by company
Get-Process | sort company | format-Table ProcessName -groupby company
Learning Points
Here is a variation of Example 3b. My idea is to format the output
as a table, and then apply the -groupby command to aggregate the company
information. Incidentally, PowerShell provides information about
'company' that is not available from the Task Manager's Processes tab.
From a pure PowerShell point of view, observe the two pipelines (|) in the
cmdlet. This example also features group-Object and sort-Object.
In addition to improving the output, these handy verbs can be
truncated to 'group' or 'sort', PowerShell intelligently deduces the
noun, -object.
# PowerShell script to list processes with more than
200 handles Clear-Host Get-Process | where-object { $_.Handles -gt 200 }
Learning Points
The purpose of this command is to filter the processes. $_.
is a placeholder, or reference to the current command, or the first
pipeline. From a PowerShell point of view, many script benefit from a 'Where' clause to filter the output. Take the time to check where to place the (|) pipe, and also to admire the $_.
construction, which means 'in this pipeline'
Guy Recommends: Solarwinds' Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the
users with their fields in the
top row, and save as .csv file. Then launch this FREE utility and match
your fields with AD's
attributes, click to import the users. Optionally, you can
provide the name of the OU where the new accounts will be born.
There are also two bonus tools in this free download, and all 3 have been approved by Microsoft:
With Microsoft, there are always at least
three ways of doing everything, what seems like redundancy when you are an
expert, seems like perspective when you are a beginner. One obvious
example is that you can abbreviate format-Table to ft. As you increase
your range of PowerShell commands, keep an eye out for another
PowerShell Alias, for example gci (Get-Childitem).
In addition to Get-Process, which is featured on this page, there are sister commands: start-Process and stop-Process. Here is a classic example of PowerShell's consistency, learn how the noun
'Process' is controlled by the verbs, start, stop and get, then apply those same verbs to the noun 'Service'.
# PowerShell Process Family Clear-Host Get-Command -noun Process
If you explore with Get-Process then something magical will happen.
Task Manager processes will help you learn PowerShell commands, while the research needed to get PowerShell scripts to work, will teach you more about
the operating system's processes.
Get-Process is a good place to start experimenting with the syntax
of the new Microsoft Shell. As you try the various PowerShell commands,
look out for verb-noun pairs such as Get-Process. In this example,
examine PowerShell techniques such as pipeline, Get-Member and also
format-Table. One real life task is to check the company names associated with processes, and thus spot an impostor, a virus, or annoying grayware.
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft operating systems.
Fortunately, Solarwinds
have created the
Free WMI Monitor so that you can actually see and understand these gems of
performance information. Take the guess work out of which
WMI counters to use for applications like Microsoft Active Directory,
SQL or Exchange Server.
