Windows PowerShell

3CX Phone System for Windows - VOIP IP PBX

3CX Phone System for Windows -
VOIP IP PBX

Get your 5 free applications now

Application Publishing with 2X ApplicationServer

PowerShell Examples

Scripting Windows Processes with PowerShell's get-Process

Introduction to Scripting a Windows Process with PowerShell

The purpose of this page is two-fold; firstly, to provide 'how to' examples for scripting Windows processes.  Secondly, to help those who want to learn more about PowerShell's get-Process command, methods and syntax.

Topics for PowerShell get-Process

Our Mission

One useful skill for all computer users is to check, and if necessary, Kill a process.  Such processes are listed in the Task Manager, and this leads me to another useful learning technique, have the GUI (Task Manager) open so that you can trace precisely what the PowerShell script achieves.

If you stick with my mission, something magical will happen. Windows processes will help you learn PowerShell commands, while the research needed to get PowerShell scripts to work, will teach you more about the operating system's processes.

Meet the Process Family

In addition to get-Process, which is featured on this page, there are sister commands: start-Process and stop-Process.  Here is a classic example of PowerShell's consistency, learn how the noun 'Process' is controlled by the verbs, start, stop and get, then apply those same verbs to the noun 'Service'.

Preparation - Launch Task Manager

It's time to launch the Task Manager; the flashiest way is to press Ctrl +Shift +Esc; next click on the Processes tab, if you click on 'Image Name', then you can sort the processes into alphabetical order.  Incidentally, when troubleshooting which Process is hogging the processor, I maximize the Task Manager window, then click on the CPU column.  The result is the process with the greatest value for CPU comes to the top of the list.

Example 1: Listing with - get-Process

Instructions:PowerShell get-Process
Pre-requisite: Visit Microsoft's site and download the correct version of PowerShell for your operating system.

  • Launch PowerShell
  • Copy the two lines of code below (into memory)
  • Right-click on the PowerShell symbol
  • Edit --> Paste
  • Press enter to execute the code.

# Getting started with PowerShell get-Process
 get-Process *

Learning Points

Note 1:  PowerShell's commands are not case sensitive, thus you could type get-Process, or Get-process.  Also you can omit the 'get' in get-Process, this is because 'get' is the default verb and PowerShell intelligently adds 'get-' to process.

Note 2:  Invariably, PowerShell uses singular nouns, thus get-Process (and not get-Processes).

Switches or modifiers for get-Process

With get-Process, the wildcard asterisk * is optional, however, it does remind us that we can modify the output to produce a restricted range:

get-Process [ab]* returns all processes beginning with the letter a or b.

get-Process [ae]* surprised me, I only got process beginning with 'a', or beginning with 'e'.  To get a range we must add a hyphen between the letters: get-Process [a-e]*

If you have taken my advice and you have the Task Manager open, it's worth checking that what you see in PowerShell matches what you see in Task Manager.

  ˚

Example 2: Controlling the Output of get-Process

Once again, it is worth inspecting the Task Manager as you learn about get-Process, in particular examine the column headings, Image Name, PID, CPU etc.  Indeed, if you click on the View menu, then Select Columns you can add yet more columns.  What helps to make connections is to compare those columns with properties displayed by PowerShell's get-Member command.  Incidentally, every PowerShell command benefits from the following get-Member 'treatment'.

Properties for PowerShell get-Process

Here is a useful command called get-Member, which displays the process properties.  From the resulting list you can decide which to employ in your PowerShell task.

Simple Command
get-Process | get-Member

I like to add a filter so that the command just lists the Properties.
get-Process | get-Member -MemberType Property

get-Process | get-Member -MemberType Property

Useful properties of process include CPU, WorkingSet, VirtualMemorySize, HandleCount and Company.

For later reference, you could save the information to file.
get-Process | get-Member -MemberType Property | out-file Process.txt

Example 3: PowerShell get-Process in Action

Example 3a - Format-table

clear-Host # PowerShell script to format the output
get-Process | format-Table name, workingset, basepriority -auto

Learning Points

In this example, the display of the output is controlled by format-Table.  Following research with get-Member, you can decide which properties to add, and which to delete from my example.

Example 3b - List the companies who are responsible for the processes

# PowerShell script to list processes by company
get-Process | group-Object company | sort-Object name 

Learning Points

Such a script could be the basis of detecting rogue programs.  Once you have a list of companies you could check for suspicious or unknown names.

Example 3c - List the companies who are responsible for the processes

# PowerShell script to group by company
get-Process | sort company | format-Table ProcessName -groupby company

Learning Points

Here is a variation of Example 3b.  My idea is to format the output as a table, and then apply the -groupby command to aggregate the company information.  Incidentally, PowerShell provides information about 'company' that is not available from the Task Manager's Processes tab.

From a pure PowerShell point of view, observe the two pipelines (|) in the cmdlet.  This example also features group-Object and sort-Object.  In addition to improving the output, these handy verbs can be truncated to 'group' or 'sort', PowerShell intelligently deduces the noun, -object.

Example 3d - Filter processes with over 200 handles

# PowerShell script to list processes with more than 200 handles
get-Process | where-object { $_.Handles -gt 200 } 

Learning Points

The purpose of this command is to filter the processes.   $_.  is a placeholder, or reference to the current command, or the first pipeline.  From a PowerShell point of view, many script benefit from a 'Where' clause to filter the output.  Take the time to check where to place the (|) pipe, and also to admire the $_. construction, which means 'in this pipeline'

Summary of PowerShell get-Process

get-Process is a good place to start experimenting with the syntax of the new Microsoft Shell.  As you try the various PowerShell commands, look out for verb-noun pairs such as get-Process.  In this example, examine PowerShell techniques such as pipeline, get-Member and also format-Table.  One real life task is to check the company names associated with processes, and thus spot an impostor, a virus, or annoying grayware.

Next - Stop-Process (Kill a Windows Process)

See also more process and service topics

PowerShell Home  • get-Process  • stop-Process  • get-Service  • start-Service

Please write in if you see errors of any kind.  Please report any factual mistakes, grammatical errors or broken links, I will be happy to not only to correct the fault, but also to give you credit.

Download my ebook:Getting Started with PowerShell
Getting Started with PowerShell - only $9.25

You get 36 topics organized into these 3 sections:
   1) Getting Started
   2) Real-life tasks
   3) Examples of Syntax.

In addition to the ebook, you get a PDF version of this  Introduction to PowerShell ebook  It runs to 120 pages of A4.

 *

Google

Webcomputerperformance.co.uk

Guy Recommends: SolarWinds Exchange Monitor

Exchange Monitor from SolarWindsHere is a free tool to monitor your Exchange Server

 

Home Copyright © 1999-2008 Computer Performance LTD All rights reserved

Please report a broken link, or an error.