Guy recommends :
Free – WMI Monitor
Get more ideas for your PowerShell scripts with SolarWinds’ WMI Monitor.
Guy's Review of Computer Tools
1) Belarc Advisor
2) Network Perf Mon
3) Freeping
4) PuTTY
5) Bandwidth Analyzer
6) Secunia
7) Net-SNMP
8) Permission Analyzer
9) DNS Stuff
10) WinDiff's Compare
These scripts use the PowerShell Compare-Object cmdlet to investigate which process corresponds to which application. The benefit is that you can employ ‘Diff’ to identify potential rogue applications.
Topics for PowerShell’s Diff (Compare-Object)
- This Week’s Secret
- This Week’s Mission
- Example 1 – Compare-Object Processes
- Example 2 – Open Applications in the Program Files Folder
♣
This Week’s Secret
I love PowerShell scripts that achieve two different objectives. What makes my day is if one of the objectives is to solve a real life problem such as detecting rogue processes.
One reason I produce these ezines is to encourage people to use PowerShell for every-day tasks. In my imagination, I see thousands of people who have a minor computer problem to solve; my aim is to show these people how PowerShell can tackle a real-life task such as matching an application to a process.
This Week’s Mission
The underlying principle of researching which process corresponds to which application is to take a snapshot of running processes, then start the application, finally, take another snapshot of task manager’s processes. The resulting difference identifies the process(es) which corresponds to your application. Apart from learning a valuable technique, this mission will help you gain valuable experience of PowerShell’s Compare-Object cmdlet, also known by its alias of ‘Diff’.
Guy Recommends: WMI Monitor and It’s Free!
Windows Management Instrumentation (WMI) is one of the hidden treasures of Microsoft’s operating systems. Fortunately, SolarWinds have created a Free WMI Monitor so that you can discover these gems of performance information, and thus improve your scripts.
Take the guess work out of which WMI counters to use when scripting the operating system, Active Directory or Exchange Server. Give this WMI monitor a try – it’s free.
Download your free copy of WMI Monitor
Example 1 – Compare-Object Processes
What this example does is start a program and then check to see which process(es) have been launched as a result. To get you started I have chosen Calc as an example, largely because it’s found on most Windows computers.
# PowerShell Script to Detect Processes
Clear-Host
$Before = Get-Process
Calc
$After = Get-Process
Compare-Object $Before $After -Property name
Note 1: Actually, you can use Compare-Object to find differences in files or even registry settings. The principle is always the same, take a snapshot before and after the changes and then identify changes.
Note 2: Talking of difference, Compare-Object has an alias called ‘Diff’. Try substituting this for the last line:
Diff $Before $After -Property name
Note 3: You could modify the script to open not one but 3 programs, thus:
Calc; Taskmgr; Control
Example 2 – To Open Applications in the Program Files Folder
The point of this script is to launch a named program and then observe which processes result. It’s up to you to research the path to your program, and then substitute that value in my script below.
If this script does not work, even though you have amended $Rogue, then Start-Sleep gives you 15 seconds, to launch the program manually. If 15 seconds is not long enough then adjust the value of -s 15.
# PowerShell
Clear-Host
$ShellExp = New-Object -comObject Shell.Application
$Rogue ="C:\windows\system32\calc.exe"
#$Rogue ="C:\Program Files (x86)\Live365\Radio365\Radio365_Dlg.exe"
$Before = Get-Process
$ShellExp.open($Rogue)
Start-Sleep -s 15
# Do stuff – Open programs manually
$After = Get-Process
Compare-Object $Before $After -Property name
Note 4: You can see how I used C:\Program Files (x86)\Live365\Radio365\Radio365_Dlg.exe in my real-life script; all you need to find YOUR executable is to right-click and copy the file path, then paste into the value for $Rogue.
Note 5: I say again, the Start-Sleep command pauses the script to give you time to ‘Do stuff’ such as launch the program under investigation manually.
Summary of PowerShell’s Diff
These example employ the PowerShell Compare-Object cmdlet to investigate which application corresponds to which process. The benefit is that you can employ this ‘Diff’ to identify potential rogue applications. Diff, or Difference, is a valuable technique which you can also use to research folder changes or registry settings.
Guy Recommends: Tools4ever’s UMRA
Tired of writing scripts? The User Management Resource Administrator solution by Tools4ever offers an alternative to time-consuming manual processes.
It features 100% auto provisioning, Helpdesk Delegation, Connectors to more than 130 systems/applications, Workflow Management, Self Service and many other benefits. Click on the link for more information onUMRA.
If you like this page then please share it with your friends
See More Microsoft PowerShell WMI Examples:
• Home • PowerShell Get-WmiObject • Win32_ComputerSystem • Free WMI Monitor
• WMI Class • [WMI] Type • Win32_printer • Win32_product • SystemRestore • WMI Services
• WMI Disk • DNS • Memory • PowerShell -Filter • Check Server UpTime • ConvertToDateTime
Please email me if you have a script examples. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
