PowerShell: Process Wrangling with Get-Process

PowerShell: Process Wrangling with Get-Process

In it’s simplest form the PowerShell command Get-Process will return all running processes. In this article, we will explore all the powerful ways to use the Get-Process command.

The Basics

Get-Process

List all running processes

Get-Process explorer

Get process(es) by name.
Note: This command may return more than one result if multple instances of an application are running.

Get-Process a*

Wildcard Query search for processes by name

Get-Process -Id 3916

Get process by id or PID

Get-Process -iD 3916 | Select-Object *

Get all available information about a single process.

Get-Process explorer -IncludeUsername

Information about the process owner is not included in the output by default but can be by supplying the -IncludeUserName argument.

Get-Process -FileVersionInfo explorer | Select-Object *

Use the -FileVersionInfo argument to get detailed information about a executable file for a given process.
Note: Omitting | Select-Object * only returns ProductVersion,FileVersion,FileName.

Working with multiple instances of an application

Get-Process notepad | Sort-Object StartTime | Select-Object Id,Name,StartTime

List all instances of an application sorted by StartTime.

Get-Process notepad | Sort-Object StartTime | Select-Object Id,Name,StartTime | Select -First 1

Get the longest running instances of an application.

Get-Process notepad | Sort-Object StartTime -Descending | Select-Object Id,Name,StartTime | Select -First 1

Get the most recent running instances of an application.

User Processes

Get Processes by Username


Process CPU and Memory Utilization

Get-Process | Sort-Object CPU -desc | Select-Object -first 5 | Format-Table Id,ProcessName,CPU

Get top 5 processes by CPU utilization

gwmi Win32_PerfFormattedData_PerfProc_Process| sort PercentProcessorTime -desc | select IDProcess,Name,PercentProcessorTime | Select -First 7 | ft -auto

This alternative command does not use Get-Process but does show top 5 processes with percentage of CPU utilization.

get-process | Where-Object {$_.Responding -ne "True"}

List all process that are hung or not responding.

Get-Process | Where-Object {$_.WorkingSet -gt 100000000}

Get all processes using more than 100MB of memory

Executing & Terminating Processes

Start-Process
Let’s first learn how to launch a process from PowerShell. If we want to do anything interesting with our executing process we need use the -passthru argument so that the process id is pass back to our script.
Stop-Process
Next, lets review how Stop-Process works

Combining Get-Process and Stop-Process

Terminate the most recent instance of an application
Terminate the oldest instance of an application

Terminate application instances in order, oldest to newest

In this example we also introduce a 2 second delay between each call to Stop-Process.
Start and Stop an Application
Start a process and wait for it to terminate

Launch an application and count how long it was running for

Executing & Terminating Multiple Processes


I hope you have enjoyed this deep dive into the Get-Process command. If you have any suggestions or additions to this article please leave a comment down below.

Get-Process Properties Reference

Reference

Comments are closed.