.png)
Using the Get-Process Cmdlet
Retrieving Process Information
The Get-Process cmdlet provides a quick and easy way to retrieve information about the processes running on your computer. To get a quick overview of all the processes currently running on your machine simply call Get-Process without any parameters:
Get-Process
By default, you’ll get back data similar to this:
Believe it or not, that’s all it takes. Only interested in the instances of Microsoft Word that are running on your computer? Then call Get-Process followed by the executable file name (without the file extension). In other words:
Get-Process winword
That results in output similar to this:
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
565 25 48760 77744 537 241.34 3116 WINWORD
Want to get back more than one process? Then just specify more than one executable name, separating the names with commas:
Get-Process winword,explorer
This time around your output will return information about both Word and Windows Explorer:
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
497 16 18524 28264 96 8.30 1080 explorer
565 25 48760 77744 537 241.34 3116 WINWORD
Alternatively, you can use a wildcards to retrieve information about, say, all the running processes whose executable file name starts with the letter w:
Get-Process w*
With this command you get back pretty much what you’d expect to get back:
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
65 2 1628 1836 15 0.03 2024 wdfmgr
557 65 8184 3824 57 1.06 1220 winlogon
569 26 48748 77912 542 282.86 3116 WINWORD
149 4 2024 5288 37 0.17 808 wmiprvse
48 2 916 3404 29 0.06 2820 WZQKPICK
Although the functionality of the Get-Process cmdlet overlaps with the functionality of the WMI class Win32_Process, Get-Process can retrieve additional information not exposed through WMI, including properties such as company, file version, and product version. For example, this command pipes Get-Process through the Select-Object cmdlet, filtering out everything except the process name and the properties just mentioned:
Get-Process | Select-Object name,fileversion,productversion,company
Here’s the kind of information you can expect to get back:
Name FileVersion ProductVersion Company ---- ----------- -------------- ------- alg 5.1.2600.2180 (x... 5.1.2600.2180 Microsoft Corpor... apdproxy 3.0.0.53237 3.0.0.53237 Adobe Systems In... asghost 1.5.0.035 1.5 Cognizance Corpo... ati2evxx 6.14.10.4118 6.14.10.4118.02 ATI Technologies...
|
Note. Because of the length of some of these property values, you might want to pipe the output through the Format-List cmdlet. |
So how do you know which process properties are available through Get-Process? Probably the easiest way to determine that is to simply call Get-Process and then pipe the returned information through the Get-Member cmdlet:
Get-Process | Get-Member
That will return a list of all of the cmdlet’s properties and methods.
| Get-Process Aliases |
|---|
|
