Using the Get-Process Cmdlet
The Get-Process cmdlet provides a quick and easy way to retrieve information about the processes running on your computer. To get a quick overview of all the processes currently running on your machine simply call Get-Process without any parameters:
Get-Process
By default, you’ll get back data similar to this:
Believe it or not, that’s all it takes. Only interested in the instances of Microsoft Word that are running on your computer? Then call Get-Process followed by the executable file name (without the file extension). In other words:
Get-Process winword
That results in output similar to this:
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
565 25 48760 77744 537 241.34 3116 WINWORD
Want to get back more than one process? Then just specify more than one executable name, separating the names with commas:
Get-Process winword,explorer
This time around your output will return information about both Word and Windows Explorer:
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
497 16 18524 28264 96 8.30 1080 explorer
565 25 48760 77744 537 241.34 3116 WINWORD
Alternatively, you can use a wildcards to retrieve information about, say, all the running processes whose executable file name starts with the letter w:
Get-Process w*
With this command you get back pretty much what you’d expect to get back:
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
65 2 1628 1836 15 0.03 2024 wdfmgr
557 65 8184 3824 57 1.06 1220 winlogon
569 26 48748 77912 542 282.86 3116 WINWORD
149 4 2024 5288 37 0.17 808 wmiprvse
48 2 916 3404 29 0.06 2820 WZQKPICK
Although the functionality of the Get-Process cmdlet overlaps with the functionality of the WMI class Win32_Process, Get-Process can retrieve additional information not exposed through WMI, including properties such as company, file version, and product version. For example, this command pipes Get-Process through the Select-Object cmdlet, filtering out everything except the process name and the properties just mentioned:
Get-Process | Select-Object name,fileversion,productversion,company
Here’s the kind of information you can expect to get back:
Name FileVersion ProductVersion Company
---- ----------- -------------- -------
alg 5.1.2600.2180 (x... 5.1.2600.2180 Microsoft Corpor...
apdproxy 3.0.0.53237 3.0.0.53237 Adobe Systems In...
asghost 1.5.0.035 1.5 Cognizance Corpo...
ati2evxx 6.14.10.4118 6.14.10.4118.02 ATI Technologies...
Note. Because of the length of some of these property values, you might want to pipe the output through the Format-List cmdlet. |
So how do you know which process properties are available through Get-Process? Probably the easiest way to determine that is to simply call Get-Process and then pipe the returned information through the Get-Member cmdlet:
Get-Process | Get-Member
That will return a list of all of the cmdlet’s properties and methods.
Get-Process Aliases |
---|
|