PowerShell Get-Process Overview

Overview

This lecture covers the PowerShell Get-Process cmdlet, which retrieves information about running processes on local or remote computers, including syntax, parameters, usage examples, and output details.

Basic Usage and Syntax

• Get-Process lists all running processes on the local computer by default.
• You can specify processes by name (-Name) or process ID (-Id).
• Supports retrieving processes on remote computers using the -ComputerName parameter.

Important Parameters

• -Name allows specifying one or more process names, supports wildcards.
• -Id specifies one or more process IDs (PIDs).
• -ComputerName targets remote computers by name, IP, or FQDN.
• -Module retrieves information on each module loaded in a process.
• -FileVersionInfo returns file version info for a process’s main module.
• -IncludeUserName adds the owner username to process info (requires admin rights).
• Accepts pipeline input for process objects.

Output and Object Types

• By default, returns a System.Diagnostics.Process object with process details.
• With -Module, returns ProcessModule objects; with -FileVersionInfo, returns FileVersionInfo objects.
• The default display includes columns: Handles, NPM(K), PM(K), WS(K), CPU(s), Id, SI, and ProcessName.

Common Examples

• Get-Process shows all processes; Get-Process winword, explorer targets specific processes by name.
• Use Where-Object to filter by properties (e.g., working set memory over 20MB).
• Use formatting cmdlets (Format-Table, Format-List) to customize displayed properties.
• Use $PID to reference the process hosting the current PowerShell session.

Advanced and Admin Tasks

• Viewing module or owner info often needs elevated rights (Run as administrator).
• To get process details from remote computers, use Invoke-Command with Get-Process.
• Use Get-CimInstance and Invoke-CimMethod for owner info without admin rights.

Aliases and Platform Notes

• gps and ps are aliases for Get-Process.
• On 32-bit PowerShell, 64-bit process info like Path and MainModule may be unavailable.

Key Terms & Definitions

• Process — An instance of a running program.
• Module — Executable or DLL loaded into a process.
• WorkingSet — Physical memory currently used by a process.
• PID (Process ID) — Unique identifier for a running process.
• Session ID (SI) — Identifier for a user session.
• MainModule — The initial executable module of a process.
• FileVersionInfo — Detailed file version information for a module.

Action Items / Next Steps

• Practice using Get-Process with different parameters and filters.
• Try running PowerShell as administrator to access all process information.
• Experiment with Format-Table, Where-Object, and viewing all properties with Get-Member.
• Review related cmdlets: Stop-Process, Start-Process, Wait-Process.