powershellscripts.com

Tutorials  PowerShell Cmdlet Help for Get-Process



NAME
Get-Process

SYNOPSIS
Gets the processes that are running on the local computer or a remote computer.

SYNTAX
Get-Process [[-Name] ] [-ComputerName ] [-FileVersionInfo] [-Module] []

Get-Process -Id [-ComputerName ] [-FileVersionInfo] [-Module] []

Get-Process -InputObject [-ComputerName ] [-FileVersionInfo] [-Module] []


DESCRIPTION
The Get-Process cmdlet gets the processes on a local or remote computer.

Without parameters, Get-Process gets all of the processes on the local computer. You can also specify a particular
process by process name or process ID (PID) or pass a process object through the pipeline to Get-Process.

By default, Get-Process returns a process object that has detailed information about the process and supports metho
ds that let you start and stop the process. You can also use the parameters of Get-Process to get file version info
rmation for the program that runs in the process and to get the modules that the process loaded.


PARAMETERS
-ComputerName
Gets the processes running on the specified computers. The default is the local computer.

Type the NetBIOS name, an IP address, or a fully qualified domain name of one or more computers. To specify the
local computer, type the computer name, a dot (.), or "localhost".

This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-Proc
ess even if your computer is not configured to run remote commands.

Required? false
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false

-FileVersionInfo []
Gets the file version information for the program that runs in the process.

On Windows Vista and later versions of Windows, you must open Windows PowerShell with the "Run as administrator
" option to use this parameter on processes that you do not own.

Using this parameter is equivalent to getting the MainModule.FileVersionInfo property of each process object. W
hen you use this parameter, Get-Process returns a FileVersionInfo object (System.Diagnostics.FileVersionInfo),
not a process object. So, you cannot pipe the output of the command to a cmdlet that expects a process object,
such as Stop-Process.

Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false

-Id
Specifies one or more processes by process ID (PID). To specify multiple IDs, use commas to separate the IDs. T
o find the PID of a process, type "get-process".

Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false

-InputObject
Specifies one or more process objects. Enter a variable that contains the objects, or type a command or express
ion that gets the objects.

Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false

-Module []
Gets the modules that have been loaded by the processes.

On Windows Vista and later versions of Windows, you must open Windows PowerShell with the "Run as administrator
" option to use this parameter on processes that you do not own.

This parameter is equivalent to getting the Modules property of each process object. When you use this paramete
r, Get-Process returns a ProcessModule object (System.Diagnostics.ProcessModule), not a process object. So, you
cannot pipe the output of the command to a cmdlet that expects a process object, such as Stop-Process.

When you use both the Module and FileVersionInfo parameters in the same command, Get-Process returns a FileVers
ionInfo object with information about the file version of all modules.

Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false

-Name
Specifies one or more processes by process name. You can type multiple process names (separated by commas) or u
se wildcard characters. The parameter name ("Name") is optional.

Required? false
Position? 1
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? true


This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer and OutVariable. For more information, type,
"get-help about_commonparameters".

INPUTS
System.Diagnostics.Process
You can pipe a process object to Get-Process.


OUTPUTS
System.Diagnostics.Process, System.Diagnotics.FileVersionInfo, System.Diagnostics.ProcessModule
By default, Get-Process returns a System.Diagnostics.Process object. If you use the FileVersionInfo parameter,
it returns a System.Diagnotics.FileVersionInfo object. If you use the Module parameter (without the FileVersio
nInfo parameter), it returns a System.Diagnostics.ProcessModule object.


NOTES


You cannot use the Name, ID, and InputObject parameters in the same command.

You can also refer to Get-Process by its built-in aliases, "ps" and "gps". For more information, see about_Alia
ses.

You can also use the properties and methods of the WMI Win32_Process object in Windows PowerShell. For informat
ion, see Get-WmiObject and the Windows Management Instrumentation (WMI) SDK.

The default display of a process is a table that includes the following columns:

-- Handles: The number of handles that the process has opened.

-- NPM(K): The amount of non-paged memory that the process is using, in kilobytes.

-- PM(K): The amount of pageable memory that the process is using, in kilobytes.

-- WS(K): The size of the working set of the process, in kilobytes. The working set consists of the pages of me
mory that were recently referenced by the process.

-- VM(M): The amount of virtual memory that the process is using, in megabytes. Virtual memory includes storage
in the paging files on disk.

-- CPU(s): The amount of processor time that the process has used on all processors, in seconds.

-- ID: The process ID (PID) of the process.

-- ProcessName: The name of the process.

For explanations of the concepts related to processes, see the Glossary in Help and Support Center and the Help
for Task Manager.

You can also use the built-in alternate views of the processes available with Format-Table, such as "StartTime"
and "Priority", and you can design your own views. For more information, see Format-Table.


-------------------------- EXAMPLE 1 --------------------------

C:\PS>Get-Process


Description
-----------
This command gets a list of all of the running processes running on the local computer. For a definition of each co
lumn, see the "Additional Notes" section of the Help topic for Get-Help.





-------------------------- EXAMPLE 2 --------------------------

C:\PS>Get-Process winword, explorer | format-list *


Description
-----------
This command gets all available data about the Winword and Explorer processes on the computer. It uses the Name par
ameter to specify the processes, but it omits the optional parameter name. The pipeline operator (|) passes the dat
a to the Format-List cmdlet, which displays all available properties (*) of the Winword and Explorer process object
s.

You can also identify the processes by their process IDs. For example, "get-process -id 664, 2060".





-------------------------- EXAMPLE 3 --------------------------

C:\PS>get-process | where-object {$_.WorkingSet -gt 20000000}


Description
-----------
This command gets all processes that have a working set greater than 20 MB. It uses the Get-Process cmdlet to get a
ll running processes. The pipeline operator (|) passes the process objects to the Where-Object cmdlet, which select
s only the object with a value greater than 20,000,000 bytes for the WorkingSet property.

WorkingSet is one of many properties of process objects. To see all of the properties, type "Get-Process | Get-Memb
er". By default, the values of all amount properties are in bytes, even though the default display lists them in ki
lobytes and megabytes.





-------------------------- EXAMPLE 4 --------------------------

C:\PS>$a = get-process

C:\PS> get-process -inputobject $a | format-table -view priority


Description
-----------
These commands list the processes on the computer in groups based on their priority class.

The first command gets all the processes on the computer and then stores them in the $a variable.

The second command uses the InputObject parameter to pass the process objects that are stored in the $a variable to
the Get-Process cmdlet. The pipeline operator passes the objects to the Format-Table cmdlet, which formats the pr
ocesses by using the Priority view.

The priority view, and other views, are defined in the PS1XML format files in the Windows PowerShell home directory
($pshome).





-------------------------- EXAMPLE 5 --------------------------

C:\PS>get-process powershell -computername S1, localhost | ft @{Label="NPM(K)";Expression={[int]($_.NPM/1024)}}, @{
Label="PM(K)";Expression={[int]($_.PM/1024)}},@{Label="WS(K)";Expression={[int]($_.WS/1024)}},@{Label="VM(M)";Expre
ssion={[int]($_.VM/1MB)}}, @{Label="CPU(s)";Expression={if ($_.CPU -ne $()) { $_.CPU.ToString("N")}}}, Id, MachineN
ame, ProcessName -auto


NPM(K) PM(K) WS(K) VM(M) CPU(s) Id MachineName ProcessName
------ ----- ----- ----- ------ -- ----------- -----------
6 23500 31340 142 1980 S1 powershell
6 23500 31348 142 4016 S1 powershell
27 54572 54520 576 4428 localhost powershell


Description
-----------
This example provides a Format-Table (alias = ft) command that adds the MachineName property to the standard Get-Pr
ocess output display.





-------------------------- EXAMPLE 6 --------------------------

C:\PS>get-process powershell -fileversioninfo

ProductVersion FileVersion FileName
-------------- ----------- --------
6.1.6713.1 6.1.6713.1 (f... C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe


Description
-----------
This command uses the FileVersionInfo parameter to get the version information for the PowerShell.exe file that is
the main module for the PowerShell process.

To run this command with processes that you do not own on Windows Vista and later versions of Windows, you must ope
n Windows PowerShell with the "Run as administrator" option.





-------------------------- EXAMPLE 7 --------------------------

C:\PS>get-process sql* -module


Description
-----------
This command uses the Module parameter to get the modules that have been loaded by the process. This command gets t
he modules for the processes that have names that begin with "sql".

To run this command on Windows Vista (and later versions of Windows) with processes that you do not own, you must s
tart Windows PowerShell with the "Run as administrator" option.





-------------------------- EXAMPLE 8 --------------------------

C:\PS>$p = get-wmiobject win32_process -filter "name='powershell.exe'"

C:\PS> $p.getowner()

__GENUS : 2
__CLASS : __PARAMETERS
__SUPERCLASS :
__DYNASTY : __PARAMETERS
__RELPATH :
__PROPERTY_COUNT : 3
__DERIVATION : {}
__SERVER :
__NAMESPACE :
__PATH :
Domain : DOMAIN01
ReturnValue : 0
User : user01


Description
-----------
This command shows how to find the owner of a process. Because the System.Diagnostics.Process object that Get-Proce
ss returns does not have a property or method that returns the process owner, the command uses
the Get-WmiObject cmdlet to get a Win32_Process object that represents the same process.

The first command uses Get-WmiObject to get the PowerShell process. It saves it in the $p variable.

The second command uses the GetOwner method to get the owner of the process in $p. The command reveals that the own
er is Domain01\user01.





-------------------------- EXAMPLE 9 --------------------------

C:\PS>get-process powershell

C:\PS> get-process -id $pid

C:\PS> get-process powershell

Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
308 26 52308 61780 567 3.18 5632 powershell
377 26 62676 63384 575 3.88 5888 powershell


C:\PS> get-process -id $pid

Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
396 26 56488 57236 575 3.90 5888 powershell


Description
-----------
These commands show how to use the $pid automatic variable to identify the process that is hosting the current Wind
ows PowerShell session. You can use this method to distinguish the host process from other PowerShell processes tha
t you might want to stop or close.

The first command gets all of the PowerShell processes in the current session.

The second command gets the PowerShell process that is hosting the current session.






RELATED LINKS
Online version: http://go.microsoft.com/fwlink/?LinkID=113324
Get-Process
Start-Process
Stop-Process
Wait-Process
Debug-Process