Tech Tips

PowerShell is a powerful tool for managing processes on a local or remote computer. You can retrieve a list of running processes with PowerShell, suspend a hung process, find a process by a windows title, run a new process in hidden or interactive mode, and so forth.

In Windows 10, you can see a list of possible process management cmdlets as follows:

Get-Command –Noun Process

• Get-Process– get a list of running Windows processes;
• Start-Process– start a process/program;
• Stop-Process– forcibly stop (kill) the process;
• Debug-Process– debug a process;
• Wait-Process– wait till the process ends

Get-Process: Getting a List of Running Processes

The Get-Process cmdlet displays a list of processes running on a local computer

• These attributes of running processes are presented by default:
• Handles – the total amount of input-output file descriptors (handles) that this process has opened;
• NPM(K) – is a non-paged memory. This is the size of the process data (in KB) that is never paged on disk;
• PM(K) – the size of the process memory that may be paged;
• WS(K) – the size of physical memory (in KB) used by the process (Working Set);
• CPU(s) – a CPU time used by the process (time on all CPUs is counted);
• ID – unique process identifier;
• SI (Session ID) – is the process session ID (0 means running for all sessions, 1- running for the first logged on user, 2 — running for the second logged on user, etc.);
• ProcessName

To list all properties of multiple processes:

Get-Process cmd,excel,notep* | Format-List *

You can display the specific process properties only, for example, a name (ProcessName), a start time (StartTime), a process window title (MainWindowTitle), an executable file name (Path) and a developer name (Company):

Get-Process winword, notep* | Select-Object ProcessName, StartTime, MainWindowTitle, Path, Company|ft

To show a list of currently running user processes in a graphical user interface (background and system processes will not be shown):

Get-Process | Where-Object {$_.mainWindowTitle} | Format-Table Id, Name, mainWindowtitle

Using the IncludeUserName option, you can display a user name (owner) who has started the process:

Get-Process -Name winword–IncludeUserName

You can use Where-Object to choose processes based on certain criteria. For example, let’s show all programs that use more than 300 MB of RAM, arrange them by memory usage in descending order, and display the memory amount in MB rather than KB:

Get-Process| where-object {$_.WorkingSet -GT 300000*1024}|select processname,@{l=”Used RAM(MB)”; e={$_.workingset / 1mb}} |sort “Used RAM(MB)” –Descending

As previously stated, the CPU parameter of the Get-Process cmdlet contains the processor time consumed by the specific process in seconds. Use this function to see the proportion of CPU consumed by programmes (similar to Task Manager):

function Get-CPUUsagePercent
{
$CPUPercent = @{
Name = ‘CPUPercent’
Expression = {
$TotalSec = (New-TimeSpan -Start $_.StartTime).TotalSeconds
[Math]::Round( ($_.CPU * 100 / $TotalSec), 2)
}
}
Get-Process | Select-Object -Property Name, $CPUPercent, Description | Sort-Object -Property CPUPercent -Descending | Select-Object -First 20
}
Get-CPUUsagePercent

To find hung processes (which are not responding), run the following command:

Get-Process | where-object {$_.Responding -eq $false}

Start-Process, Stop-Process: How to Start or Stop Processes with PowerShell

To start a new process using PowerShell, this command is used:

Start-Process -FilePath notepad

If there is no executable file in the $env:path environment variable, specify the full path to the file:

Start-Process -FilePath ‘C:\distr\app.exe’

You can run a program and pass arguments to it:

Start-Process -FilePath ping -ArgumentList “-n 10 10.1.56.21”

You can change the process window’s start mode with the WindowStyle parameter (normal, minimized, maximized, hidden). Execute this command, for example, to run a programme in a maximised window and wait for it to finish:

Start-Process -FilePathtracert -ArgumentList “10.1.56.21” –wait -windowstyle Maximized

Using Stop-Process cmdlet, you can stop any process. For instance, to close all running notepad processes:

Stop-Process -Name notepad

You are not requested to confirm stopping a process by default. All procedures that meet the requirements will be halted. Add the –Confirm option to be able to confirm halting processes:

Stop-Process -Name notepad.exe –Confirm

Also, you can kill a process as follows:

(Get-Process -Name cmd).Kill()

From PowerShell, you can force stop all apps that are not responding to Windows Process Manager:

Get-Process | where-object {$_.Responding -eq $false}| Stop-Process

Using PowerShell, you can automatically restart a hung or closed process.

Using PowerShell to Manage Processes on a Remote Computer

You can use the ComputerName option of the Get-Process cmdlet in order to manage processes on remote computers (WinRM must be enabled and configured).

Get-Process -ComputerName srv01, srv02, srv03| Format-Table -Property ProcessName, ID, MachineName

We deal with the built-in Get-Process features to manage processes on remote computers. PowerShell Remoting features available in Invoke-Command and Enter-PSSession cmdlets are not covered here.

Note that the Stop-Process cmdlet does not have the –ComputerName parameter if you wish to stop a process on a remote computer. You can use the following PowerShell code to stop a process on a remote computer:

$RemoteProcess = Get-Process -Name cmd -ComputerName srv01
Stop-Process -InputObject $RemoteProcess

At Velan, our server support engineers can manage your server. If you are interested in our service, please fill the Quick connect form to get in touch with us.