PS: Managing Windows Processes

List all manageable properties of Windows Processes:

PS C:> GWmi Win32_process | Where-Object {$_.ProcessName -match "notepad2"}

ProcessName                : Notepad2.exe
Handles                    : 66
VM                         : 83861504
WS                         : 8183808
Path                       : C:tempnotepad2.exe
__GENUS                    : 2
__CLASS                    : Win32_Process
__SUPERCLASS               : CIM_Process
__DYNASTY                  : CIM_ManagedSystemElement
__RELPATH                  : Win32_Process.Handle="4716"
__PROPERTY_COUNT           : 45
__DERIVATION               : {CIM_Process, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER                   : Test-PC1
__NAMESPACE                : rootcimv2
__PATH                     : \Test-PC1rootcimv2:Win32_Process.Handle="4716"
Caption                    : Notepad2.exe
CommandLine                : "C:tempnotepad2.exe"
CreationClassName          : Win32_Process
CreationDate               : 20110221055250.819087+000
CSCreationClassName        : Win32_ComputerSystem
CSName                     : TDI-GOT1027
Description                : Notepad2.exe
ExecutablePath             : C:tempnotepad2.exe
ExecutionState             :
Handle                     : 4716
HandleCount                : 66
InstallDate                :
KernelModeTime             : 1560010
MaximumWorkingSetSize      : 1380
MinimumWorkingSetSize      : 200
Name                       : Notepad2.exe
OSCreationClassName        : Win32_OperatingSystem
OSName                     : Microsoftr Windows Serverr 2008 Enterprise |C:Windows|DeviceHarddisk0Partition1
OtherOperationCount        : 327
OtherTransferCount         : 672
PageFaults                 : 2248
PageFileUsage              : 3172
ParentProcessId            : 7020
PeakPageFileUsage          : 3172
PeakVirtualSize            : 83861504
PeakWorkingSetSize         : 7992
Priority                   : 8
PrivatePageCount           : 3248128
ProcessId                  : 4716
QuotaNonPagedPoolUsage     : 10
QuotaPagedPoolUsage        : 153
QuotaPeakNonPagedPoolUsage : 10
QuotaPeakPagedPoolUsage    : 154
ReadOperationCount         : 34
ReadTransferCount          : 818448
SessionId                  : 6
Status                     :
TerminationDate            :
ThreadCount                : 1
UserModeTime               : 156001
VirtualSize                : 83861504
WindowsVersion             : 6.0.6001
WorkingSetSize             : 8183808
WriteOperationCount        : 0
WriteTransferCount         : 0

PS C:>

List all processes for a specified user:

C:>TASKLIST /FI "USERNAME eq Test-User"

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
taskhost.exe                  2580 Console                    1      2,068 K
taskhost.exe                  4480 Console                    1      5,224 K
Notepad2.exe                  8004 Console                    1      3,684 K
OUTLOOK.EXE                   6560 Console                    1     75,864 K
ScriptEditor.exe              6292 Console                    1     33,012 K
iexplore.exe                  7664 Console                    1     21,456 K
iexplore.exe                  2772 Console                    1     59,288 K
firefox.exe                   5440 Console                    1    153,444 K
plugin-container.exe          4168 Console                    1     13,620 K
powershell.exe                5220 Console                    1     32,960 K
tasklist.exe                  5252 Console                    1      4,412 K

C:>

 

List all service processes running under a specified user:

C:>TASKLIST /FI "USERNAME eq NT AUTHORITYSYSTEM" /svc

Image Name                     PID Services                                   
========================= ======== ============================================
System Idle Process              0 N/A                                        
smss.exe                       272 N/A                                        
csrss.exe                      364 N/A                                        
csrss.exe                      424 N/A                                        
wininit.exe                    432 N/A                                        
winlogon.exe                   480 N/A                                        
services.exe                   528 N/A                                        
lsass.exe                      536 EFS, KeyIso, Netlogon, ProtectedStorage,   
 SamSs                                      
lsm.exe                        548 N/A                                        
svchost.exe                    648 DcomLaunch, PlugPlay, Power                
svchost.exe                    884 AudioEndpointBuilder, CscService, Netman,  
 PcaSvc, SysMain, TrkWks, UmRdpService, UxSm
svchost.exe                    916 AeLookupSvc, Appinfo, AppMgmt, BITS,       
 CertPropSvc, gpsvc, iphlpsvc, LanmanServer,
 ProfSvc, Schedule, seclogon, SENS,         
 SessionEnv, ShellHWDetection, Themes,      
 Winmgmt, wuauserv                          
spoolsv.exe                   1440 Spooler                                    
timesync.exe                  1632 AnukoTime                                  
inetinfo.exe                  1696 IISADMIN                                   
SeaPort.exe                   1860 SeaPort                                    
SearchIndexer.exe             2992 WSearch                                    
ccSvcHst.exe                  3448 ccEvtMgr, ccSetMgr                         
svchost.exe                   5300 SDRSVC                                     

C:>

 

 

More to follow:

C:>

 

Leave a Reply

Your email address will not be published. Required fields are marked *