List all manageable properties of Windows Processes:
PS C:> GWmi Win32_process | Where-Object {$_.ProcessName -match "notepad2"}
ProcessName : Notepad2.exe
Handles : 66
VM : 83861504
WS : 8183808
Path : C:tempnotepad2.exe
__GENUS : 2
__CLASS : Win32_Process
__SUPERCLASS : CIM_Process
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_Process.Handle="4716"
__PROPERTY_COUNT : 45
__DERIVATION : {CIM_Process, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER : Test-PC1
__NAMESPACE : rootcimv2
__PATH : \Test-PC1rootcimv2:Win32_Process.Handle="4716"
Caption : Notepad2.exe
CommandLine : "C:tempnotepad2.exe"
CreationClassName : Win32_Process
CreationDate : 20110221055250.819087+000
CSCreationClassName : Win32_ComputerSystem
CSName : TDI-GOT1027
Description : Notepad2.exe
ExecutablePath : C:tempnotepad2.exe
ExecutionState :
Handle : 4716
HandleCount : 66
InstallDate :
KernelModeTime : 1560010
MaximumWorkingSetSize : 1380
MinimumWorkingSetSize : 200
Name : Notepad2.exe
OSCreationClassName : Win32_OperatingSystem
OSName : Microsoftr Windows Serverr 2008 Enterprise |C:Windows|DeviceHarddisk0Partition1
OtherOperationCount : 327
OtherTransferCount : 672
PageFaults : 2248
PageFileUsage : 3172
ParentProcessId : 7020
PeakPageFileUsage : 3172
PeakVirtualSize : 83861504
PeakWorkingSetSize : 7992
Priority : 8
PrivatePageCount : 3248128
ProcessId : 4716
QuotaNonPagedPoolUsage : 10
QuotaPagedPoolUsage : 153
QuotaPeakNonPagedPoolUsage : 10
QuotaPeakPagedPoolUsage : 154
ReadOperationCount : 34
ReadTransferCount : 818448
SessionId : 6
Status :
TerminationDate :
ThreadCount : 1
UserModeTime : 156001
VirtualSize : 83861504
WindowsVersion : 6.0.6001
WorkingSetSize : 8183808
WriteOperationCount : 0
WriteTransferCount : 0
PS C:>
List all processes for a specified user:
C:>TASKLIST /FI "USERNAME eq Test-User" Image Name PID Session Name Session# Mem Usage ========================= ======== ================ =========== ============ taskhost.exe 2580 Console 1 2,068 K taskhost.exe 4480 Console 1 5,224 K Notepad2.exe 8004 Console 1 3,684 K OUTLOOK.EXE 6560 Console 1 75,864 K ScriptEditor.exe 6292 Console 1 33,012 K iexplore.exe 7664 Console 1 21,456 K iexplore.exe 2772 Console 1 59,288 K firefox.exe 5440 Console 1 153,444 K plugin-container.exe 4168 Console 1 13,620 K powershell.exe 5220 Console 1 32,960 K tasklist.exe 5252 Console 1 4,412 K C:>
List all service processes running under a specified user:
C:>TASKLIST /FI "USERNAME eq NT AUTHORITYSYSTEM" /svc Image Name PID Services ========================= ======== ============================================ System Idle Process 0 N/A smss.exe 272 N/A csrss.exe 364 N/A csrss.exe 424 N/A wininit.exe 432 N/A winlogon.exe 480 N/A services.exe 528 N/A lsass.exe 536 EFS, KeyIso, Netlogon, ProtectedStorage, SamSs lsm.exe 548 N/A svchost.exe 648 DcomLaunch, PlugPlay, Power svchost.exe 884 AudioEndpointBuilder, CscService, Netman, PcaSvc, SysMain, TrkWks, UmRdpService, UxSm svchost.exe 916 AeLookupSvc, Appinfo, AppMgmt, BITS, CertPropSvc, gpsvc, iphlpsvc, LanmanServer, ProfSvc, Schedule, seclogon, SENS, SessionEnv, ShellHWDetection, Themes, Winmgmt, wuauserv spoolsv.exe 1440 Spooler timesync.exe 1632 AnukoTime inetinfo.exe 1696 IISADMIN SeaPort.exe 1860 SeaPort SearchIndexer.exe 2992 WSearch ccSvcHst.exe 3448 ccEvtMgr, ccSetMgr svchost.exe 5300 SDRSVC C:>
More to follow:
C:>
