PowerShell has a lot of features to manage processes on a local or a remote computer. Using PowerShell, you can get a list of running processes, suspend a hung-up process, find a process by a windows title, run a new process in a hidden or interactive mode, etc.
You can display the list of available process management cmdlets in Windows 10 as follows:
Get-Command –Noun Process
- Get-Process – get a list of running Windows processes;
- Start-Process – start a process/program;
- Stop-Process – forcibly stop (kill) the process;
- Debug-Process – debug a process;
- Wait-Process – wait till the process ends.
Get-Process: Getting a List of Running Processes
The Get-Process cmdlet displays a list of processes running on a local computer.
By default, these properties of running processes are displayed:
- Handles – the number of input-output file descriptors (handles) opened by this process;
- NPM(K) – is a non-paged memory (non-paged pool). This is the size of the process data (in KB) that is never paged on disk;
- PM(K) – the size of the process memory that may be paged;
- WS(K) – the size of physical memory (in KB) used by the process (Working Set);
- CPU(s) – a CPU time used by the process (time on all CPUs is counted);
- ID – unique process identifier;
- SI (Session ID) – is the process session ID (0 means running for all sessions, 1- running for the first logged on user, 2 — running for the second logged on user, etc.);
- ProcessName
To list all properties of multiple processes:
Get-Process cmd,excel,notep* | Format-List *
You can display the specific process properties only, for example, a name (ProcessName), a start time (StartTime), a process window title (MainWindowTitle), an executable file name (Path) and a developer name (Company):
Get-Process winword, notep* | Select-Object ProcessName, StartTime, MainWindowTitle, Path, Company|ft
To display a list of running user processes with GUI (background and system processes will not be displayed):
Get-Process | Where-Object {$_.mainWindowTitle} | Format-Table Id, Name, mainWindowtitle
Using the IncludeUserName option, you can display a user name (owner) who has started the process:
Get-Process -Name winword -IncludeUserName
Using Where-Object, you can select processes according to some criteria. For example, let’s display all processes using over 300 MB of RAM, sort them in the descending order by the memory usage and show the memory size in MB instead of KB:
Get-Process| where-object {$_.WorkingSet -GT 300000*1024}|select processname,@{l="Used RAM(MB)"; e={$_.workingset / 1mb}} |sort "Used RAM(MB)" –Descending
As we told earlier, the Get-Process cmdlet in the CPU parameter contains the processor time used by the specific process in seconds. To display the percentage of CPU used by processes (similar to the Task Manager), use this function:
function Get-CPUUsagePercent
{
$CPUPercent = @{
Name = 'CPUPercent'
Expression = {
$TotalSec = (New-TimeSpan -Start $_.StartTime).TotalSeconds
[Math]::Round( ($_.CPU * 100 / $TotalSec), 2)
}
}
Get-Process | Select-Object -Property Name, $CPUPercent, Description | Sort-Object -Property CPUPercent -Descending | Select-Object -First 20
}
Get-CPUUsagePercent
To find hung processes (which are not responding), run the following command:
Get-Process | where-object {$_.Responding -eq $false}
Start-Process, Stop-Process: How to Start or Stop Processes with PowerShell
To start a new process using PowerShell, this command is used:
Start-Process -FilePath notepad
If there is no executable file in the $env:path environment variable, specify the full path to the file:
Start-Process -FilePath 'C:\distr\app.exe'
You can run a program and pass arguments to it:
Start-Process -FilePath ping -ArgumentList "-n 10 10.1.56.21"
Using the WindowStyle option, you can set the process window start mode (normal, minimized, maximized, hidden). For example, to run a program in a maximized window and wait till the process is over, run this command:
Start-Process -FilePath tracert -ArgumentList "10.1.56.21" –wait -windowstyle Maximized
Using Stop-Process cmdlet, you can stop any process. For instance, to close all running notepad processes:
Stop-Process -Name notepad
By default, you are not prompted to confirm killing a process. All processes that meet the specified criteria will be stopped. To be able to confirm stopping processes, add the –Confirm option:
Stop-Process -Name notepad.exe -Confirm
(Get-Process -Name cmd).Kill()
From PowerShell, you can force stop all apps that are not responding to Windows Process Manager:
Get-Process | where-object {$_.Responding -eq $false}| Stop-Process
Manage Processes on a Remote Computer Using PowerShell
You can use the ComputerName option of the Get-Process cmdlet in order to manage processes on remote computers (WinRM must be enabled and configured).
Get-Process -ComputerName srv01, srv02, srv03| Format-Table -Property ProcessName, ID, MachineName
Invoke-Command and Enter-PSSession cmdlets are not covered here.If you want to kill a process on a remote computer, note that the Stop-Process cmdlet doesn’t have the –ComputerName parameter. To stop a process on a remote computer, you can use the following PowerShell code:
$RemoteProcess = Get-Process -Name cmd -ComputerName srv01
Stop-Process -InputObject $RemoteProcess
1 comment
Change the process priority:
Get-WmiObject Win32_process -filter ‘name = “ProcessName.exe”‘ | foreach-object { $_.SetPriority(PriorityLevelID) }
or
wmic process where name=”ProcessName” CALL setpriority “PriorityLevelID”
idle: 64
below normal: 16384
normal: 32
above normal: 32768
high priority: 128
real time: 256