Let’s learn how to use PowerShell in order to check if a specific application or process is running; how to restart it automatically in case of a crash, if a user closed it accidentally, or it starts consuming a large amount of memory (memory leak).
Earlier we showed how to manage Windows processes using PowerShell. To make sure if the notepad.exe process is running and restart it, you can use the script below:
If (!(Get-Process -Name notepad -ErrorAction SilentlyContinue))
{Invoke-Item C:\Windows\notepad.exe
}
You can automatically restart a process if it doesn’t respond (is hanging) or if it started to use too much memory (over 1000 MB in this example):
$proc = Get-Process -Name notepad| Sort-Object -Property ProcessName -Unique
If (($proc.Responding -eq $false) –or ($proc.WorkingSet -GT 1000000*1024)} {
$proc.Kill()
Start-Sleep -s 10
Invoke-Item C:\Windows\notepad.exe
}
Using PowerShell for loop, you can create an endless loop that starts a process, checks every 60 seconds if it is running, and restarts it if needed:
for(;;){
try{
If (!(Get-Process -Name notepad -ErrorAction SilentlyContinue))
{Invoke-Item C:\Windows\notepad.exe}
$proc = Get-Process -Name notepad | Sort-Object -Property ProcessName -Unique -ErrorAction SilentlyContinue
If (!$proc -or ($proc.Responding -eq $false) –or ($proc.WorkingSet -GT 200000*1024)) {
$proc.Kill()
Start-Sleep -s 10
Invoke-Item C:\Windows\notepad.exe}
}
catch { }
Start-sleep -s 60
}
$proc = Get-Process -ComputerName WKS-NYC211 -Name notepad | Sort-Object -Property ProcessName -Unique -ErrorAction SilentlyContinue
To start a process remotely, you can use the Invoke-Command cmdlet:
Invoke-Command -ComputerName WKS-NYC211 -Credential $Cred -ScriptBlock {Start-Process C:\Windows\notepad.exe -wait -verb runas;}
You can run this PowerShell script as a GPO logon script at user logon.
Then save the PowerShell code to a file with the *.PS1 extension . You can sign the script with a digital signature, change the PowerShell Execution policy settings, or run the script with the –ExecutionPolicy Bypass option.
- File name:
%windir%\System32\WindowsPowerShell\v1.0\powershell.exe - Running options:
-windowstyle hidden -ExecutionPolicy Bypass –Noprofile -file %~dp0CheckProcess.ps1
You can also run a PS1 script on schedule using the Task Scheduler. Use the same run options. You can also specify a user account you want to run the process as.
$Action= New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-windowstyle hidden -ExecutionPolicy Bypass -file %windir%\CheckProcess.ps1"
$Trigger= New-ScheduledTaskTrigger -AtLogon
$Principal=New-ScheduledTaskPrincipal -UserId "jsmith" -LogonType Interactive
$Task=New-ScheduledTask -Action $Action -Trigger $Trigger -Principal $Principal
Register-ScheduledTask -TaskName "Check Notepad Process" -InputObject $Task
Or you can run this PowerShell script as a Windows service.
services.msc console or with PowerShell. Windows has a built-in feature to restart services, or you can restart a hung up service as follows.
1 comment
Amazing!! thank you