Last time we saw that you can pull out Processes using GET-WMIOBJECT as well as GET-PROCESS
This time we’re going to show you WHY you should use GET-WMIOBJECT.
Again the strength of GET-PROCESS is it’s simplicity. That’s also it’s weakness. GET-WMIOBJECT is a little more complex to work with but like all great tools, it has it’s place. Here is one.
We can isolate WHO owns a process using GET-WMIOBJECT. It takes a small Script to do it but it works well. Each Process you access with GET-WMIOBJECT win32_process has a Method called GETOWNER()
To find the owner of a process we Get the process, and run a GETOWNER() on the process.
So with our Present Function we can modify it to list those Process Names, IDs and now the OWNER.
Function GLOBAL:GET-PROCESSUSER ( $ProcessName, $Computername ) {
(GET-WMIOBJECT win32_process –computername $Computername –filter “Name=$ProcessName”).GetOwner()
}
So now with this little function we have a VERY easy way to identify who is running a particular process on any computer in our network.
And knowing who and what makes the next step, Killing that process; incredibly easy.
Sean
The Energized Tech
.gif)
.gif)
Leave a comment