Powershell

One of the beautiful things about Powershell is how it so EASILY leverages WMI.   It extends your administrative abilities so easily.

In the forums somebody was asking some very specific questions about terminating processes and it dawned on me that the GET-PROCESS Commandlet, although easy to use and Powerful, didn’t actually list WHO owned the Process.

Why do you care about that?  On a single workstation you might not.   But in a Terminal environment where you need to selectively terminate applications based either upon the APP itself or if a SPECIFIC USER is using an App.  Then you get a bit more granular.    But all of this is available via WMI.

And do you know who told me this?  The HELP GET-PROCESS –Detailed option

In trying to determine how to pull up the owner, the very documentation within GET-PROCESS says to use

$p=GET-WMI-OBJECT win32-process –filter “Name=’powershell.exe’”
$p.getowner()

as an Example.

So in playing with this Commandlet I found (By running a GET-MEMBER on the results) it has a “Terminate()” method as well.   And being that WMI-OBJECT also has a –computername parameter two pieces came together.

One, I can access the list of running processes with a UNIQUE process ID for each one as well as WHO is running them.  Meaning I can be VERY specific *OR* Very broad as I choose in terminating a Task.

So in running the following line

GET-WMIOBJECT win32-process –computername WRKSTATION01

I can access all tasks running on that workstation

GET-WMIOBJECT win32-process –computername –filter “Name=’IEXPLORE’”

And we can write this in a function easily too.

 

Function GLOBAL:GET-PROCESSUSER ( $ProcessName, $Computername ) {

GET-WMIOBJECT win32-process –computername $Computername –filter “Name=$ProcessName”

}

 

But so far we really haven’t done anything amazing.  This seems SO far to just be another badly done version of “GET-PROCESS” with more typing.

And for the MOMENT, you’re correct.  Which is where next time we’re going to see how to add in a User Filter to that list.

Powershell, fire up the Scripter in you

Sean
The Energized Tech