Monitoring and managing the running processes on a computer is a routine task for administrators. PowerShell can be a valuable aid here, since processes and the information associated with them can be displayed and evaluated much more quickly and flexibly.
In the following article you will learn about the basics of administering processes with PowerShell and how to run them not only locally, but also remotely, for example with PowerShell Direct.
Get-Process: Display Processes in PowerShell
You can use the Cmdlet Get-Process to display all running processes on a computer. By default, the list of processes is sorted alphabetically in descending order.
If you want to display only processes that begin with the letter “s”, you can use the * wildcard to filter the list. To do this, type the following command:
In the same way, you can perform all other filtering by letter. For example, if you want to display all processes in which the string “sql” occurs, you can use the following command (see Figure 1):
Fig. 1: By using filters, Get-Process not only lists processes, but also filters them.
Get-Process can sort processes not only alphabetically by name, but also, for example, based on their resource consumption. If you want to filter and sort processes by name and by resource consumption, for example, descending by CPU time, first type Get-Process s* and use Pipe to forward the result to Sort-Object with the option |Sort-Object cpu -Descending:
Get-Process s*|Sort-Object cpu -Descending
In this way, processes can be effectively filtered and sorted for display.
You can also display more detailed information for individual processes that are not displayed in the aggregated list. To do this, you first use Get-Process to display an overview of the processes that you want to see, and then you use the pipe to pass this result to the Format-List cmdlet. You can use the * wildcard to ensure that all information about the processes is displayed.
Here is an example that generates a detailed listing of the “winword” and “explorer” processes as output
Get-Process winword, explorer | Format-List *
Instead of typing the command “Format-List”, you can also work with the abbreviation “fl”:
Get-Process winword, explorer | fl *
If you do not want to display all details but only certain details, you can also enter the name of the corresponding column instead of the wildcard * for “fl *”, for example:
Get-Process winword, explorer | fl Name, PriorityClass, FileVersion
Instead of a formatted list (|fl *), you can also have the results displayed in a formatted table. To do this, use the Format-Table or “ft” cmdlet for the right part of the pipeline (see Figure 2).
Fig. 2: Controlling the display of a PowerShell command
Fig. 3: Opening a PowerShell session to manage processes on a remote computer
Fig. 4: By using -Confirm, you can tell PowerShell not to terminate processes until you get confirmation
As described previously, using PowerShell speeds up the retrieval of Windows processes and related data. Especially power users like system administrators benefit from this time saving. But PowerShell can do much more: It enables the administration of remote computers, which is a major advantage in times of digitalization.
But the most important advantage is that by using PowerShell, this data and information becomes accessible to other systems. For example, automated monitoring can be built on the basis of a script for Windows process monitoring. This reduces the manual and time-consuming effort in administration to a minimum.
Thomas Joos is a freelance IT consultant and has been working in IT since 1992. He has published more than 90 practical reference books and writes for numerous IT publications such as c’t, PC Magazin, PC Welt, IT Administrator, Computerwoche and Heise Security.