- Reference
- Module:
- Microsoft.PowerShell.Management
Gets the processes that are running on the local computer.
Syntax
Get-Process [[-Name] <String[]>] [-Module] [-FileVersionInfo] [<CommonParameters>]Get-Process [[-Name] <String[]>] -IncludeUserName [<CommonParameters>]Get-Process -Id <Int32[]> [-Module] [-FileVersionInfo] [<CommonParameters>]Get-Process -Id <Int32[]> -IncludeUserName [<CommonParameters>]Get-Process -InputObject <Process[]> [-Module] [-FileVersionInfo] [<CommonParameters>]Get-Process -InputObject <Process[]> -IncludeUserName [<CommonParameters>]Description
The Get-Process cmdlet gets the processes on a local or remote computer.
Without parameters, this cmdlet gets all of the processes on the local computer. You can alsospecify a particular process by process name or process ID (PID) or pass a process object throughthe pipeline to this cmdlet.
By default, this cmdlet returns a process object that has detailed information about the process andsupports methods that let you start and stop the process. You can also use the parameters of theGet-Process cmdlet to get file version information for the program that runs in the process and toget the modules that the process loaded.
Examples
Example 1: Get a list of all active processes on the local computer
Get-ProcessThis command gets a list of all active processes running on the local computer. For a definition ofeach column, see the Notes section.
Example 2: Get all available data about one or more processes
Get-Process winword, explorer | Format-List *This command gets all available data about the Winword and Explorer processes on the computer. Ituses the Name parameter to specify the processes, but it omits the optional parameter name. Thepipeline operator (|) passes the data to the Format-List cmdlet, which displays all availableproperties (*) of the Winword and Explorer process objects.
You can also identify the processes by their process IDs. For instance, Get-Process -Id 664, 2060.
Example 3: Get all processes with a working set greater than a specified size
Get-Process | Where-Object {$_.WorkingSet -gt 20000000}This command gets all processes that have a working set greater than 20 MB. It uses theGet-Process cmdlet to get all running processes. The pipeline operator (|) passes the processobjects to the Where-Object cmdlet, which selects only the object with a value greater than20,000,000 bytes for the WorkingSet property.
WorkingSet is one of many properties of process objects. To see all of the properties, typeGet-Process | Get-Member. By default, the values of all amount properties are in bytes, eventhough the default display lists them in kilobytes and megabytes.
Example 4: List processes on the computer in groups based on priority
$A = Get-Process$A | Get-Process | Format-Table -View priorityThese commands list the processes on the computer in groups based on their priority class. The firstcommand gets all the processes on the computer and then stores them in the $A variable.
The second command pipes the Process object stored in the $A variable to the Get-Processcmdlet, then to the Format-Table cmdlet, which formats the processes by using the Priorityview.
The Priority view, and other views, are defined in the PS1XML format files in the PowerShellhome directory ($pshome).
Example 5: Add a property to the standard Get-Process output display
Get-Process pwsh | Format-Table ` @{Label = "NPM(K)"; Expression = {[int]($_.NPM / 1024)}}, @{Label = "PM(K)"; Expression = {[int]($_.PM / 1024)}}, @{Label = "WS(K)"; Expression = {[int]($_.WS / 1024)}}, @{Label = "VM(M)"; Expression = {[int]($_.VM / 1MB)}}, @{Label = "CPU(s)"; Expression = {if ($_.CPU) {$_.CPU.ToString("N")}}}, Id, ProcessName, StartTime -AutoSizeNPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName StartTime------ ----- ----- ----- ------ -- ----------- --------- 143 239540 259384 2366162 22.73 12720 pwsh 12/5/2022 3:21:51 PM 114 61776 104588 2366127 11.45 18336 pwsh 12/5/2022 7:30:53 AM 156 77924 82060 2366185 10.47 18812 pwsh 12/5/2022 7:30:52 AM 85 48216 115192 2366074 1.14 24428 pwsh 12/8/2022 9:14:15 AMThis example retrieves processes from the local computer. The retrieved processes are piped to theFormat-Table command that adds the StartTime property to the standard Get-Process outputdisplay.
Example 6: Get version information for a process
Get-Process pwsh -FileVersionInfoProductVersion FileVersion FileName-------------- ----------- --------6.1.2 6.1.2 C:\Program Files\PowerShell\6\pwsh.exeThis command uses the FileVersionInfo parameter to get the version information for thepwsh.exe file that is the main module for the PowerShell process.
To run this command with processes that you do not own on Windows Vista and later versions ofWindows, you must open PowerShell with the Run as administrator option.
Example 7: Get modules loaded with the specified process
Get-Process SQL* -ModuleThis command uses the Module parameter to get the modules that have been loaded by the process.This command gets the modules for the processes that have names that begin with SQL.
To run this command on Windows Vista and later versions of Windows with processes that you do notown, you must start PowerShell with the Run as administrator option.
Example 8: Find the owner of a process
Get-Process pwsh -IncludeUserNameHandles WS(K) CPU(s) Id UserName ProcessName------- ----- ------ -- -------- ----------- 782 132080 2.08 2188 DOMAIN01\user01 pwshThis command shows how to find the owner of a process.On Windows, the IncludeUserName parameter requires elevated user rights(Run as Administrator).The output reveals that the owner is Domain01\user01.
Example 9: Use an automatic variable to identify the process hosting the current session
Get-Process pwshNPM(K) PM(M) WS(M) CPU(s) Id SI ProcessName------ ----- ----- ------ -- -- ----------- 83 96.21 105.95 4.33 1192 10 pwsh 79 83.81 117.61 2.16 10580 10 pwshGet-Process -Id $PIDNPM(K) PM(M) WS(M) CPU(s) Id SI ProcessName------ ----- ----- ------ -- -- ----------- 83 96.21 77.53 4.39 1192 10 pwshThese commands show how to use the $PID automatic variable to identify the process that is hostingthe current PowerShell session. You can use this method to distinguish the host process from otherPowerShell processes that you might want to stop or close.
The first command gets all of the PowerShell processes in the current session.
The second command gets the PowerShell process that is hosting the current session.
Example 10: Get all processes that have a main window title and display them in a table
Get-Process | Where-Object {$_.mainWindowTitle} | Format-Table Id, Name, mainWindowtitle -AutoSizeThis command gets all the processes that have a main window title, and it displays them in a tablewith the process ID and the process name.
The mainWindowTitle property is just one of many useful properties of the Process objectthat Get-Process returns. To view all of the properties, pipe the results of a Get-Processcommand to the Get-Member cmdlet Get-Process | Get-Member.
Parameters
-FileVersionInfo
Indicates that this cmdlet gets the file version information for the program that runs in theprocess.
On Windows Vista and later versions of Windows, you must open PowerShell with the Run asadministrator option to use this parameter on processes that you do not own.
To get file version information for a process on a remote computer, use the Invoke-Command cmdlet.
Using this parameter is equivalent to getting the MainModule.FileVersionInfo property of eachprocess object. When you use this parameter, Get-Process returns a FileVersionInfo objectSystem.Diagnostics.FileVersionInfo, not a process object. So, you cannot pipe the output of thecommand to a cmdlet that expects a process object, such as Stop-Process.
| Type: | SwitchParameter |
| Aliases: | FV, FVI |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Id
Specifies one or more processes by process ID (PID). To specify multiple IDs, use commas to separatethe IDs. To find the PID of a process, type Get-Process.
| Type: | Int32[] |
| Aliases: | PID |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-IncludeUserName
Indicates that the UserName value of the Process object is returned with results of the command.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Specifies one or more process objects. Enter a variable that contains the objects, or type a commandor expression that gets the objects.
| Type: | Process[] |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Module
Indicates that this cmdlet gets the modules that have been loaded by the processes.
On Windows Vista and later versions of Windows, you must open PowerShell with the Run asadministrator option to use this parameter on processes that you do not own.
To get the modules that have been loaded by a process on a remote computer, use the Invoke-Commandcmdlet.
This parameter is equivalent to getting the Modules property of each process object. When youuse this parameter, this cmdlet returns a ProcessModule objectSystem.Diagnostics.ProcessModule, not a process object. So, you cannot pipe the output of thecommand to a cmdlet that expects a process object, such as Stop-Process.
When you use both the Module and FileVersionInfo parameters in the same command, this cmdletreturns a FileVersionInfo object with information about the file version of all modules.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Specifies one or more processes by process name. You can type multiple process names (separated bycommas) and use wildcard characters. The parameter name (Name) is optional.
| Type: | String[] |
| Aliases: | ProcessName |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | True |
Inputs
Process
You can pipe a process object to this cmdlet.
Outputs
Process
By default, this cmdlet returns a System.Diagnostics.Process object.
FileVersionInfo
If you use the FileVersionInfo parameter, this cmdlet returns a FileVersionInfo object.
ProcessModule
If you use the Module parameter, without the FileVersionInfo parameter, this cmdlet returnsa ProcessModule object.
Notes
PowerShell includes the following aliases for Get-Process:
All platforms:
gps
Windows:
ps
You can also refer to this cmdlet by its built-in aliases,
psandgps. For more information,see about_Aliases.On computers that are running a 64-bit version of Windows, the 64-bit version of PowerShell getsonly 64-bit process modules and the 32-bit version of PowerShell gets only 32-bit process modules.
You can use the properties and methods of the Windows Management Instrumentation (WMI)Win32_Process object in PowerShell. For information, see
Get-WmiObjectand the WMI SDK.The default display of a process is a table that includes the following columns. For a descriptionof all of the properties of process objects, seeProcess Properties.
(Video) PowerShell Tutorial | Get-Process Part 2- Handles: The number of handles that the process has opened.
- NPM(K): The amount of non-paged memory that the process is using, in kilobytes.
- PM(K): The amount of pageable memory that the process is using, in kilobytes.
- WS(K): The size of the working set of the process, in kilobytes. The working set consists ofthe pages of memory that were recently referenced by the process.
- VM(M): The amount of virtual memory that the process is using, in megabytes. Virtual memoryincludes storage in the paging files on disk.
- CPU(s): The amount of processor time that the process has used on all processors, inseconds.
- ID: The process ID (PID) of the process.
- ProcessName: The name of the process. For explanations of the concepts related to processes,see the Glossary in Help and Support Center and the Help for Task Manager.
You can also use the built-in alternate views of the processes available with
Format-Table, suchas StartTime and Priority, and you can design your own views.
- Debug-Process
- Get-Process
- Start-Process
- Stop-Process
- Wait-Process
FAQs
What does Get-Process do in PowerShell? ›
The Get-Process cmdlet gets the processes on a local or remote computer. Without parameters, this cmdlet gets all of the processes on the local computer. You can also specify a particular process by process name or process ID (PID) or pass a process object through the pipeline to this cmdlet.
How do I see running processes in PowerShell? ›With a PowerShell console open, run Get-Process using the Name parameter to only show all running processes with Calculator as the name. You'll see the same output you've seen previously. Get-Process returns many properties as expected.
How do I stop PowerShell from running? ›You can interrupt and stop a PowerShell command while it is running by pressing Control-C. A script can be stopped with the command exit. This will also close the PowerShell console.
How do I stop a PowerShell script from running in the background? ›You can use Stop-Job to stop background jobs, such as those that were started by using the Start-Job cmdlet or the AsJob parameter of any cmdlet. When you stop a background job, PowerShell completes all tasks that are pending in that job queue and then ends the job.
What is the function of Get-Process function? ›The getppid function returns the process ID of the parent of the current process. Preliminary: | MT-Safe | AS-Safe | AC-Safe | See POSIX Safety Concepts. The gettid function returns the thread ID of the current thread. The returned value is obtained from the Linux kernel and is not subject to caching.
How to Get-Process memory usage in PowerShell? ›PowerShell Get Memory Usage on Remote Computer
using Get-WMIObject cmdlet and WIN32_Process class it gets information about all process on remote compute name specified by – ComputerName property. Sort all process descending by WS. Using Select-Object to get first 5process id, process name and WS.
You need to use the ps command. It provides information about the currently running processes, including their process identification numbers (PIDs). Both Linux and UNIX support the ps command to display information about all running process. The ps command gives a snapshot of the current processes.
How do you list the running processes *? ›To list currently running processes, use the ps , top , htop , and atop Linux commands. You can also combine the ps command with the pgrep command to identify individual processes.
What command shows a list of running processes? ›You can use the ps command to find out which processes are running and display information about those processes. The ps command has several flags that enable you to specify which processes to list and what information to display about each process.
Do hackers use PowerShell? ›A previously undetected and undocumented PowerShell backdoor is being actively used by a threat actor who has targeted at least 69 entities. Based on its features, the malware is designed for cyberespionage, mainly engaging in data exfiltration from the compromised system.
Should I block PowerShell? ›
Defenders shouldn't disable PowerShell, a scripting language, because it is a useful command-line interface for Windows that can help with forensics, incident response and automating desktop tasks, according to joint advice from the US spy service the National Security Agency (NSA), the US Cybersecurity and ...
Why does PowerShell keep coming up on my computer? ›If your computer is infected with malware, you may notice that PowerShell keeps appearing on your screen whenever the infection attempts to execute a harmful script on your computer. To be sure, you may scan your computer using Windows Security or a third-party antivirus tool.
Can PowerShell be turned off? ›Type powershell.exe below the Value box and then press OK. Next, press Apply and then press OK in the LGPE window. This should disable the PowerShell tool.
What happens if I turn off Windows PowerShell? ›PowerShell runs as a user-mode application, which means it can only do what the user himself can do. If you disable PowerShell, a user can still accomplish the same actions; he will just use another method to accomplish tasks, such as the command prompt, tools, scripts, and so on.
How do I stop an infinite loop in PowerShell? ›The Break statement is used to exit a looping statement such as a Foreach, For, While, or Do loop. When present, the Break statement causes Windows PowerShell to exit the loop. The Break statement can also be used in a Switch statement.
What is the function of get service? ›Get-Service gets all the services on the computer and sends the objects down the pipeline. The Where-Object cmdlet, selects only the services with a Status property that equals Running . Status is only one property of service objects. To see all of the properties, type Get-Service | Get-Member .
How to Get-Process ID in Windows command line? ›Task Manager can be opened in a number of ways, but the simplest is to select Ctrl+Alt+Delete, and then select Task Manager. In Windows, first click More details to expand the information displayed. From the Processes tab, select Details to see the process ID listed in the PID column.
How to find PID in PowerShell? ›To find the PID of a process, type `Get-Process`. Indicates that the UserName value of the Process object is returned with results of the command. Specifies one or more process objects. Enter a variable that contains the objects, or type a command or expression that gets the objects.
How to check CPU and memory utilization in PowerShell? ›In Windows PowerShell there is no exclusive cmdlet to find out the CPU and memory utilization rates. You can use the get-wmi object cmdlet along with required parameters to fetch the results.
How to get CPU usage of process in PowerShell? ›To do this, you can use Get-Counter, which uses native Windows performance counters to monitor and measure resources. Use the counter '\Process(*)\% Processor Time' with Get-Counter in PowerShell. The most valuable data from this is "cookedvalue," which is the readable view of the data.
How can I tell how much memory a process is using? ›
- Microsoft Windows users. Press Ctrl + Shift + Esc on the keyboard to open the Windows Task Manager. ...
- Linux users. Linux users can utilize the top command to display their current total, used, and free memory. ...
- macOS users. macOS users can see how much memory a program is using in the Activity Monitor.
The simplest method to see what's running is of course the built in MS Windows Task Manager however this doesn't show all running programs. You can start Task Manager by pressing the key combination Ctrl + Shift + Esc. You can also reach it by right-clicking on the task bar and choosing Task Manager.
What is get service in PowerShell? ›The Get-Service cmdlet gets objects that represent the services on a computer, including running and stopped services. By default, when Get-Service is run without parameters, all the local computer's services are returned.
What is get item in PowerShell? ›The Get-Item cmdlet gets the item at the specified location. It doesn't get the contents of the item at the location unless you use a wildcard character ( * ) to request all the contents of the item. This cmdlet is used by PowerShell providers to navigate through different types of data stores.
What is get module in PowerShell? ›The Get-Module cmdlet lists the PowerShell modules that have been imported, or that can be imported, into a PowerShell session. Without parameters, Get-Module gets modules that have been imported into the current session.
What is get execution policy in PowerShell? ›PowerShell's execution policy is a safety feature that controls the conditions under which PowerShell loads configuration files and runs scripts. This feature helps prevent the execution of malicious scripts.
How can I get a list of running services? ›- Open a command prompt.
- Type in the following: net start. Click to rate this post! [Total: 14 Average: 3.3]
- Open Event Viewer and navigate to Windows logs>System. The pane in the center contains events that are related to the system.
- Filter for events with source 'Service Control Manager' (SCM).
The Get-Variable cmdlet gets the PowerShell variables in the current console. You can retrieve just the values of the variables by specifying the ValueOnly parameter, and you can filter the variables returned by name.
How do I get the contents of a file in PowerShell? ›The Get-Content cmdlet gets the content of the item at the location specified by the path, such as the text in a file or the content of a function. For files, the content is read one line at a time and returns a collection of objects, each of which represents a line of content.
How do I get the properties of an object in PowerShell? ›
To get the properties of an object, use the Get-Member cmdlet. For example, to get the properties of a FileInfo object, use the Get-ChildItem cmdlet to get the FileInfo object that represents a file. Then, use a pipeline operator ( | ) to send the FileInfo object to Get-Member .
How to get environment variable value in PowerShell? ›To retrieve all environment variables use GetEnvironmentVariables() class. To get the specific environment variable using . Net method use GetEnvironmentVariable() method.
How do I get a list of PowerShell modules? ›The Get-InstalledModule cmdlet gets PowerShell modules that are installed on a computer using PowerShellGet. To see all modules installed on the system, use the Get-Module -ListAvailable command.
What are PowerShell commands? ›Commands for PowerShell are known as cmdlets (pronounced command-lets). In addition to cmdlets, PowerShell allows you to run any command available on your system.
How to install get module in PowerShell? ›- Use Install-PackageProvider to install NuGet before installing other modules. Run the following command to install the NuGet provider. ...
- Let Install-Module prompt you to install the NuGet provider.
- Paste the Script into an Interactive PowerShell Console. ...
- Echo the Script and Pipe it to PowerShell Standard In. ...
- Read Script from a File and Pipe to PowerShell Standard In. ...
- Download Script from URL and Execute with Invoke Expression. ...
- Use the Command Switch.
AllSigned. This is the safest policy available, in case running scripts is permitted on the computer. With this policy set, your computer will run those PowerShell scripts that are accompanied by a valid signed with a valid digital signature (signed using a code signing certificate).
What is default PowerShell execution policy? ›Execution policies define the conditions under which PowerShell loads files for execution. There are four policies: Restricted, AllSigned, Remote Signed, and Unrestricted. By default, Microsoft configures PowerShell to run under the Restricted execution policy, which is the most secure mode.