Get-Process (Microsoft.PowerShell.Management) - PowerShell (2023)

  • Reference
Module:
Microsoft.PowerShell.Management

Gets the processes that are running on the local computer.

Syntax

Get-Process [[-Name] <String[]>] [-Module] [-FileVersionInfo] [<CommonParameters>]
Get-Process [[-Name] <String[]>] -IncludeUserName [<CommonParameters>]
Get-Process -Id <Int32[]> [-Module] [-FileVersionInfo] [<CommonParameters>]
Get-Process -Id <Int32[]> -IncludeUserName [<CommonParameters>]
Get-Process -InputObject <Process[]> [-Module] [-FileVersionInfo] [<CommonParameters>]
Get-Process -InputObject <Process[]> -IncludeUserName [<CommonParameters>]

Description

The Get-Process cmdlet gets the processes on a local or remote computer.

Without parameters, this cmdlet gets all of the processes on the local computer. You can alsospecify a particular process by process name or process ID (PID) or pass a process object throughthe pipeline to this cmdlet.

By default, this cmdlet returns a process object that has detailed information about the process andsupports methods that let you start and stop the process. You can also use the parameters of theGet-Process cmdlet to get file version information for the program that runs in the process and toget the modules that the process loaded.

Examples

Example 1: Get a list of all active processes on the local computer

Get-Process

This command gets a list of all active processes running on the local computer. For a definition ofeach column, see the Notes section.

Example 2: Get all available data about one or more processes

Get-Process winword, explorer | Format-List *

This command gets all available data about the Winword and Explorer processes on the computer. Ituses the Name parameter to specify the processes, but it omits the optional parameter name. Thepipeline operator (|) passes the data to the Format-List cmdlet, which displays all availableproperties (*) of the Winword and Explorer process objects.

You can also identify the processes by their process IDs. For instance, Get-Process -Id 664, 2060.

Example 3: Get all processes with a working set greater than a specified size

Get-Process | Where-Object {$_.WorkingSet -gt 20000000}

This command gets all processes that have a working set greater than 20 MB. It uses theGet-Process cmdlet to get all running processes. The pipeline operator (|) passes the processobjects to the Where-Object cmdlet, which selects only the object with a value greater than20,000,000 bytes for the WorkingSet property.

WorkingSet is one of many properties of process objects. To see all of the properties, typeGet-Process | Get-Member. By default, the values of all amount properties are in bytes, eventhough the default display lists them in kilobytes and megabytes.

(Video) PowerShell Basics Get-Process Tutorial

Example 4: List processes on the computer in groups based on priority

$A = Get-Process$A | Get-Process | Format-Table -View priority

These commands list the processes on the computer in groups based on their priority class. The firstcommand gets all the processes on the computer and then stores them in the $A variable.

The second command pipes the Process object stored in the $A variable to the Get-Processcmdlet, then to the Format-Table cmdlet, which formats the processes by using the Priorityview.

The Priority view, and other views, are defined in the PS1XML format files in the PowerShellhome directory ($pshome).

Example 5: Add a property to the standard Get-Process output display

Get-Process pwsh | Format-Table ` @{Label = "NPM(K)"; Expression = {[int]($_.NPM / 1024)}}, @{Label = "PM(K)"; Expression = {[int]($_.PM / 1024)}}, @{Label = "WS(K)"; Expression = {[int]($_.WS / 1024)}}, @{Label = "VM(M)"; Expression = {[int]($_.VM / 1MB)}}, @{Label = "CPU(s)"; Expression = {if ($_.CPU) {$_.CPU.ToString("N")}}}, Id, ProcessName, StartTime -AutoSizeNPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName StartTime------ ----- ----- ----- ------ -- ----------- --------- 143 239540 259384 2366162 22.73 12720 pwsh 12/5/2022 3:21:51 PM 114 61776 104588 2366127 11.45 18336 pwsh 12/5/2022 7:30:53 AM 156 77924 82060 2366185 10.47 18812 pwsh 12/5/2022 7:30:52 AM 85 48216 115192 2366074 1.14 24428 pwsh 12/8/2022 9:14:15 AM

This example retrieves processes from the local computer. The retrieved processes are piped to theFormat-Table command that adds the StartTime property to the standard Get-Process outputdisplay.

Example 6: Get version information for a process

Get-Process pwsh -FileVersionInfoProductVersion FileVersion FileName-------------- ----------- --------6.1.2 6.1.2 C:\Program Files\PowerShell\6\pwsh.exe

This command uses the FileVersionInfo parameter to get the version information for thepwsh.exe file that is the main module for the PowerShell process.

To run this command with processes that you do not own on Windows Vista and later versions ofWindows, you must open PowerShell with the Run as administrator option.

Example 7: Get modules loaded with the specified process

Get-Process SQL* -Module

This command uses the Module parameter to get the modules that have been loaded by the process.This command gets the modules for the processes that have names that begin with SQL.

To run this command on Windows Vista and later versions of Windows with processes that you do notown, you must start PowerShell with the Run as administrator option.

Example 8: Find the owner of a process

Get-Process pwsh -IncludeUserNameHandles WS(K) CPU(s) Id UserName ProcessName------- ----- ------ -- -------- ----------- 782 132080 2.08 2188 DOMAIN01\user01 pwsh

This command shows how to find the owner of a process.On Windows, the IncludeUserName parameter requires elevated user rights(Run as Administrator).The output reveals that the owner is Domain01\user01.

Example 9: Use an automatic variable to identify the process hosting the current session

Get-Process pwshNPM(K) PM(M) WS(M) CPU(s) Id SI ProcessName------ ----- ----- ------ -- -- ----------- 83 96.21 105.95 4.33 1192 10 pwsh 79 83.81 117.61 2.16 10580 10 pwshGet-Process -Id $PIDNPM(K) PM(M) WS(M) CPU(s) Id SI ProcessName------ ----- ----- ------ -- -- ----------- 83 96.21 77.53 4.39 1192 10 pwsh

These commands show how to use the $PID automatic variable to identify the process that is hostingthe current PowerShell session. You can use this method to distinguish the host process from otherPowerShell processes that you might want to stop or close.

The first command gets all of the PowerShell processes in the current session.

The second command gets the PowerShell process that is hosting the current session.

(Video) Basic PowerShell Pt10 Get-Process Tutorial

Example 10: Get all processes that have a main window title and display them in a table

Get-Process | Where-Object {$_.mainWindowTitle} | Format-Table Id, Name, mainWindowtitle -AutoSize

This command gets all the processes that have a main window title, and it displays them in a tablewith the process ID and the process name.

The mainWindowTitle property is just one of many useful properties of the Process objectthat Get-Process returns. To view all of the properties, pipe the results of a Get-Processcommand to the Get-Member cmdlet Get-Process | Get-Member.

Parameters

-FileVersionInfo

Indicates that this cmdlet gets the file version information for the program that runs in theprocess.

On Windows Vista and later versions of Windows, you must open PowerShell with the Run asadministrator option to use this parameter on processes that you do not own.

To get file version information for a process on a remote computer, use the Invoke-Command cmdlet.

Using this parameter is equivalent to getting the MainModule.FileVersionInfo property of eachprocess object. When you use this parameter, Get-Process returns a FileVersionInfo objectSystem.Diagnostics.FileVersionInfo, not a process object. So, you cannot pipe the output of thecommand to a cmdlet that expects a process object, such as Stop-Process.

Type:SwitchParameter
Aliases:FV, FVI
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-Id

Specifies one or more processes by process ID (PID). To specify multiple IDs, use commas to separatethe IDs. To find the PID of a process, type Get-Process.

Type:Int32[]
Aliases:PID
Position:Named
Default value:None
Accept pipeline input:True
Accept wildcard characters:False

-IncludeUserName

Indicates that the UserName value of the Process object is returned with results of the command.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Specifies one or more process objects. Enter a variable that contains the objects, or type a commandor expression that gets the objects.

Type:Process[]
Position:Named
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
(Video) PowerShell for Beginners | Get-Process

-Module

Indicates that this cmdlet gets the modules that have been loaded by the processes.

On Windows Vista and later versions of Windows, you must open PowerShell with the Run asadministrator option to use this parameter on processes that you do not own.

To get the modules that have been loaded by a process on a remote computer, use the Invoke-Commandcmdlet.

This parameter is equivalent to getting the Modules property of each process object. When youuse this parameter, this cmdlet returns a ProcessModule objectSystem.Diagnostics.ProcessModule, not a process object. So, you cannot pipe the output of thecommand to a cmdlet that expects a process object, such as Stop-Process.

When you use both the Module and FileVersionInfo parameters in the same command, this cmdletreturns a FileVersionInfo object with information about the file version of all modules.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies one or more processes by process name. You can type multiple process names (separated bycommas) and use wildcard characters. The parameter name (Name) is optional.

Type:String[]
Aliases:ProcessName
Position:0
Default value:None
Accept pipeline input:True
Accept wildcard characters:True

Inputs

Process

You can pipe a process object to this cmdlet.

Outputs

Process

(Video) Process Management in PowerShell | PowerShell Tutorial

By default, this cmdlet returns a System.Diagnostics.Process object.

FileVersionInfo

If you use the FileVersionInfo parameter, this cmdlet returns a FileVersionInfo object.

ProcessModule

If you use the Module parameter, without the FileVersionInfo parameter, this cmdlet returnsa ProcessModule object.

Notes

PowerShell includes the following aliases for Get-Process:

  • All platforms:

    • gps
  • Windows:

    • ps
  • You can also refer to this cmdlet by its built-in aliases, ps and gps. For more information,see about_Aliases.

  • On computers that are running a 64-bit version of Windows, the 64-bit version of PowerShell getsonly 64-bit process modules and the 32-bit version of PowerShell gets only 32-bit process modules.

  • You can use the properties and methods of the Windows Management Instrumentation (WMI)Win32_Process object in PowerShell. For information, see Get-WmiObject and the WMI SDK.

  • The default display of a process is a table that includes the following columns. For a descriptionof all of the properties of process objects, seeProcess Properties.

    (Video) PowerShell For DevOps - List Running Processes on the Windows

    • Handles: The number of handles that the process has opened.
    • NPM(K): The amount of non-paged memory that the process is using, in kilobytes.
    • PM(K): The amount of pageable memory that the process is using, in kilobytes.
    • WS(K): The size of the working set of the process, in kilobytes. The working set consists ofthe pages of memory that were recently referenced by the process.
    • VM(M): The amount of virtual memory that the process is using, in megabytes. Virtual memoryincludes storage in the paging files on disk.
    • CPU(s): The amount of processor time that the process has used on all processors, inseconds.
    • ID: The process ID (PID) of the process.
    • ProcessName: The name of the process. For explanations of the concepts related to processes,see the Glossary in Help and Support Center and the Help for Task Manager.
  • You can also use the built-in alternate views of the processes available with Format-Table, suchas StartTime and Priority, and you can design your own views.

  • Debug-Process
  • Get-Process
  • Start-Process
  • Stop-Process
  • Wait-Process

FAQs

How do I see running processes in PowerShell? ›

With a PowerShell console open, run Get-Process using the Name parameter to only show all running processes with Calculator as the name. You'll see the same output you've seen previously. Get-Process returns many properties as expected.

How to find PID in PowerShell? ›

To find the PID of a process, type `Get-Process`. Indicates that the UserName value of the Process object is returned with results of the command. Specifies one or more process objects. Enter a variable that contains the objects, or type a command or expression that gets the objects.

How to get CPU usage of process in PowerShell? ›

To do this, you can use Get-Counter, which uses native Windows performance counters to monitor and measure resources. Use the counter '\Process(*)\% Processor Time' with Get-Counter in PowerShell. The most valuable data from this is "cookedvalue," which is the readable view of the data.

How do I find a specific process in Task Manager? ›

Task Manager

From the Processes tab, select Details to see the process ID listed in the PID column. Click on any column name to sort. You can right click a process name to see more options for a process.

How do I get a list of running processes? ›

You need to use the ps command. It provides information about the currently running processes, including their process identification numbers (PIDs). Both Linux and UNIX support the ps command to display information about all running process. The ps command gives a snapshot of the current processes.

How do you list the running processes *? ›

To list currently running processes, use the ps , top , htop , and atop Linux commands. You can also combine the ps command with the pgrep command to identify individual processes.

Is there a grep for PowerShell? ›

There's no grep cmdlet in PowerShell, but the Select-String cmdlet can be used to achieve the same results. The Windows command line has the findstr command, a grep equivalent for Windows. But it's better to use Select-String when working with PowerShell.

What is $PWD in PowerShell? ›

$PWD. Contains a path object that represents the full path of the current directory location for the current PowerShell runspace. Note. PowerShell supports multiple runspaces per process. Each runspace has its own current directory.

How to find process ID in CMD? ›

Here is how you can do it:
  1. In the Start menu search bar, search for command prompt and select Run as administrator.
  2. Type tasklist. Press Enter.
  3. Command Prompt will now display the PID for the running processes.
Jun 8, 2021

How to check CPU utilization via PowerShell? ›

In Windows PowerShell there is no exclusive cmdlet to find out the CPU and memory utilization rates. You can use the get-wmi object cmdlet along with required parameters to fetch the results.

How do I check Windows process utilization? ›

Use Task Manager to view CPU consumption to help identify the process or application that's causing high CPU usage:
  1. Select Start, enter task, and then select Task Manager in the search results.
  2. The Task Manager window defaults to the Processes tab. ...
  3. Select the CPU column header to sort the list by CPU usage.
Dec 8, 2022

How do I get my CPU utilization report? ›

Click Activity > CPU Utilization to display the CPU Utilization report page. 2.To view a graph of data points over time, keep the page open. Data points are graphed every ten seconds. 3.To toggle on and off the graph for an instance host, click the instance hostname at the bottom of the page.

How do you find which process is using a file? ›

To find out what process is using a specific file follow these steps:
  1. Go to Find, Find Handle or DLL.. or simply press Ctrl + F .
  2. Enter the name of the file and press Search.
  3. Process Explorer will list all processes that have a handle to the file open.

How do you find which processes are using a particular file? ›

Lsof is used on a file system to identify who is using any files on that file system. You can run lsof command on Linux filesystem and the output identifies the owner and process information for processes using the file as shown in the following output.

How do I find an unknown process in Windows? ›

You can use Task Manager to quickly see all running processes, but if you need to drill down and find out what program started the process, Task Manager falls short of reporting all the needed details. A tool that I use to get the details, is Process Explorer from Microsoft Sysinternals site.

How to get list of running processes in Windows using CMD? ›

Here's how to do it.
  1. Open the Command Prompt tool by typing "cmd" into Windows Search and pressing Return.
  2. You can now use the tasklist command to output the list to a new . txt file.
  3. For example, you could type: tasklist /v > "%userprofile%\Desktop\Running-Process-List. ...
  4. A new text document called Running-Process-List.
Jun 16, 2022

How do I find out how many processes? ›

Count the number of running processes

The shell command ps could be used to list most process statistics. We can use this command piped with wc to get the number of running processes in Linux, remember to remove the header of output, --no-headers added. -L will also display threads.

What command do you do to list all the running processes PowerShell? ›

The Get-Process cmdlet gets the processes on a local or remote computer. Without parameters, this cmdlet gets all of the processes on the local computer. You can also specify a particular process by process name or process ID (PID) or pass a process object through the pipeline to this cmdlet.

Does task manager show all running processes? ›

The simplest method to see what's running is of course the built in MS Windows Task Manager however this doesn't show all running programs. You can start Task Manager by pressing the key combination Ctrl + Shift + Esc. You can also reach it by right-clicking on the task bar and choosing Task Manager.

How do I grep a process in PowerShell? ›

How To Grep in PowerShell
  1. Get-Process | Where-Object {$_ | Select-String “foo”}
  2. get-process | where ProcessName -like “*foo*
  3. get-process | findstr foo.
  4. ps *foo*
Feb 23, 2017

What does F8 do in PowerShell? ›

Keyboard shortcuts for running scripts
ActionKeyboard Shortcut
OpenCTRL + O
RunF5
Run SelectionF8
Stop ExecutionCTRL + BREAK . CTRL + C can be used when the context is unambiguous (when there is no text selected).
3 more rows
Oct 25, 2022

What does F7 do in PowerShell? ›

If you have been entering several commands in a console screen, pressing the F7 function key displays a menu of the previously executed commands, as Figure 2.2 shows. Figure 2.2. Pressing the F7 function key presents a command history menu. Use the arrow keys to change the selection in the menu.

Can hackers use PowerShell? ›

It may surprise you to know that PowerShell is very popular with hackers who use it to find security holes in enterprise IT systems. If you've read some of our other pen testing blogs, such as this article on pen test reports, you know that finding holes in security systems is what pen testers do as well.

What is PWSH command? ›

pwsh is the command for PowerShell the cross platform shell and scripting language from Microsoft. PowerShell is used by Home to ensure a consistent approach and language for local development of CluedIn on any operating system.

How do I use $lastexitcode in PowerShell? ›

Use the command Exit $LASTEXITCODE at the end of the powershell script to return the error codes from the powershell script. $LASTEXITCODE holds the last error code in the powershell script. It is in form of boolean values, with 0 for success and 1 for failure.

How do I find running process ID? ›

The easiest way to find out if process is running is run ps aux command and grep process name. If you got output along with process name/pid, your process is running.

What is process ID in shell script? ›

A PID is an acronym for a process identification number. It is automatically assigned to each process when it is created on a Linux and Unix-like operating system. One can easily find the PID of the last executed command in shell script or bash.

What is Windows process ID? ›

In computing, the process identifier (a.k.a. process ID or PID) is a number used by most operating system kernels—such as those of Unix, macOS and Windows—to uniquely identify an active process.

How do I check my CPU Performance? ›

If you're wondering how to check your clock speed, click the Start menu (or click the Windows* key) and type “System Information.” Your CPU's model name and clock speed will be listed under “Processor”.

How do I check RAM and CPU usage? ›

Press Ctrl + Shift + Esc to launch Task Manager. Or, right-click the Taskbar and select Task Manager. Select the Performance tab to see current RAM usage displayed in the Memory box, and total RAM capacity listed under Physical Memory.

How do I check my system specs in PowerShell? ›

If you're a command-line nut, you can get system specs using either the Command Prompt or PowerShell. Open the command prompt or PowerShell (Admin) and type: systeminfo and hit Enter. That will provide a long list of data like your BIOS version, Windows version, install data, CPU, computer model, and more.

How to check CPU usage without Task Manager? ›

Use the Resource Monitor to view CPU consumption
  1. Press WIN + R on the keyboard to open the Run dialogue. Type resmon in the text box and press Enter to open the Resource Monitor.
  2. Click the CPU tab. ...
  3. Click the Average CPU column header to sort by overall CPU usage.
Oct 23, 2020

How to check CPU utilization in Windows using command prompt? ›

Total CPU usage:
  1. The command is: Get-CimInstance win32_processor | Measure-Object -Property LoadPercentage -Average.
  2. Check the value next to Average to find the CPU percentage in use.
Jun 20, 2022

Which command is used to see the process? ›

You can use the ps command to find out which processes are running and display information about those processes. The ps command has several flags that enable you to specify which processes to list and what information to display about each process.

How can I tell if a specific process is running? ›

Bash commands to check running process: pgrep command – Looks through the currently running bash processes on Linux and lists the process IDs (PID) on screen. pidof command – Find the process ID of a running program on Linux or Unix-like system.

How can I see hidden processes? ›

Press the “Ctrl”, “Alt” and “Delete” keys simultaneously on the keyboard. Verify in the “Options” menu that you have activated the “Always visible” option. In the Windows Task Manager, click on “Processes”. This list shows all the processes that are currently running on the computer.

How do I find hidden programs running in the background? ›

Most people have at least heard of “Ctrl+Alt+Delete”. This key combination allows the user to open Windows Task Manager. Task Manager is a utility within the Windows operating system that shows information such as running processes, computer performance, background services, and more.

How do I find malicious process in Windows 10? ›

Run a malware scan manually
  1. Select Start > Settings > Update & Security > Windows Security and then Virus & threat protection. Open Windows Security settings.
  2. Under Current threats, select Quick scan (or in early versions of Windows 10, under Threat history, select Scan now).

How do you find the PID of a running script? ›

The syntax is as follows:
  1. Open the terminal application.
  2. Run your command or app in the background. For example: firefox &
  3. To get the PID of the last executed command type: echo "$!"
  4. Store the pid of the last command in a variable named foo: foo=$!
  5. Print it, run: echo "$foo"
Sep 7, 2022

How do I find my SSH PID? ›

It is located in the /etc/ssh directory. For shutdown purposes it is required that the process ID file (sshd. pid) is written to your file system. This process ID will be read from that file and used to identify the sshd to terminate.

How do I find the PID of a port in Windows? ›

Using Netstat command:
  1. Open a CMD prompt.
  2. Type in the command: netstat -ano -p tcp.
  3. You'll get an output similar to this one.
  4. Look-out for the TCP port in the Local Address list and note the corresponding PID number.

How do I find my PID number in terminal? ›

Open the terminal and follow the given syntax of the “pidof” command to display process ID:
  1. $ pidof [process_name]
  2. $ pidof vlc.
  3. $ pgrep vlc.
  4. $ lsof | grep vlc.
  5. $ ps aux | grep “vlc”
  6. $ pstree | grep “vlc”
  7. $ pstree | grep “vlc” | head -1.
  8. $ top.

How do I check for a process in shell script? ›

We use the ps command to see the currently running processes in the shell.

How to print current process ID in shell script? ›

Here, we will use the "$$" variable to print current process identifiers on the console screen. Program/Source Code: The source code to create a Linux shell script program to print the current process id is given below. The given program is compiled and executed successfully on Ubuntu 20.04.

Which command do you use to get the PID of the current process? ›

A quick way of getting the PID of a process is with the pgrep command: pgrep bash.

Where can I find ~/ ssh config? ›

The ssh client reads configuration from three places in the following order: System wide in /etc/ssh/ssh_config. User-specific in your home directory ~/. ssh/ssh_config.

How do I find my ssh path in Windows? ›

By default, this should be C:\Windows\System32\OpenSSH .
...
You now have a working SSH command that could be used to do a variety of things, as mentioned at the top of this post:
  1. Log into a Linux virtual machine.
  2. Copy files to/from a Linux virtual machine.
  3. Generate SSH keys that can be used for SSH authentication.
Sep 8, 2021

How can I see my ssh key in CMD? ›

Command Prompt (for Windows 10 only)
  1. Open Command Prompt or Windows PowerShell.
  2. Issue the command: ssh-keygen.
  3. To view public key, navigate to C:\Users\<username>/.ssh/id_rsa.pub (see image below) or execute this command in the command prompt: more C:\Users\<username>/.ssh/id_rsa.pub.
Sep 13, 2022

How can I find someone's IP with their port? ›

The port number is “tacked on” to the end of the IP address, for example, “192.168. 1.67:80” shows both the IP address and port number. When data arrives at a device, the network software looks at the port number and sends it to the right program. To find a port address, review an app's technical documentation.

Videos

1. Windows Powershell Tutorial - Get-Service
(TechKENIN)
2. PowerShell Tutorial | Get-Process Part 2
(Technology Interpreters)
3. Microsoft PowerShell for Beginners - Video 1 Learn PowerShell
(Shane Young)
4. Windows Processes with PowerShell
(Jones Tech Media)
5. PowerShell | Get-Service | Get-Process | Output on a notepad.
(PowerShell Experiments)
6. How to use Windows PowerShell to find a process and kill it
(The Penguin And The Windows)
Top Articles
Latest Posts
Article information

Author: Rubie Ullrich

Last Updated: 12/27/2022

Views: 5981

Rating: 4.1 / 5 (52 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Rubie Ullrich

Birthday: 1998-02-02

Address: 743 Stoltenberg Center, Genovevaville, NJ 59925-3119

Phone: +2202978377583

Job: Administration Engineer

Hobby: Surfing, Sailing, Listening to music, Web surfing, Kitesurfing, Geocaching, Backpacking

Introduction: My name is Rubie Ullrich, I am a enthusiastic, perfect, tender, vivacious, talented, famous, delightful person who loves writing and wants to share my knowledge and understanding with you.