Listing Processes and Process Ownership

Share |

Join PowerShell.com!
Subscribe to Feed

PowerShell eBook
Sign up for
Your PowerTip of the Day:

Award-winning PowerShellPlus


Admin Guide to PowerShell Remoting


Mastering PowerShell eBook

Get-Process can list processes but does not provide information about who is running the process. Here, WMI can help. Get-ProcessEx is a clever function that returns process information including ownership, and it works remotely, too.

So if you wanted to know who is running PowerShell on your system, check this out:

PS> Get-ProcessEx powershell.exe

Name                   Owner                         Description           Handle
----                      -----                            -----------              ------
powershell.exe     TobiasAir1\Tobias         powershell.exe       5204
powershell.exe     TobiasAir1\Tobias         powershell.exe       6848
powershell.exe     TobiasAir1\Customer... powershell.exe       2600

Likewise, you can now check who is currently visiting your computer through PowerShell Remoting. Just look for processes named "wsmprovhost.exe".

function Get-ProcessEx {
    param(
        $Name='*',
        
        $ComputerName,
        
        $Credential
    )

    $null = $PSBoundParameters.Remove('Name')
    $Name = $Name.Replace('*','%')
    
    Get-WmiObject -Class Win32_Process @PSBoundParameters -Filter "Name like '$Name'" |
      ForEach-Object {
          $result = $_ | Select-Object Name, Owner, Description, Handle
        $Owner = $_.GetOwner()
        if ($Owner.ReturnValue -eq 2) {
            $result.Owner = 'Access Denied'
        } else {
            $result.Owner = '{0}\{1}' -f ($Owner.Domain, $Owner.User)
          }
        $result
      }
}

Twitter This Tip! ReTweet this Tip!


Posted Apr 18 2012, 06:00 AM by ps1
Copyright 2012 PowerShell.com. All rights reserved.