On the device menu, you can return a list of running processes. This shows the process name, exe path, owner, process ID, and memory used.  The reason it takes a little extra time is because the amount of memory the process uses is stored somewhere different than the rest of the information.

 

$strQuery = "select WorkingSetPrivate,IDProcess from Win32_PerfFormattedData_PerfProc_Process"
Get-WmiObject -ComputerName $CompName -Namespace root\cimv2 -Query $strQuery | ForEach-Object {
    
$ProcID = $_.IDProcess
    
$WorkingSet = $_.WorkingSetPrivate
    
$ProcMemory = $WorkingSet / 1024
    
$strQuery = "Select * from Win32_Process where ProcessID='" + $ProcID + "'"
    
$ProcessInfo = Get-WmiObject -ComputerName $CompName -Query $strQuery -Namespace root\cimv2
    
foreach ($instance in $ProcessInfo){
         
$ProcName = $instance.Name
         
$ProcExcPath = $instance.ExecutablePath
         
$ProcUser = $ProcessInfo.GetOwner().User}}

Killing a processes is as easy as:

$strQuery = "Select * from Win32_Process where ProcessID='" + $ProcID + "'"
Get-WmiObject -ComputerName $CompName -Query $strQuery -Namespace root\cimv2 | ForEach-Object {$_.Terminate()}

Last edited Mar 18, 2013 at 6:48 PM by Ryan2065, version 1

Comments

No comments yet.