For example: Get-WmiObject -class win32_process | Get-Member You can always get the list of things you can do by piping the command to Get-Member. The reason for the choice is that the objects that you get back have a bunch of useful methods on them, one of which is GetOwner() that retrieves the owner of the process – just what we are looking for. Get-Process is the de-facto standard for getting a process list from PowerShell, but I prefer the WMI approach – Get-WmiObject –class win32_process. There are two methods of getting the list of processes on a system. Once I’ve exhausted the built-in methods of getting information, I turn to my favorite tool – PowerShell. Unfortunately, the owner is not available. After all, Microsoft provides a perfmon object called “Process” – maybe I can just monitor that. One of the things I recently got asked was “how do I get a top-10 type report of processes on a system and who is running them?” This should be fairly straight-forward. We get a lot of questions here at the Splunk Microsoft Practice – not just on our apps (which are awesome starting points for common Microsoft workloads), but also how to do specific things in Windows.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |