How to Get List of Running Processes in PowerShell

1. Use the Get-Process Cmdlet to Show a List of Running Processes in PowerShell
2. Conclusion

This article delves into the utilization of PowerShell for process monitoring, emphasizing the Get-Process cmdlet. The Get-Process cmdlet, a staple in process management, offers a comprehensive view of running processes on a Windows machine, displaying critical information like process IDs, names, memory usage, and CPU consumption.

The article methodically unfolds the cmdlet’s syntax and parameters, catering to both general and specific process inquiries.

Use the Get-Process Cmdlet to Show a List of Running Processes in PowerShell

There are more than 200 cmdlets available in the PowerShell environment. Each cmdlet is responsible for performing a specific function.

The Get-Process is one of the frequently used cmdlets that help retrieve the list of running processes on the Windows machine.

This cmdlet gives useful information related to each process, such as process ID, name, memory usage, etc. Also, it shows a snapshot of the system’s running processes.

Syntax:

Get-Process [[-ProcessName] string[]] [-NameOfTheComputer string[]]
[-FileVersionInfo] [-Module] [CommonParameters]

Get-Process -processID Int32[] [-ComputerName string[]]
[-FileVersionInfo] [-Module] [CommonParameters]

Get-Process -ProcessInputObject Process[] [-ComputerName string[]]
[-FileVersionInfo] [-Module] [CommonParameters]

Parameters:

• ProcessName string[]: Specifies an array of process names to get. This parameter accepts wildcard characters for pattern matching. If this parameter is omitted, Get-Process retrieves all processes.
• ProcessId Int32[]: Specifies the process IDs of the processes to be retrieved. This parameter allows you to target specific processes directly.
• InputObject Process[]: Specifies an array of process objects. This parameter allows you to pipe process objects to Get-Process.
• NameOfTheComputer string[]: Indicates the name(s) of the computers on which to run the command. If this parameter is omitted, Get-Process retrieves processes from the local computer.
• FileVersionInfo: Adds file version information to the process objects. This is useful when you want details about the executable file of the process, such as version, product name, etc.
• Module: Includes the modules (DLLs and executable files) that are loaded by each process. This is helpful for more detailed analysis, such as checking which DLLs are loaded by a process.
• [CommonParameters]: These are the parameters that all cmdlets support, such as -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutVariable, -OutBuffer, and -PipelineVariable.

The parameters are optional to the Get-Process cmdlet, and you can use those parameters based on your requirements.

Display All the Running Processes

We can directly use the Get-Process command without any parameters. It should display all the running processes at that time.

Also, the gps alias can be used instead of the Get-Process command.

Get-Process

gps

Output:

Upon executing either Get-Process or gps, PowerShell begins a system-wide query to gather information about all active processes. The absence of parameters in these commands signals PowerShell to not apply any filters and retrieve details for every process.

PowerShell then collects detailed data about each running process. This data includes various attributes that describe the state and characteristics of these processes.

PowerShell formats it into a table for display. This tabular format is designed to present the information in a clear and readable manner.

The table typically includes several key columns:

1. Id: This column shows the Process Identifier (PID), a unique numerical label assigned to each process. The PID is crucial for uniquely identifying and managing specific processes.
2. ProcessName: This is the name of the executable file that initiated the process. It helps in easily recognizing the process, especially for well-known applications.
3. CPU(s): Here, we see the amount of CPU time the process has consumed. This is measured in seconds and is vital for assessing which processes are using significant CPU resources, potentially impacting system performance.
4. PM(K): This stands for Paged Memory in Kilobytes. It represents the size of memory the process is using that can be paged to disk. This metric is important for monitoring the memory usage of processes, which is crucial for performance tuning and resource management.

Retrieve the Information for a Single Process

When using PowerShell to retrieve information about a specific process, we have a couple of syntax options. Both Get-Process -Name processName and Get-Process processName are valid and achieve the same result, but they slightly differ in their syntax structure.

Get-Process -Name typora

OR

Get-Process typora

When we execute either Get-Process -Name typora or Get-Process typora, PowerShell filters the running processes and returns information specifically for the process named typora. This is particularly useful when we know the exact name of the process we’re interested in.

Under the hood, PowerShell looks through the list of all processes and matches the process name with typora. If the process is running, its details are displayed.

Output:

Retrieve the Information for Multiple Processes

When we use the Get-Process cmdlet in PowerShell to retrieve information for multiple processes, as in the command Get-Process NotePad, Outlook, we’re leveraging PowerShell’s capability to handle multiple items simultaneously.

Get-Process NotePad, Outlook

By running Get-Process NotePad, Outlook, we instruct PowerShell to fetch details for multiple processes simultaneously, in this case, NotePad and Outlook. This command is handy when we need to monitor several specific processes.

PowerShell executes a similar operation as the single-process command but for each specified process name, displaying all matches.

Output:

Also, you can use the wild cards for the process name.

Retrieve Process Objects With the Given Attributes

We can display the process object information for specific attributes when needed. Let’s retrieve only the Process ID for the NotePad process.

(Get-Process NotePad).Id

In the command (Get-Process NotePad).Id, we first get the process object for NotePad and then access its Id property. This technique is useful when we’re only interested in specific information about a process, such as its Process ID.

Output:

Also, we can retrieve the CPU time attribute for the NotePad process, as shown in the following.

(Get-Process NotePad).CPU

Similarly, (Get-Process NotePad).CPU retrieves the CPU usage information for the NotePad process. These commands demonstrate how we can extract particular data points from the process objects.

Output:

Display the Process Owner

The default output of the Get-Process command doesn’t display the ProcessOwner attribute. But this can be a piece of valuable information when you need to terminate a given process.

We can use the -IncludeUserName parameter to include the ProcessOwner attribute in the output.

Get-Process -Name notepad -IncludeUserName

The command Get-Process -Name notepad -IncludeUserName extends the default behavior of Get-Process by including the process owner’s username in the output. The -IncludeUserName parameter is essential when we need to identify which user is running a specific process, which can be critical in multi-user environments or for troubleshooting.

This command enhances our visibility into the processes, especially regarding their ownership.

Output:

Conclusion

This comprehensive guide has illuminated the power and versatility of PowerShell in managing and monitoring system processes. We’ve journeyed through the practical applications of the Get-Process cmdlet, starting from listing all running processes to pinpointing specific ones and delving into the extraction of particular process attributes.

The article also showcased the adeptness of PowerShell in handling multiple processes simultaneously and the ease of integrating user-centric information such as process ownership.

This integration of the Get-Process cmdlet underscores PowerShell’s robustness and adaptability in the realm of process management, offering a spectrum of tools for system administrators to monitor, analyze, and manage processes effectively within a Windows environment.