Get Process - PowerShell

Overview

Get-Process provides detailed information about running processes on the local or remote computer. It allows users to monitor system performance, identify resource-intensive processes, and troubleshoot issues related to runaway processes.

Syntax

Get-Process [[-Name] <string[]>] [-Id <int[]>] [-ComputerName <string[]>]
 [-SessionId <int[]>] [-ExactMatch] [-Module <string[]>] [-ExcludeModule <string[]>]
 [-IncludeUntitled] [-NoTitle] [-WorkingSet] [-PagedMemorySize]
 [-PagedSystemMemorySize] [-NonPagedSystemMemorySize] [-VirtualMemorySize]
 [-PrivateMemorySize] [-ProcessMemorySize] [-PassThru] [-Credential <PSCredential>]
 [-ErrorAction <ActionPreference>] [-ErrorVariable <string>]
 [-InformationAction <ActionPreference>] [-InformationVariable <string>]
 [-OutVariable <string>] [-OutBuffer <int>] [-PipelineVariable <string>]
 [-ThrottleLimit <int>] [-AsJob] [-JobName <string>]

Options/Flags

  • -Name: Specifies the name(s) of the process(es) to return.
  • -Id: Specifies the ID(s) of the process(es) to return.
  • -ComputerName: Specifies the name(s) of the remote computer(s) to retrieve processes from.
  • -SessionId: Specifies the ID(s) of the session(s) to retrieve processes from.
  • -ExactMatch: When specified, only processes with exact name or ID matches are returned.
  • -Module: Specifies the name(s) of modules to include processes loaded into.
  • -ExcludeModule: Specifies the name(s) of modules to exclude processes loaded into.
  • -IncludeUntitled: Includes processes without a title in the results.
  • -NoTitle: Excludes processes without a title from the results.
  • -WorkingSet: Retrieves the process’s working set size (cached memory).
  • -PagedMemorySize: Retrieves the process’s amount of paged memory.
  • -PagedSystemMemorySize: Retrieves the process’s amount of paged system memory.
  • -NonPagedSystemMemorySize: Retrieves the process’s amount of non-paged system memory.
  • -VirtualMemorySize: Retrieves the process’s virtual memory size.
  • -PrivateMemorySize: Retrieves the process’s private memory size.
  • -ProcessMemorySize: Retrieves the process’s total memory size.
  • -PassThru: Returns the Process objects directly instead of formatting them for display.
  • -Credential: Specifies credentials to use when connecting to remote computers.
  • -ErrorAction: Specifies the action to perform when an error occurs.
  • -ErrorVariable: Stores errors encountered during the operation.
  • -InformationAction: Specifies the action to perform for informational messages.
  • -InformationVariable: Stores informational messages.
  • -OutVariable: Stores the results of the command in a variable.
  • -OutBuffer: Limits the number of results stored in memory before displaying them.
  • -PipelineVariable: Stores the results of the command in a variable for use in pipeline commands.
  • -ThrottleLimit: Limits the number of concurrent operations performed.
  • -AsJob: Runs the command as a background job.
  • -JobName: Specifies a name for the job created by the command.

Examples

Get all running processes:

Get-Process

Get processes by name:

Get-Process -Name notepad.exe

Get processes on a remote computer:

Get-Process -ComputerName server01

Get processes loaded into a specific module:

Get-Process -Module PowerShell

Get detailed memory information for processes:

Get-Process -WorkingSet -PagedMemorySize -PagedSystemMemorySize -NonPagedSystemMemorySize -VirtualMemorySize -PrivateMemorySize -ProcessMemorySize

Common Issues

  • Access denied: Make sure you have sufficient privileges to access process information on the target computer.
  • Invalid process name or ID: Verify that the specified name or ID is correct and matches a running process.
  • Process not found: The process you’re trying to retrieve might have ended before the command could execute.

Integration

Get-Process can be used in combination with other PowerShell commands to perform advanced tasks. For instance:

  • Find child processes of a specific process:
Get-Process -Name notepad.exe | Get-ChildItem -Recurse
  • Stop a process:
Stop-Process -Id (Get-Process -Name notepad.exe).Id

Related Commands

  • Start-Process: Start a new process.
  • Stop-Process: Stop a running process.
  • Get-ChildItem: Retrieve information about files and directories, including processes.