Tags


Powershell

Last time we saw that you can pull out Processes using GET-WMIOBJECT as well as GET-PROCESS

This time we’re going to show you WHY you should use GET-WMIOBJECT.  

Again the strength of GET-PROCESS is it’s simplicity.  That’s also it’s weakness.    GET-WMIOBJECT is a little more complex to work with but like all great tools, it has it’s place.  Here is one.

We can isolate WHO owns a process using GET-WMIOBJECT.  It takes a small Script to do it but it works well.  Each Process you access with GET-WMIOBJECT win32_process has a Method called GETOWNER()

To find the owner of a process we Get the process, and run a GETOWNER() on the process.

So with our Present Function we can modify it to list those Process Names, IDs and now the OWNER.

Function GLOBAL:GET-PROCESSUSER ( $ProcessName, $Computername ) {

(GET-WMIOBJECT win32_process –computername $Computername –filter “Name=$ProcessName”).GetOwner()

}

So now with this little function we have a VERY easy way to identify who is running a particular process on any computer in our network. 

And knowing who and what makes the next step, Killing that process; incredibly easy.

Sean
The Energized Tech

Advertisements