diff --git a/reference/5.1/Microsoft.PowerShell.Management/Get-Process.md b/reference/5.1/Microsoft.PowerShell.Management/Get-Process.md index a2ec0d204405..a695cc559e54 100644 --- a/reference/5.1/Microsoft.PowerShell.Management/Get-Process.md +++ b/reference/5.1/Microsoft.PowerShell.Management/Get-Process.md @@ -2,7 +2,7 @@ external help file: Microsoft.PowerShell.Commands.Management.dll-Help.xml Locale: en-US Module Name: Microsoft.PowerShell.Management -ms.date: 07/03/2023 +ms.date: 04/15/2025 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.management/get-process?view=powershell-5.1&WT.mc_id=ps-gethelp schema: 2.0.0 title: Get-Process @@ -58,130 +58,151 @@ Get-Process -InputObject [-ComputerName ] [-Module] [-File The `Get-Process` cmdlet gets the processes on a local or remote computer. -Without parameters, this cmdlet gets all of the processes on the local computer. You can also -specify a particular process by process name or process ID (PID) or pass a process object through -the pipeline to this cmdlet. +Without parameters, this cmdlet gets all processes on the local computer. You can also specify a +specific process by process name or process ID (PID), or by piping a **System.Diagnostics.Process** +object to this cmdlet. -By default, this cmdlet returns a process object that has detailed information about the process and -supports methods that let you start and stop the process. You can also use the parameters of the -`Get-Process` cmdlet to get file version information for the program that runs in the process and to -get the modules that the process loaded. +By default, this cmdlet returns a **Process** object that has detailed information about the process +and supports methods that let you control it. With parameters, you can change the type of +information returned by this cmdlet. + +- **Module**: Retrieve information for each module loaded into the process. +- **FileVersionInfo**: Retrieve file version information for the main module of the process. + +> [!NOTE] +> A module is an executable file or a dynamic link library (DLL) loaded into a process. A process +> has one or more modules. The main module is the module used to initially start the process. For +> more information, see [ProcessModule Class](/dotnet/api/system.diagnostics.processmodule). ## EXAMPLES -### Example 1: Get a list of all active processes on the local computer +### Example 1: Get a list of all running processes on the local computer ```powershell Get-Process ``` -This command gets a list of all active processes running on the local computer. For a definition of -each column, see the [Notes](#notes) section. +This command gets a list of all running processes on the local computer. For a definition of each +display column, see the [NOTES](#notes) section. -### Example 2: Get all available data about one or more processes +To see all properties of a **Process** object, use `Get-Process | Get-Member`. By default, +PowerShell displays certain property values using units such as kilobytes (K) and megabytes (M). The +actual values when accessed with the member-access operator (`.`) are in bytes. + +### Example 2: Display detailed information about one or more processes ```powershell Get-Process winword, explorer | Format-List * ``` -This command gets all available data about the Winword and Explorer processes on the computer. It -uses the **Name** parameter to specify the processes, but it omits the optional parameter name. The -pipeline operator (`|`) passes the data to the `Format-List` cmdlet, which displays all available -properties (`*`) of the Winword and Explorer process objects. +This pipeline displays detailed information about the `winword` and `explorer` processes on the +computer. It uses the **Name** parameter to specify the processes, but it omits the optional +parameter name. The pipeline operator (`|`) pipes **Process** objects to the `Format-List` +cmdlet, which displays all available properties (`*`) and their values for each object. You can also identify the processes by their process IDs. For instance, `Get-Process -Id 664, 2060`. ### Example 3: Get all processes with a working set greater than a specified size ```powershell -Get-Process | Where-Object {$_.WorkingSet -gt 20000000} +Get-Process | Where-Object { $_.WorkingSet -gt 20971520 } +Get-Process | Where-Object WorkingSet -GT 20MB ``` -This command gets all processes that have a working set greater than 20 MB. It uses the -`Get-Process` cmdlet to get all running processes. The pipeline operator (`|`) passes the process -objects to the `Where-Object` cmdlet, which selects only the object with a value greater than -20,000,000 bytes for the **WorkingSet** property. +The `Get-Process` cmdlet returns the running processes. The output is piped to the `Where-Object` +cmdlet, which selects the objects with a **WorkingSet** value greater than 20,971,520 bytes. -**WorkingSet** is one of many properties of process objects. To see all of the properties, type -`Get-Process | Get-Member`. By default, the values of all amount properties are in bytes, even -though the default display lists them in kilobytes and megabytes. +In the first example, `Where-Object` uses a scriptblock to compare the **WorkingSet** property of +each **Process** object. In the second example, the `Where-Object` cmdlet uses the simplified syntax +to compare the **WorkingSet** property. In this case, `-GT` is a parameter, not a comparison +operator. The second example also uses a +[numeric literal suffix](../Microsoft.PowerShell.Core/About/about_Numeric_Literals.md) as a concise +alternative to `20971520`. In PowerShell, `MB` represents a mebibyte (MiB) multiplier. `20MB` is +equal to 20,971,520 bytes. -### Example 4: List processes on the computer in groups based on priority +### Example 4: Display processes on the computer in groups based on priority ```powershell -$A = Get-Process -$A | Get-Process | Format-Table -View Priority +$processes = Get-Process +$processes | Sort-Object { $_.PriorityClass } | Format-Table -View Priority ``` -These commands list the processes on the computer in groups based on their priority class. The first -command gets all the processes on the computer and then stores them in the `$A` variable. +These commands display processes on the computer in groups based on their +[priority class](/dotnet/api/system.diagnostics.processpriorityclass). The first command gets all +processes on the computer and stores them in the `$processes` variable. -The second command pipes the **Process** object stored in the `$A` variable to the `Get-Process` -cmdlet, then to the `Format-Table` cmdlet, which formats the processes by using the **Priority** -view. +The second command pipes the **Process** objects stored in the `$processes` variable to the +`Sort-Object` cmdlet, then to the `Format-Table` cmdlet, which formats the processes using the +**Priority** view. -The **Priority** view, and other views, are defined in the PS1XML format files in the PowerShell +The **Priority** view, and other views, are defined in the `.ps1xml` format files in the PowerShell home directory (`$PSHOME`). -### Example 5: Add a property to the standard Get-Process output display +### Example 5: Add a property to the default `Get-Process` output display ```powershell -Get-Process powershell | Format-Table ` - @{Label = "NPM(K)"; Expression = {[int]($_.NPM / 1024)}}, - @{Label = "PM(K)"; Expression = {[int]($_.PM / 1024)}}, - @{Label = "WS(K)"; Expression = {[int]($_.WS / 1024)}}, - @{Label = "VM(M)"; Expression = {[int]($_.VM / 1MB)}}, - @{Label = "CPU(s)"; Expression = {if ($_.CPU) {$_.CPU.ToString("N")}}}, - Id, ProcessName, StartTime -AutoSize +Get-Process -Name powershell | Format-Table -Property @( + 'Handles' + @{ Name = 'NPM(K)'; Expression = { [int] ($_.NPM / 1KB) } } + @{ Name = 'PM(K)'; Expression = { [int] ($_.PM / 1KB) } } + @{ Name = 'WS(K)'; Expression = { [int] ($_.WS / 1KB) } } + @{ Name = 'CPU(s)'; Expression = { if ($_.CPU) { $_.CPU.ToString('N') } } } + 'Id' + @{ Name = 'SI'; Expression = 'SessionId' } + 'ProcessName' + 'StartTime' +) -AutoSize ``` ```Output -NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName StartTime ------- ----- ----- ----- ------ -- ----------- --------- - 143 239540 259384 2366162 22.73 12720 powershell 12/5/2022 3:21:51 PM - 114 61776 104588 2366127 11.45 18336 powershell 12/5/2022 7:30:53 AM - 156 77924 82060 2366185 10.47 18812 powershell 12/5/2022 7:30:52 AM - 85 48216 115192 2366074 1.14 24428 powershell 12/8/2022 9:14:15 AM +Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName StartTime +------- ------ ----- ----- ------ -- -- ----------- --------- + 655 34 69424 83424 2.20 4240 1 powershell 4/14/2025 10:40:10 AM + 572 36 68768 57260 7.41 4968 1 powershell 4/13/2025 3:33:50 PM + 405 26 38144 30340 1.80 8776 1 powershell 4/14/2025 9:54:27 AM ``` -This example retrieves processes from the local computer. The retrieved processes are piped to the -`Format-Table` command that adds the **StartTime** property to the standard `Get-Process` output -display. +This example retrieves processes from the local computer and pipes each **Process** object to the +`Format-Table` cmdlet. `Format-Table` recreates the default output display of a **Process** object +using a mixture of property names and +[calculated properties](../Microsoft.PowerShell.Core/About/about_Calculated_Properties.md). The +display includes an additional **StartTime** property not present in the default display. ### Example 6: Get version information for a process ```powershell -Get-Process powershell -FileVersionInfo +Get-Process -Name powershell -FileVersionInfo ``` ```Output ProductVersion FileVersion FileName -------------- ----------- -------- -6.1.6713.1 6.1.6713.1 (f... C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe +10.0.19041.320 10.0.19041.32... C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe ``` -This command uses the **FileVersionInfo** parameter to get the version information for the -`powershell.exe` file that is the main module for the PowerShell process. +This command uses the **FileVersionInfo** parameter to get file version information for the main +module of the `powershell` process. The main module is the file used to start the process, which +in this case is `powershell.exe`. -To run this command with processes that you do not own on Windows Vista and later versions of -Windows, you must open PowerShell with the **Run as administrator** option. +To use this command with processes that you don't own on Windows Vista and later versions of +Windows, you must run PowerShell with elevated user rights (**Run as administrator**). ### Example 7: Get modules loaded with the specified process ```powershell -Get-Process SQL* -Module +Get-Process -Name SQL* -Module ``` -This command uses the **Module** parameter to get the modules that have been loaded by the process. -This command gets the modules for the processes that have names that begin with `SQL`. +This command uses the **Module** parameter to get the modules loaded by all processes with a name +beginning with `SQL`. -To run this command on Windows Vista and later versions of Windows with processes that you do not -own, you must start PowerShell with the **Run as administrator** option. +To use this command with processes that you don't own on Windows Vista and later versions of +Windows, you must run PowerShell with elevated user rights (**Run as administrator**). ### Example 8: Find the owner of a process ```powershell -Get-Process pwsh -IncludeUserName +Get-Process -Name powershell -IncludeUserName ``` ```Output @@ -191,49 +212,36 @@ Handles WS(K) CPU(s) Id UserName ProcessName ``` ```powershell -$p = Get-WmiObject Win32_Process -Filter "name='powershell.exe'" -$p.GetOwner() +Get-CimInstance -ClassName Win32_Process -Filter "name='powershell.exe'" | + Invoke-CimMethod -MethodName GetOwner ``` ```Output -__GENUS : 2 -__CLASS : __PARAMETERS -__SUPERCLASS : -__DYNASTY : __PARAMETERS -__RELPATH : -__PROPERTY_COUNT : 3 -__DERIVATION : {} -__SERVER : -__NAMESPACE : -__PATH : -Domain : DOMAIN01 -ReturnValue : 0 -User : user01 -``` - -The first command shows how to find the owner of a process. The **IncludeUserName** parameter -requires elevated user rights (**Run as Administrator**). The output reveals that the owner is -`Domain01\user01`. - -The second and third command are another way to find the owner of a process. +Domain ReturnValue User PSComputerName +------ ----------- ---- -------------- +DOMAIN01 0 user01 +``` -The second command uses `Get-WmiObject` to get the PowerShell process. -It saves it in the `$p` variable. +The first command shows how to get the owner of a process. The **IncludeUserName** parameter +requires elevated user rights (**Run as Administrator**). The output reveals that the owner is +`DOMAIN01\user01`. -The third command uses the **GetOwner** method to get the owner of the process in `$p`. The output -reveals that the owner is `Domain01\user01`. +The second pipeline shows a different way to get the owner of a process using `Get-CimInstance` and +`Invoke-CimMethod`. The **Win32_Process** class with a filter retrieves `powershell` processes and +the invoked `GetOwner()` method returns information on the process's **Domain** and **User**. This +method doesn't require elevated user rights. ### Example 9: Use an automatic variable to identify the process hosting the current session ```powershell -Get-Process powershell +Get-Process -Name powershell ``` ```Output -Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName -------- ------ ----- ----- ----- ------ -- ----------- -308 26 52308 61780 567 3.18 5632 powershell -377 26 62676 63384 575 3.88 5888 powershell +Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName +------- ------ ----- ----- ------ -- -- ----------- + 561 44 47564 40740 6.48 2604 1 powershell + 642 40 72040 24372 23.53 3576 1 powershel ``` ```powershell @@ -241,44 +249,44 @@ Get-Process -Id $PID ``` ```Output -Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName -------- ------ ----- ----- ----- ------ -- ----------- -396 26 56488 57236 575 3.90 5888 powershell +Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName +------- ------ ----- ----- ------ -- -- ----------- + 647 40 72464 30716 23.67 3576 1 powershell ``` -These commands show how to use the `$PID` automatic variable to identify the process that is hosting +These commands show how to use the `$PID` automatic variable to identify the process that's hosting the current PowerShell session. You can use this method to distinguish the host process from other -PowerShell processes that you might want to stop or close. +`powershell` processes that you might want to control. -The first command gets all of the PowerShell processes in the current session. - -The second command gets the PowerShell process that is hosting the current session. +The first command gets all `powershell` processes running. The second command gets the `powershell` +process that's hosting the current session. ### Example 10: Get all processes that have a main window title and display them in a table ```powershell -Get-Process | Where-Object {$_.MainWindowTitle} | Format-Table Id, Name, MainWindowTitle -AutoSize +Get-Process | + Where-Object -Property MainWindowTitle | + Format-Table -Property Id, Name, MainWindowTitle -AutoSize ``` -This command gets all the processes that have a main window title, and it displays them in a table -with the process ID and the process name. +This pipeline gets all processes that have a main window title, and displays them in a table with +the process ID and name. -The **MainWindowTitle** property is just one of many useful properties of the **Process** object -that `Get-Process` returns. To view all of the properties, pipe the results of a `Get-Process` -command to the `Get-Member` cmdlet `Get-Process | Get-Member`. +**MainWindowTitle** is one of many useful properties of the **Diagnostics.Process** object type that +`Get-Process` returns. To view all properties, use `Get-Process | Get-Member`. ## PARAMETERS ### -ComputerName -Specifies the computers for which this cmdlet gets active processes. The default is the local +Specifies the computers for which this cmdlet gets running processes. The default is the local computer. -Type the NetBIOS name, an IP address, or a fully qualified domain name (FQDN) of one or more -computers. To specify the local computer, type the computer name, a dot (`.`), or `localhost`. +Specify the NetBIOS name, an IP address, or a fully qualified domain name (FQDN) of one or more +computers. To specify the local computer, use the computer name, a dot (`.`), or `localhost`. -This parameter does not rely on Windows PowerShell remoting. You can use the **ComputerName** -parameter of this cmdlet even if your computer is not configured to run remote commands. +This parameter doesn't rely on Windows PowerShell remoting. You can use the **ComputerName** +parameter of this cmdlet even if your computer isn't configured to run remote commands. ```yaml Type: System.String[] @@ -297,18 +305,17 @@ Accept wildcard characters: False Indicates that this cmdlet gets the file version information for the program that runs in the process. -On Windows Vista and later versions of Windows, you must open PowerShell with the **Run as -administrator** option to use this parameter on processes that you do not own. +On Windows Vista and later versions of Windows, you must run PowerShell with elevated user rights +(**Run as administrator**) to use this parameter on processes that you don't own. -You cannot use the **FileVersionInfo** and **ComputerName** parameters of the `Get-Process` -cmdlet in the same command. +You can't use the **FileVersionInfo** and **ComputerName** parameters together. To get file version information for a process on a remote computer, use the `Invoke-Command` cmdlet. -Using this parameter is equivalent to getting the **MainModule.FileVersionInfo** property of each -process object. When you use this parameter, `Get-Process` returns a **FileVersionInfo** object -**System.Diagnostics.FileVersionInfo**, not a process object. So, you cannot pipe the output of the -command to a cmdlet that expects a process object, such as `Stop-Process`. +Using this parameter is the same as accessing the **MainModule.FileVersionInfo** property of each +**Process** object. When you use this parameter, `Get-Process` returns a **FileVersionInfo** +object, not a **Process** object. You can't pipe output produced using this parameter to a cmdlet +that expects a **Process** object, such as `Stop-Process`. ```yaml Type: System.Management.Automation.SwitchParameter @@ -324,8 +331,9 @@ Accept wildcard characters: False ### -Id -Specifies one or more processes by process ID (PID). To specify multiple IDs, use commas to separate -the IDs. To find the PID of a process, type `Get-Process`. +Specifies one or more processes by process ID (PID). You can specify multiple IDs separated by +commas. To get the PID of a process, use `Get-Process`. To get the PID of the current PowerShell +session, use `$PID`. ```yaml Type: System.Int32[] @@ -341,7 +349,10 @@ Accept wildcard characters: False ### -IncludeUserName -Indicates that the UserName value of the **Process** object is returned with results of the command. +Indicates that this command adds a **UserName** property to each returned **Process** object. + +You must run PowerShell with elevated user rights (**Run as administrator**) to use this +parameter. ```yaml Type: System.Management.Automation.SwitchParameter @@ -357,7 +368,7 @@ Accept wildcard characters: False ### -InputObject -Specifies one or more process objects. Enter a variable that contains the objects, or type a command +Specifies one or more **Process** objects. Use a variable that contains the objects, or a command or expression that gets the objects. ```yaml @@ -374,21 +385,20 @@ Accept wildcard characters: False ### -Module -Indicates that this cmdlet gets the modules that have been loaded by the processes. +Indicates that this cmdlet gets the modules that the process has loaded. -On Windows Vista and later versions of Windows, you must open PowerShell with the **Run as -administrator** option to use this parameter on processes that you do not own. +On Windows Vista and later versions of Windows, you must run PowerShell with elevated user rights +(**Run as administrator**) to use this parameter on processes that you don't own. -To get the modules that have been loaded by a process on a remote computer, use the `Invoke-Command` -cmdlet. +To get the modules loaded by a process on a remote computer, use the `Invoke-Command` cmdlet. -This parameter is equivalent to getting the **Modules** property of each process object. When you -use this parameter, this cmdlet returns a **ProcessModule** object -**System.Diagnostics.ProcessModule**, not a process object. So, you cannot pipe the output of the -command to a cmdlet that expects a process object, such as `Stop-Process`. +Using this parameter is the same as accessing the **Modules** property of each **Process** object. +When you use this parameter, `Get-Process` returns a **ProcessModule** object, not a **Process** +object. You can't pipe output produced using this parameter to a cmdlet that expects a **Process** +object, such as `Stop-Process`. -When you use both the *Module* and **FileVersionInfo** parameters in the same command, this cmdlet -returns a **FileVersionInfo** object with information about the file version of all modules. +When you use both the **Module** and **FileVersionInfo** parameters together, this cmdlet returns a +**FileVersionInfo** object with information about the file version of all modules. ```yaml Type: System.Management.Automation.SwitchParameter @@ -404,8 +414,8 @@ Accept wildcard characters: False ### -Name -Specifies one or more processes by process name. You can type multiple process names (separated by -commas) and use wildcard characters. The parameter name (`Name`) is optional. +Specifies one or more processes by process name. You can specify multiple process names separated by +commas and use wildcard characters. Using the `-Name` parameter is optional. ```yaml Type: System.String[] @@ -430,7 +440,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ### System.Diagnostics.Process -You can pipe a process object to this cmdlet. +You can pipe **Process** objects to this cmdlet. ## OUTPUTS @@ -440,12 +450,13 @@ By default, this cmdlet returns a **System.Diagnostics.Process** object. ### System.Diagnostics.FileVersionInfo -If you use the **FileVersionInfo** parameter, this cmdlet returns a **FileVersionInfo** object. +If you use the **FileVersionInfo** parameter, this cmdlet returns a +**System.Diagnostics.FileVersionInfo** object. ### System.Diagnostics.ProcessModule - If you use the **Module** parameter, without the **FileVersionInfo** parameter, this cmdlet returns -a **ProcessModule** object. +If you use the **Module** parameter, without the **FileVersionInfo** parameter, this cmdlet returns +a **System.Diagnostics.ProcessModule** object. ## NOTES @@ -454,34 +465,43 @@ Windows PowerShell includes the following aliases for `Get-Process`: - `gps` - `ps` -On computers that are running a 64-bit version of Windows, the 64-bit version of PowerShell gets -only 64-bit process modules and the 32-bit version of PowerShell gets only 32-bit process modules. +On computers running 64-bit Windows, the 64-bit version of PowerShell gets the main module and +64-bit process modules. The 32-bit version of PowerShell gets only 32-bit process modules. + +> [!WARNING] +> When you use `Get-Process` to get a 64-bit process in the 32-bit version of PowerShell, properties +> such as `Path` and `MainModule` of the returned **Process** object are `$null`. You must use +> either the 64-bit version of PowerShell or the +> [Win32_Process](/windows/desktop/CIMWin32Prov/win32-process) class. To get process information from a remote computer, use the `Invoke-Command` cmdlet. For more -information, see [Invoke-Command](xref:Microsoft.PowerShell.Core.Invoke-Command). +information, see [Invoke-Command](../Microsoft.PowerShell.Core/Invoke-Command.md). -You can use the properties and methods of the Windows Management Instrumentation (WMI) -**Win32_Process** object in PowerShell. For information, see -[Win32_Process](/windows/win32/cimwin32prov/win32-process). +You can use the Windows Management Instrumentation (WMI) +[Win32_Process](/windows/desktop/CIMWin32Prov/win32-process) class in PowerShell as an alternative +to `Get-Process`. For more information, see: -The default display of a process is a table that includes the following columns. For a description -of all of the properties of process objects, see -[Process Properties](/dotnet/api/system.diagnostics.process). +- [Example 8: Find the owner of a process](#example-8-find-the-owner-of-a-process) +- [Get-CimInstance](../CimCmdlets/Get-CimInstance.md) + +The default display of a **Process** object is a table view that includes the following columns. - **Handles**: The number of handles that the process has opened. - **NPM(K)**: The amount of non-paged memory that the process is using, in kilobytes. - **PM(K)**: The amount of pageable memory that the process is using, in kilobytes. - **WS(K)**: The size of the working set of the process, in kilobytes. The working set consists of the pages of memory that were recently referenced by the process. -- **VM(M)**: The amount of virtual memory that the process is using, in megabytes. Virtual memory - includes storage in the paging files on disk. - **CPU(s)**: The amount of processor time that the process has used on all processors, in seconds. - **Id**: The process ID (PID) of the process. -- **ProcessName**: The name of the process. For explanations of the concepts related to processes, - see the Glossary in Help and Support Center and the Help for Task Manager. +- **SI**: The session ID of the process. +- **ProcessName**: The name of the process. + +You can use the built-in alternate views for **Process** objects available with `Format-Table`, such +as **StartTime** and **Priority**. You can also design your own views. -You can also use the built-in alternate views of the processes available with `Format-Table`, such -as **StartTime** and **Priority**, and you can design your own views. +For a description of all available **Process** object members, see +[Process Properties](xref:System.Diagnostics.Process#properties) and +[Process Methods](xref:System.Diagnostics.Process#methods). ## RELATED LINKS @@ -494,3 +514,5 @@ as **StartTime** and **Priority**, and you can design your own views. [Stop-Process](Stop-Process.md) [Wait-Process](Wait-Process.md) + +[Where-Object](../Microsoft.PowerShell.Core/Where-Object.md) diff --git a/reference/5.1/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md b/reference/5.1/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md index 174d41e53691..ccdb1928542f 100644 --- a/reference/5.1/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md +++ b/reference/5.1/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md @@ -2,7 +2,7 @@ external help file: Microsoft.PowerShell.Security.dll-Help.xml Locale: en-US Module Name: Microsoft.PowerShell.Security -ms.date: 03/04/2024 +ms.date: 04/15/2025 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-5.1&WT.mc_id=ps-gethelp schema: 2.0.0 title: Set-ExecutionPolicy @@ -140,7 +140,7 @@ The effective execution policy for the user becomes `AllSigned`. ### Example 5: Remove the execution policy for the current user -This example shows how use the `Undefined` execution policy to remove an execution policy for a +This example shows how to use the `Undefined` execution policy to remove an execution policy for a specified scope. ```powershell @@ -231,7 +231,7 @@ policy. The policy is set for the default scope, `LocalMachine`. The `Get-ExecutionPolicy` cmdlet shows that `RemoteSigned` is the effective execution policy for the current PowerShell session. -The `Start-ActivityTracker.ps1 script is executed from the current directory. The script is blocked +The `Start-ActivityTracker.ps1` script is executed from the current directory. The script is blocked by `RemoteSigned` because the script isn't digitally signed. For this example, the script's code was reviewed and verified as safe to run. The `Unblock-File` diff --git a/reference/7.4/Microsoft.PowerShell.Management/Get-Process.md b/reference/7.4/Microsoft.PowerShell.Management/Get-Process.md index 228077bea8f2..40e0eaddbc60 100644 --- a/reference/7.4/Microsoft.PowerShell.Management/Get-Process.md +++ b/reference/7.4/Microsoft.PowerShell.Management/Get-Process.md @@ -2,7 +2,7 @@ external help file: Microsoft.PowerShell.Commands.Management.dll-Help.xml Locale: en-US Module Name: Microsoft.PowerShell.Management -ms.date: 07/03/2023 +ms.date: 04/15/2025 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.management/get-process?view=powershell-7.4&WT.mc_id=ps-gethelp schema: 2.0.0 title: Get-Process @@ -55,147 +55,178 @@ Get-Process -InputObject -IncludeUserName [] The `Get-Process` cmdlet gets the processes on a local computer. -Without parameters, this cmdlet gets all of the processes on the local computer. You can also -specify a particular process by process name or process ID (PID) or pass a process object through -the pipeline to this cmdlet. +Without parameters, this cmdlet gets all processes on the local computer. You can also specify a +specific process by process name or process ID (PID), or by piping a **System.Diagnostics.Process** +object to this cmdlet. -By default, this cmdlet returns a process object that has detailed information about the process and -supports methods that let you start and stop the process. You can also use the parameters of the -`Get-Process` cmdlet to get file version information for the program that runs in the process and to -get the modules that the process loaded. +By default, this cmdlet returns a **Process** object that has detailed information about the process +and supports methods that let you control it. With parameters, you can change the type of +information returned by this cmdlet. + +- **Module**: Retrieve information for each module loaded into the process. +- **FileVersionInfo**: Retrieve file version information for the main module of the process. + +> [!NOTE] +> A module is an executable file or a dynamic link library (DLL) loaded into a process. A process +> has one or more modules. The main module is the module used to initially start the process. For +> more information, see [ProcessModule Class](/dotnet/api/system.diagnostics.processmodule). ## EXAMPLES -### Example 1: Get a list of all active processes on the local computer +### Example 1: Get a list of all running processes on the local computer ```powershell Get-Process ``` -This command gets a list of all active processes running on the local computer. For a definition of -each column, see the [Notes](#notes) section. +This command gets a list of all running processes on the local computer. For a definition of each +display column, see the [NOTES](#notes) section. -### Example 2: Get all available data about one or more processes +To see all properties of a **Process** object, use `Get-Process | Get-Member`. By default, +PowerShell displays certain property values using units such as kilobytes (K) and megabytes (M). The +actual values when accessed with the member-access operator (`.`) are in bytes. + +### Example 2: Display detailed information about one or more processes ```powershell Get-Process winword, explorer | Format-List * ``` -This command gets all available data about the Winword and Explorer processes on the computer. It -uses the **Name** parameter to specify the processes, but it omits the optional parameter name. The -pipeline operator (`|`) passes the data to the `Format-List` cmdlet, which displays all available -properties (`*`) of the Winword and Explorer process objects. +This pipeline displays detailed information about the `winword` and `explorer` processes on the +computer. It uses the **Name** parameter to specify the processes, but it omits the optional +parameter name. The pipeline operator (`|`) pipes **Process** objects to the `Format-List` +cmdlet, which displays all available properties (`*`) and their values for each object. You can also identify the processes by their process IDs. For instance, `Get-Process -Id 664, 2060`. ### Example 3: Get all processes with a working set greater than a specified size ```powershell -Get-Process | Where-Object {$_.WorkingSet -gt 20000000} +Get-Process | Where-Object { $_.WorkingSet -gt 20971520 } +Get-Process | Where-Object WorkingSet -GT 20MB ``` -This command gets all processes that have a working set greater than 20 MB. It uses the -`Get-Process` cmdlet to get all running processes. The pipeline operator (`|`) passes the process -objects to the `Where-Object` cmdlet, which selects only the object with a value greater than -20,000,000 bytes for the **WorkingSet** property. +The `Get-Process` cmdlet returns the running processes. The output is piped to the `Where-Object` +cmdlet, which selects the objects with a **WorkingSet** value greater than 20,971,520 bytes. -**WorkingSet** is one of many properties of process objects. To see all of the properties, type -`Get-Process | Get-Member`. By default, the values of all amount properties are in bytes, even -though the default display lists them in kilobytes and megabytes. +In the first example, `Where-Object` uses a scriptblock to compare the **WorkingSet** property of +each **Process** object. In the second example, the `Where-Object` cmdlet uses the simplified syntax +to compare the **WorkingSet** property. In this case, `-GT` is a parameter, not a comparison +operator. The second example also uses a +[numeric literal suffix](../Microsoft.PowerShell.Core/About/about_Numeric_Literals.md) as a concise +alternative to `20971520`. In PowerShell, `MB` represents a mebibyte (MiB) multiplier. `20MB` is +equal to 20,971,520 bytes. -### Example 4: List processes on the computer in groups based on priority +### Example 4: Display processes on the computer in groups based on priority ```powershell -$A = Get-Process -$A | Get-Process | Format-Table -View Priority +$processes = Get-Process +$processes | Sort-Object { $_.PriorityClass } | Format-Table -View Priority ``` -These commands list the processes on the computer in groups based on their priority class. The first -command gets all the processes on the computer and then stores them in the `$A` variable. - -The second command pipes the **Process** object stored in the `$A` variable to the `Get-Process` -cmdlet, then to the `Format-Table` cmdlet, which formats the processes by using the **Priority** -view. +These commands display processes on the computer in groups based on their +[priority class](/dotnet/api/system.diagnostics.processpriorityclass). The first command gets all +processes on the computer and stores them in the `$processes` variable. -The **Priority** view, and other views, are defined in the PS1XML format files in the PowerShell -home directory (`$PSHOME`). +The second command pipes the **Process** objects stored in the `$processes` variable to the +`Sort-Object` cmdlet, then to the `Format-Table` cmdlet, which formats the processes using the +**Priority** view. -### Example 5: Add a property to the standard Get-Process output display +### Example 5: Add a property to the default `Get-Process` output display ```powershell -Get-Process pwsh | Format-Table ` - @{Label = "NPM(K)"; Expression = {[int]($_.NPM / 1024)}}, - @{Label = "PM(K)"; Expression = {[int]($_.PM / 1024)}}, - @{Label = "WS(K)"; Expression = {[int]($_.WS / 1024)}}, - @{Label = "VM(M)"; Expression = {[int]($_.VM / 1MB)}}, - @{Label = "CPU(s)"; Expression = {if ($_.CPU) {$_.CPU.ToString("N")}}}, - Id, ProcessName, StartTime -AutoSize +Get-Process -Name pwsh | Format-Table -Property @( + @{ Name = 'NPM(K)'; Expression = { [int] ($_.NPM / 1KB) } } + @{ Name = 'PM(M)'; Expression = { [int] ($_.PM / 1MB) } } + @{ Name = 'WS(M)'; Expression = { [int] ($_.WS / 1MB) } } + @{ Name = 'CPU(s)'; Expression = { if ($_.CPU) { $_.CPU.ToString('N') } } } + 'Id' + @{ Name = 'SI'; Expression = 'SessionId' } + 'ProcessName' + 'StartTime' +) -AutoSize ``` ```Output -NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName StartTime ------- ----- ----- ----- ------ -- ----------- --------- - 143 239540 259384 2366162 22.73 12720 pwsh 12/5/2022 3:21:51 PM - 114 61776 104588 2366127 11.45 18336 pwsh 12/5/2022 7:30:53 AM - 156 77924 82060 2366185 10.47 18812 pwsh 12/5/2022 7:30:52 AM - 85 48216 115192 2366074 1.14 24428 pwsh 12/8/2022 9:14:15 AM +NPM(K) PM(M) WS(M) CPU(s) Id SI ProcessName StartTime +------ ----- ----- ------ -- -- ----------- --------- + 84 46 79 18.297 3188 1 pwsh 4/14/2025 10:40:10 AM + 66 30 90 4.328 4640 1 pwsh 4/13/2025 3:33:50 PM + 66 30 90 4.516 9204 1 pwsh 4/14/2025 9:54:27 AM ``` -This example retrieves processes from the local computer. The retrieved processes are piped to the -`Format-Table` command that adds the **StartTime** property to the standard `Get-Process` output -display. +This example retrieves processes from the local computer and pipes each **Process** object to the +`Format-Table` cmdlet. `Format-Table` recreates the default output display of a **Process** object +using a mixture of property names and +[calculated properties](../Microsoft.PowerShell.Core/About/about_Calculated_Properties.md). The +display includes an additional **StartTime** property not present in the default display. ### Example 6: Get version information for a process ```powershell -Get-Process pwsh -FileVersionInfo +Get-Process -Name pwsh -FileVersionInfo ``` ```Output ProductVersion FileVersion FileName -------------- ----------- -------- -6.1.2 6.1.2 C:\Program Files\PowerShell\6\pwsh.exe +7.5.0 SHA: 99da… 7.5.0.500 C:\Program Files\PowerShell\7\pwsh.exe ``` -This command uses the **FileVersionInfo** parameter to get the version information for the -`pwsh.exe` file that is the main module for the PowerShell process. +This command uses the **FileVersionInfo** parameter to get file version information for the main +module of the `pwsh` process. The main module is the file used to start the process, which +in this case is `pwsh.exe`. -To run this command with processes that you do not own on Windows Vista and later versions of -Windows, you must open PowerShell with the **Run as administrator** option. +To use this command with processes that you don't own on Windows Vista and later versions of +Windows, you must run PowerShell with elevated user rights (**Run as administrator**). ### Example 7: Get modules loaded with the specified process ```powershell -Get-Process SQL* -Module +Get-Process -Name SQL* -Module ``` -This command uses the **Module** parameter to get the modules that have been loaded by the process. -This command gets the modules for the processes that have names that begin with `SQL`. +This command uses the **Module** parameter to get the modules loaded by all processes with a name +beginning with `SQL`. -To run this command on Windows Vista and later versions of Windows with processes that you do not -own, you must start PowerShell with the **Run as administrator** option. +To use this command with processes that you don't own on Windows Vista and later versions of +Windows, you must run PowerShell with elevated user rights (**Run as administrator**). ### Example 8: Find the owner of a process ```powershell -Get-Process pwsh -IncludeUserName +Get-Process -Name pwsh -IncludeUserName +``` + +```Output +WS(M) CPU(s) Id UserName ProcessName +----- ------ -- -------- ----------- +46.53 21.70 3188 DOMAIN01\user01 pwsh +``` + +```powershell +Get-CimInstance -ClassName Win32_Process -Filter "name='pwsh.exe'" | + Invoke-CimMethod -MethodName GetOwner ``` ```Output -Handles WS(K) CPU(s) Id UserName ProcessName -------- ----- ------ -- -------- ----------- - 782 132080 2.08 2188 DOMAIN01\user01 pwsh +Domain ReturnValue User PSComputerName +------ ----------- ---- -------------- +DOMAIN01 0 user01 ``` -This command shows how to find the owner of a process. -On Windows, the **IncludeUserName** parameter requires elevated user rights -(**Run as Administrator**). -The output reveals that the owner is `Domain01\user01`. +The first command shows how to get the owner of a process. The output reveals that the owner is +`DOMAIN01\user01`. + +The second pipeline shows a different way to get the owner of a process using `Get-CimInstance` and +`Invoke-CimMethod`. The **Win32_Process** class with a filter retrieves `pwsh` processes and the +invoked `GetOwner()` method returns information on the process's **Domain** and **User**. This +method is only available on Windows and doesn't require elevated user rights. ### Example 9: Use an automatic variable to identify the process hosting the current session ```powershell -Get-Process pwsh +Get-Process -Name pwsh ``` ```Output @@ -215,26 +246,26 @@ NPM(K) PM(M) WS(M) CPU(s) Id SI ProcessName 83 96.21 77.53 4.39 1192 10 pwsh ``` -These commands show how to use the `$PID` automatic variable to identify the process that is hosting +These commands show how to use the `$PID` automatic variable to identify the process that's hosting the current PowerShell session. You can use this method to distinguish the host process from other -PowerShell processes that you might want to stop or close. - -The first command gets all of the PowerShell processes in the current session. +`pwsh` processes that you might want to control. -The second command gets the PowerShell process that is hosting the current session. +The first command gets all `pwsh` processes running. The second command gets the `pwsh` process +that's hosting the current session. ### Example 10: Get all processes that have a main window title and display them in a table ```powershell -Get-Process | Where-Object {$_.MainWindowTitle} | Format-Table Id, Name, MainWindowTitle -AutoSize +Get-Process | + Where-Object -Property MainWindowTitle | + Format-Table -Property Id, Name, MainWindowTitle -AutoSize ``` -This command gets all the processes that have a main window title, and it displays them in a table -with the process ID and the process name. +This pipeline gets all processes that have a main window title, and displays them in a table with +the process ID and name. -The **MainWindowTitle** property is just one of many useful properties of the **Process** object -that `Get-Process` returns. To view all of the properties, pipe the results of a `Get-Process` -command to the `Get-Member` cmdlet `Get-Process | Get-Member`. +**MainWindowTitle** is one of many useful properties of the **Diagnostics.Process** object type that +`Get-Process` returns. To view all properties, use `Get-Process | Get-Member`. ## PARAMETERS @@ -243,13 +274,13 @@ command to the `Get-Member` cmdlet `Get-Process | Get-Member`. Indicates that this cmdlet gets the file version information for the program that runs in the process. -On Windows Vista and later versions of Windows, you must open PowerShell with the **Run as -administrator** option to use this parameter on processes that you do not own. +On Windows Vista and later versions of Windows, you must run PowerShell with elevated user rights +(**Run as administrator**) to use this parameter on processes that you don't own. -Using this parameter is equivalent to getting the **MainModule.FileVersionInfo** property of each -process object. When you use this parameter, `Get-Process` returns a **FileVersionInfo** object -**System.Diagnostics.FileVersionInfo**, not a process object. So, you cannot pipe the output of the -command to a cmdlet that expects a process object, such as `Stop-Process`. +Using this parameter is the same as accessing the **MainModule.FileVersionInfo** property of each +**Process** object. When you use this parameter, `Get-Process` returns a **FileVersionInfo** +object, not a **Process** object. You can't pipe output produced using this parameter to a cmdlet +that expects a **Process** object, such as `Stop-Process`. ```yaml Type: System.Management.Automation.SwitchParameter @@ -265,8 +296,9 @@ Accept wildcard characters: False ### -Id -Specifies one or more processes by process ID (PID). To specify multiple IDs, use commas to separate -the IDs. To find the PID of a process, type `Get-Process`. +Specifies one or more processes by process ID (PID). You can specify multiple IDs separated by +commas. To get the PID of a process, use `Get-Process`. To get the PID of the current PowerShell +session, use `$PID`. ```yaml Type: System.Int32[] @@ -282,7 +314,7 @@ Accept wildcard characters: False ### -IncludeUserName -Indicates that the UserName value of the **Process** object is returned with results of the command. +Indicates that this command adds a **UserName** property to each returned **Process** object. ```yaml Type: System.Management.Automation.SwitchParameter @@ -298,7 +330,7 @@ Accept wildcard characters: False ### -InputObject -Specifies one or more process objects. Enter a variable that contains the objects, or type a command +Specifies one or more **Process** objects. Use a variable that contains the objects, or a command or expression that gets the objects. ```yaml @@ -315,18 +347,18 @@ Accept wildcard characters: False ### -Module -Indicates that this cmdlet gets the modules that have been loaded by the processes. +Indicates that this cmdlet gets the modules that the process has loaded. -On Windows Vista and later versions of Windows, you must open PowerShell with the **Run as -administrator** option to use this parameter on processes that you do not own. +On Windows Vista and later versions of Windows, you must run PowerShell with elevated user rights +(**Run as administrator**) to use this parameter on processes that you don't own. -This parameter is equivalent to getting the **Modules** property of each process object. When you -use this parameter, this cmdlet returns a **ProcessModule** object -**System.Diagnostics.ProcessModule**, not a process object. So, you cannot pipe the output of the -command to a cmdlet that expects a process object, such as `Stop-Process`. +Using this parameter is the same as accessing the **Modules** property of each **Process** object. +When you use this parameter, `Get-Process` returns a **ProcessModule** object, not a **Process** +object. You can't pipe output produced using this parameter to a cmdlet that expects a **Process** +object, such as `Stop-Process`. -When you use both the **Module** and **FileVersionInfo** parameters in the same command, this cmdlet -returns a **FileVersionInfo** object with information about the file version of all modules. +When you use both the **Module** and **FileVersionInfo** parameters together, this cmdlet returns a +**FileVersionInfo** object with information about the file version of all modules. ```yaml Type: System.Management.Automation.SwitchParameter @@ -342,8 +374,8 @@ Accept wildcard characters: False ### -Name -Specifies one or more processes by process name. You can type multiple process names (separated by -commas) and use wildcard characters. The parameter name (`Name`) is optional. +Specifies one or more processes by process name. You can specify multiple process names separated by +commas and use wildcard characters. Using the `-Name` parameter is optional. ```yaml Type: System.String[] @@ -368,7 +400,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ### System.Diagnostics.Process -You can pipe a process object to this cmdlet. +You can pipe **Process** objects to this cmdlet. ## OUTPUTS @@ -378,12 +410,13 @@ By default, this cmdlet returns a **System.Diagnostics.Process** object. ### System.Diagnostics.FileVersionInfo -If you use the **FileVersionInfo** parameter, this cmdlet returns a **FileVersionInfo** object. +If you use the **FileVersionInfo** parameter, this cmdlet returns a +**System.Diagnostics.FileVersionInfo** object. ### System.Diagnostics.ProcessModule - If you use the **Module** parameter, without the **FileVersionInfo** parameter, this cmdlet returns -a **ProcessModule** object. +If you use the **Module** parameter, without the **FileVersionInfo** parameter, this cmdlet returns +a **System.Diagnostics.ProcessModule** object. ## NOTES @@ -394,34 +427,42 @@ PowerShell includes the following aliases for `Get-Process`: - Windows: - `ps` -On computers that are running a 64-bit version of Windows, the 64-bit version of PowerShell gets -only 64-bit process modules and the 32-bit version of PowerShell gets only 32-bit process modules. +On computers running 64-bit Windows, the 64-bit version of PowerShell gets the main module and +64-bit process modules. The 32-bit version of PowerShell gets only 32-bit process modules. + +> [!WARNING] +> When you use `Get-Process` to get a 64-bit process in the 32-bit version of PowerShell, properties +> such as `Path` and `MainModule` of the returned **Process** object are `$null`. You must use +> either the 64-bit version of PowerShell or the +> [Win32_Process](/windows/desktop/CIMWin32Prov/win32-process) class. To get process information from a remote computer, use the `Invoke-Command` cmdlet. For more -information, see [Invoke-Command](xref:Microsoft.PowerShell.Core.Invoke-Command). +information, see [Invoke-Command](../Microsoft.PowerShell.Core/Invoke-Command.md). + +On Windows, you can use the Windows Management Instrumentation (WMI) +[Win32_Process](/windows/desktop/CIMWin32Prov/win32-process) class in PowerShell as an alternative +to `Get-Process`. For more information, see: -You can use the properties and methods of the Windows Management Instrumentation (WMI) -**Win32_Process** object in PowerShell. For information, see -[Win32_Process](/windows/win32/cimwin32prov/win32-process). +- [Example 8: Find the owner of a process](#example-8-find-the-owner-of-a-process) +- [Get-CimInstance](../CimCmdlets/Get-CimInstance.md) -The default display of a process is a table that includes the following columns. For a description -of all of the properties of process objects, see -[Process Properties](/dotnet/api/system.diagnostics.process). +The default display of a **Process** object is a table view that includes the following columns. -- **Handles**: The number of handles that the process has opened. - **NPM(K)**: The amount of non-paged memory that the process is using, in kilobytes. -- **PM(K)**: The amount of pageable memory that the process is using, in kilobytes. -- **WS(K)**: The size of the working set of the process, in kilobytes. The working set consists of +- **PM(M)**: The amount of pageable memory that the process is using, in megabytes. +- **WS(M)**: The size of the working set of the process, in megabytes. The working set consists of the pages of memory that were recently referenced by the process. -- **VM(M)**: The amount of virtual memory that the process is using, in megabytes. Virtual memory - includes storage in the paging files on disk. - **CPU(s)**: The amount of processor time that the process has used on all processors, in seconds. - **Id**: The process ID (PID) of the process. -- **ProcessName**: The name of the process. For explanations of the concepts related to processes, - see the Glossary in Help and Support Center and the Help for Task Manager. +- **SI**: The session ID of the process. +- **ProcessName**: The name of the process. -You can also use the built-in alternate views of the processes available with `Format-Table`, such -as **StartTime** and **Priority**, and you can design your own views. +You can use the built-in alternate views for **Process** objects available with `Format-Table`, such +as **StartTime** and **Priority**. You can also design your own views. + +For a description of all available **Process** object members, see +[Process Properties](xref:System.Diagnostics.Process#properties) and +[Process Methods](xref:System.Diagnostics.Process#methods). ## RELATED LINKS @@ -434,3 +475,5 @@ as **StartTime** and **Priority**, and you can design your own views. [Stop-Process](Stop-Process.md) [Wait-Process](Wait-Process.md) + +[Where-Object](../Microsoft.PowerShell.Core/Where-Object.md) diff --git a/reference/7.4/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md b/reference/7.4/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md index 2806ab25cb68..4a9295aa98a1 100644 --- a/reference/7.4/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md +++ b/reference/7.4/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md @@ -2,7 +2,7 @@ external help file: Microsoft.PowerShell.Security.dll-Help.xml Locale: en-US Module Name: Microsoft.PowerShell.Security -ms.date: 03/04/2024 +ms.date: 04/15/2025 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-7.4&WT.mc_id=ps-gethelp schema: 2.0.0 title: Set-ExecutionPolicy @@ -25,7 +25,8 @@ Set-ExecutionPolicy [-ExecutionPolicy] [[-Scope] -IncludeUserName [] The `Get-Process` cmdlet gets the processes on a local computer. -Without parameters, this cmdlet gets all the processes on the local computer. You can also specify a -particular process by process name or process ID (PID) or pass a process object through the pipeline -to this cmdlet. +Without parameters, this cmdlet gets all processes on the local computer. You can also specify a +specific process by process name or process ID (PID), or by piping a **System.Diagnostics.Process** +object to this cmdlet. -By default, this cmdlet returns a process object that has detailed information about the process and -supports methods that let you start and stop the process. You can also use the parameters of the -`Get-Process` cmdlet to get file version information for the program that runs in the process and to -get the modules that the process loaded. +By default, this cmdlet returns a **Process** object that has detailed information about the process +and supports methods that let you control it. With parameters, you can change the type of +information returned by this cmdlet. + +- **Module**: Retrieve information for each module loaded into the process. +- **FileVersionInfo**: Retrieve file version information for the main module of the process. + +> [!NOTE] +> A module is an executable file or a dynamic link library (DLL) loaded into a process. A process +> has one or more modules. The main module is the module used to initially start the process. For +> more information, see [ProcessModule Class](/dotnet/api/system.diagnostics.processmodule). ## EXAMPLES -### Example 1: Get a list of all active processes on the local computer +### Example 1: Get a list of all running processes on the local computer ```powershell Get-Process ``` -This command gets a list of all active processes running on the local computer. For a definition of -each column, see the [Notes](#notes) section. +This command gets a list of all running processes on the local computer. For a definition of each +display column, see the [NOTES](#notes) section. -### Example 2: Get all available data about one or more processes +To see all properties of a **Process** object, use `Get-Process | Get-Member`. By default, +PowerShell displays certain property values using units such as kilobytes (K) and megabytes (M). The +actual values when accessed with the member-access operator (`.`) are in bytes. + +### Example 2: Display detailed information about one or more processes ```powershell Get-Process winword, explorer | Format-List * ``` -This command gets all available data about the Winword and Explorer processes on the computer. It -uses the **Name** parameter to specify the processes, but it omits the optional parameter name. The -pipeline operator (`|`) passes the data to the `Format-List` cmdlet, which displays all available -properties (`*`) of the Winword and Explorer process objects. +This pipeline displays detailed information about the `winword` and `explorer` processes on the +computer. It uses the **Name** parameter to specify the processes, but it omits the optional +parameter name. The pipeline operator (`|`) pipes **Process** objects to the `Format-List` +cmdlet, which displays all available properties (`*`) and their values for each object. You can also identify the processes by their process IDs. For instance, `Get-Process -Id 664, 2060`. ### Example 3: Get all processes with a working set greater than a specified size ```powershell -Get-Process | Where-Object {$_.WorkingSet -gt 20000000} +Get-Process | Where-Object { $_.WorkingSet -gt 20971520 } +Get-Process | Where-Object WorkingSet -GT 20MB ``` -This command gets all processes that have a working set greater than 20 MB. It uses the -`Get-Process` cmdlet to get all running processes. The pipeline operator (`|`) passes the process -objects to the `Where-Object` cmdlet, which selects only the object with a value greater than -20,000,000 bytes for the **WorkingSet** property. +The `Get-Process` cmdlet returns the running processes. The output is piped to the `Where-Object` +cmdlet, which selects the objects with a **WorkingSet** value greater than 20,971,520 bytes. -**WorkingSet** is one of many properties of process objects. To see all the properties, type -`Get-Process | Get-Member`. By default, the values of all amount properties are in bytes, even -though the default display lists them in kilobytes and megabytes. +In the first example, `Where-Object` uses a scriptblock to compare the **WorkingSet** property of +each **Process** object. In the second example, the `Where-Object` cmdlet uses the simplified syntax +to compare the **WorkingSet** property. In this case, `-GT` is a parameter, not a comparison +operator. The second example also uses a +[numeric literal suffix](../Microsoft.PowerShell.Core/About/about_Numeric_Literals.md) as a concise +alternative to `20971520`. In PowerShell, `MB` represents a mebibyte (MiB) multiplier. `20MB` is +equal to 20,971,520 bytes. -### Example 4: List processes on the computer in groups based on priority +### Example 4: Display processes on the computer in groups based on priority ```powershell -$A = Get-Process -$A | Get-Process | Format-Table -View Priority +$processes = Get-Process +$processes | Sort-Object { $_.PriorityClass } | Format-Table -View Priority ``` -These commands list the processes on the computer in groups based on their priority class. The first -command gets all the processes on the computer and then stores them in the `$A` variable. - -The second command pipes the **Process** object stored in the `$A` variable to the `Get-Process` -cmdlet, then to the `Format-Table` cmdlet, which formats the processes by using the **Priority** -view. +These commands display processes on the computer in groups based on their +[priority class](/dotnet/api/system.diagnostics.processpriorityclass). The first command gets all +processes on the computer and stores them in the `$processes` variable. -The **Priority** view, and other views, are defined in the PS1XML format files in the PowerShell -home directory (`$PSHOME`). +The second command pipes the **Process** objects stored in the `$processes` variable to the +`Sort-Object` cmdlet, then to the `Format-Table` cmdlet, which formats the processes using the +**Priority** view. -### Example 5: Add a property to the standard Get-Process output display +### Example 5: Add a property to the default `Get-Process` output display ```powershell -Get-Process pwsh | Format-Table ` - @{Label = "NPM(K)"; Expression = {[int]($_.NPM / 1024)}}, - @{Label = "PM(K)"; Expression = {[int]($_.PM / 1024)}}, - @{Label = "WS(K)"; Expression = {[int]($_.WS / 1024)}}, - @{Label = "VM(M)"; Expression = {[int]($_.VM / 1MB)}}, - @{Label = "CPU(s)"; Expression = {if ($_.CPU) {$_.CPU.ToString("N")}}}, - Id, ProcessName, StartTime -AutoSize +Get-Process -Name pwsh | Format-Table -Property @( + @{ Name = 'NPM(K)'; Expression = { [int] ($_.NPM / 1KB) } } + @{ Name = 'PM(M)'; Expression = { [int] ($_.PM / 1MB) } } + @{ Name = 'WS(M)'; Expression = { [int] ($_.WS / 1MB) } } + @{ Name = 'CPU(s)'; Expression = { if ($_.CPU) { $_.CPU.ToString('N') } } } + 'Id' + @{ Name = 'SI'; Expression = 'SessionId' } + 'ProcessName' + 'StartTime' +) -AutoSize ``` ```Output -NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName StartTime ------- ----- ----- ----- ------ -- ----------- --------- - 143 239540 259384 2366162 22.73 12720 pwsh 12/5/2022 3:21:51 PM - 114 61776 104588 2366127 11.45 18336 pwsh 12/5/2022 7:30:53 AM - 156 77924 82060 2366185 10.47 18812 pwsh 12/5/2022 7:30:52 AM - 85 48216 115192 2366074 1.14 24428 pwsh 12/8/2022 9:14:15 AM +NPM(K) PM(M) WS(M) CPU(s) Id SI ProcessName StartTime +------ ----- ----- ------ -- -- ----------- --------- + 84 46 79 18.297 3188 1 pwsh 4/14/2025 10:40:10 AM + 66 30 90 4.328 4640 1 pwsh 4/13/2025 3:33:50 PM + 66 30 90 4.516 9204 1 pwsh 4/14/2025 9:54:27 AM ``` -This example retrieves processes from the local computer. The retrieved processes are piped to the -`Format-Table` command that adds the **StartTime** property to the standard `Get-Process` output -display. +This example retrieves processes from the local computer and pipes each **Process** object to the +`Format-Table` cmdlet. `Format-Table` recreates the default output display of a **Process** object +using a mixture of property names and +[calculated properties](../Microsoft.PowerShell.Core/About/about_Calculated_Properties.md). The +display includes an additional **StartTime** property not present in the default display. ### Example 6: Get version information for a process ```powershell -Get-Process pwsh -FileVersionInfo +Get-Process -Name pwsh -FileVersionInfo ``` ```Output ProductVersion FileVersion FileName -------------- ----------- -------- -6.1.2 6.1.2 C:\Program Files\PowerShell\6\pwsh.exe +7.5.0 SHA: 99da… 7.5.0.500 C:\Program Files\PowerShell\7\pwsh.exe ``` -This command uses the **FileVersionInfo** parameter to get the version information for the -`pwsh.exe` file that's the main module for the PowerShell process. +This command uses the **FileVersionInfo** parameter to get file version information for the main +module of the `pwsh` process. The main module is the file used to start the process, which +in this case is `pwsh.exe`. -To run this command with processes that you don't own on Windows Vista and later versions of -Windows, you must open PowerShell with the **Run as administrator** option. +To use this command with processes that you don't own on Windows Vista and later versions of +Windows, you must run PowerShell with elevated user rights (**Run as administrator**). ### Example 7: Get modules loaded with the specified process ```powershell -Get-Process SQL* -Module +Get-Process -Name SQL* -Module ``` -This command uses the **Module** parameter to get the modules that have been loaded by the process. -This command gets the modules for the processes that have names that begin with `SQL`. +This command uses the **Module** parameter to get the modules loaded by all processes with a name +beginning with `SQL`. -To run this command on Windows Vista and later versions of Windows with processes that you don't -own, you must start PowerShell with the **Run as administrator** option. +To use this command with processes that you don't own on Windows Vista and later versions of +Windows, you must run PowerShell with elevated user rights (**Run as administrator**). ### Example 8: Find the owner of a process ```powershell -Get-Process pwsh -IncludeUserName +Get-Process -Name pwsh -IncludeUserName +``` + +```Output +WS(M) CPU(s) Id UserName ProcessName +----- ------ -- -------- ----------- +46.53 21.70 3188 DOMAIN01\user01 pwsh +``` + +```powershell +Get-CimInstance -ClassName Win32_Process -Filter "name='pwsh.exe'" | + Invoke-CimMethod -MethodName GetOwner ``` ```Output -Handles WS(K) CPU(s) Id UserName ProcessName -------- ----- ------ -- -------- ----------- - 782 132080 2.08 2188 DOMAIN01\user01 pwsh +Domain ReturnValue User PSComputerName +------ ----------- ---- -------------- +DOMAIN01 0 user01 ``` -This command shows how to find the owner of a process. -On Windows, the **IncludeUserName** parameter requires elevated user rights -(**Run as Administrator**) to view the users of processes that aren't running -as the current user. -The output reveals that the owner is `Domain01\user01`. +The first command shows how to get the owner of a process. The output reveals that the owner is +`DOMAIN01\user01`. + +The second pipeline shows a different way to get the owner of a process using `Get-CimInstance` and +`Invoke-CimMethod`. The **Win32_Process** class with a filter retrieves `pwsh` processes and the +invoked `GetOwner()` method returns information on the process's **Domain** and **User**. This +method is only available on Windows and doesn't require elevated user rights. ### Example 9: Use an automatic variable to identify the process hosting the current session ```powershell -Get-Process pwsh +Get-Process -Name pwsh ``` ```Output @@ -218,24 +248,24 @@ NPM(K) PM(M) WS(M) CPU(s) Id SI ProcessName These commands show how to use the `$PID` automatic variable to identify the process that's hosting the current PowerShell session. You can use this method to distinguish the host process from other -PowerShell processes that you might want to stop or close. - -The first command gets all the PowerShell processes in the current session. +`pwsh` processes that you might want to control. -The second command gets the PowerShell process that's hosting the current session. +The first command gets all `pwsh` processes running. The second command gets the `pwsh` process +that's hosting the current session. ### Example 10: Get all processes that have a main window title and display them in a table ```powershell -Get-Process | Where-Object {$_.MainWindowTitle} | Format-Table Id, Name, MainWindowTitle -AutoSize +Get-Process | + Where-Object -Property MainWindowTitle | + Format-Table -Property Id, Name, MainWindowTitle -AutoSize ``` -This command gets all the processes that have a main window title, and it displays them in a table -with the process ID and the process name. +This pipeline gets all processes that have a main window title, and displays them in a table with +the process ID and name. -The **MainWindowTitle** property is just one of many useful properties of the **Process** object -that `Get-Process` returns. To view all the properties, pipe the results of a `Get-Process` -command to the `Get-Member` cmdlet `Get-Process | Get-Member`. +**MainWindowTitle** is one of many useful properties of the **Diagnostics.Process** object type that +`Get-Process` returns. To view all properties, use `Get-Process | Get-Member`. ## PARAMETERS @@ -244,13 +274,13 @@ command to the `Get-Member` cmdlet `Get-Process | Get-Member`. Indicates that this cmdlet gets the file version information for the program that runs in the process. -On Windows, you must open PowerShell with the **Run as administrator** option to use this parameter -on processes that you don't own. +On Windows Vista and later versions of Windows, you must run PowerShell with elevated user rights +(**Run as administrator**) to use this parameter on processes that you don't own. -Using this parameter is equivalent to getting the **MainModule.FileVersionInfo** property of each -process object. When you use this parameter, `Get-Process` returns a **FileVersionInfo** object -**System.Diagnostics.FileVersionInfo**, not a process object. Therefore, you can't pipe the output -of the command to a cmdlet that expects a process object, such as `Stop-Process`. +Using this parameter is the same as accessing the **MainModule.FileVersionInfo** property of each +**Process** object. When you use this parameter, `Get-Process` returns a **FileVersionInfo** +object, not a **Process** object. You can't pipe output produced using this parameter to a cmdlet +that expects a **Process** object, such as `Stop-Process`. ```yaml Type: System.Management.Automation.SwitchParameter @@ -266,8 +296,9 @@ Accept wildcard characters: False ### -Id -Specifies one or more processes by process ID (PID). To specify multiple IDs, use commas to separate -the IDs. To find the PID of a process, type `Get-Process`. +Specifies one or more processes by process ID (PID). You can specify multiple IDs separated by +commas. To get the PID of a process, use `Get-Process`. To get the PID of the current PowerShell +session, use `$PID`. ```yaml Type: System.Int32[] @@ -283,7 +314,7 @@ Accept wildcard characters: False ### -IncludeUserName -Indicates that the UserName value of the **Process** object is returned with results of the command. +Indicates that this command adds a **UserName** property to each returned **Process** object. ```yaml Type: System.Management.Automation.SwitchParameter @@ -299,7 +330,7 @@ Accept wildcard characters: False ### -InputObject -Specifies one or more process objects. Enter a variable that contains the objects, or type a command +Specifies one or more **Process** objects. Use a variable that contains the objects, or a command or expression that gets the objects. ```yaml @@ -316,18 +347,18 @@ Accept wildcard characters: False ### -Module -Indicates that this cmdlet gets the modules that have been loaded by the processes. +Indicates that this cmdlet gets the modules that the process has loaded. -On Windows Vista and later versions of Windows, you must open PowerShell with the **Run as -administrator** option to use this parameter on processes that you don't own. +On Windows Vista and later versions of Windows, you must run PowerShell with elevated user rights +(**Run as administrator**) to use this parameter on processes that you don't own. -This parameter is equivalent to getting the **Modules** property of each process object. When you -use this parameter, this cmdlet returns a **System.Diagnostics.ProcessModule** object , not a -process object. Therefore, you can't pipe the output of the command to a cmdlet that expects a -process object, such as `Stop-Process`. +Using this parameter is the same as accessing the **Modules** property of each **Process** object. +When you use this parameter, `Get-Process` returns a **ProcessModule** object, not a **Process** +object. You can't pipe output produced using this parameter to a cmdlet that expects a **Process** +object, such as `Stop-Process`. -When you use both the **Module** and **FileVersionInfo** parameters in the same command, this cmdlet -returns a **FileVersionInfo** object with information about the file version of all modules. +When you use both the **Module** and **FileVersionInfo** parameters together, this cmdlet returns a +**FileVersionInfo** object with information about the file version of all modules. ```yaml Type: System.Management.Automation.SwitchParameter @@ -343,8 +374,8 @@ Accept wildcard characters: False ### -Name -Specifies one or more processes by process name. You can type multiple process names (separated by -commas) and use wildcard characters. The parameter name (`Name`) is optional. +Specifies one or more processes by process name. You can specify multiple process names separated by +commas and use wildcard characters. Using the `-Name` parameter is optional. ```yaml Type: System.String[] @@ -369,7 +400,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ### System.Diagnostics.Process -You can pipe a process object to this cmdlet. +You can pipe **Process** objects to this cmdlet. ## OUTPUTS @@ -379,12 +410,13 @@ By default, this cmdlet returns a **System.Diagnostics.Process** object. ### System.Diagnostics.FileVersionInfo -If you use the **FileVersionInfo** parameter, this cmdlet returns a **FileVersionInfo** object. +If you use the **FileVersionInfo** parameter, this cmdlet returns a +**System.Diagnostics.FileVersionInfo** object. ### System.Diagnostics.ProcessModule - If you use the **Module** parameter, without the **FileVersionInfo** parameter, this cmdlet returns -a **ProcessModule** object. +If you use the **Module** parameter, without the **FileVersionInfo** parameter, this cmdlet returns +a **System.Diagnostics.ProcessModule** object. ## NOTES @@ -395,34 +427,42 @@ PowerShell includes the following aliases for `Get-Process`: - Windows: - `ps` -On computers that are running a 64-bit version of Windows, the 64-bit version of PowerShell gets -only 64-bit process modules and the 32-bit version of PowerShell gets only 32-bit process modules. +On computers running 64-bit Windows, the 64-bit version of PowerShell gets the main module and +64-bit process modules. The 32-bit version of PowerShell gets only 32-bit process modules. + +> [!WARNING] +> When you use `Get-Process` to get a 64-bit process in the 32-bit version of PowerShell, properties +> such as `Path` and `MainModule` of the returned **Process** object are `$null`. You must use +> either the 64-bit version of PowerShell or the +> [Win32_Process](/windows/desktop/CIMWin32Prov/win32-process) class. To get process information from a remote computer, use the `Invoke-Command` cmdlet. For more -information, see [Invoke-Command](xref:Microsoft.PowerShell.Core.Invoke-Command). +information, see [Invoke-Command](../Microsoft.PowerShell.Core/Invoke-Command.md). + +On Windows, you can use the Windows Management Instrumentation (WMI) +[Win32_Process](/windows/desktop/CIMWin32Prov/win32-process) class in PowerShell as an alternative +to `Get-Process`. For more information, see: -You can use the properties and methods of the Windows Management Instrumentation (WMI) -**Win32_Process** object in PowerShell. For information, see -[Win32_Process](/windows/win32/cimwin32prov/win32-process). +- [Example 8: Find the owner of a process](#example-8-find-the-owner-of-a-process) +- [Get-CimInstance](../CimCmdlets/Get-CimInstance.md) -The default display of a process is a table that includes the following columns. For a description -of all the properties of process objects, see -[Process Properties](/dotnet/api/system.diagnostics.process). +The default display of a **Process** object is a table view that includes the following columns. -- **Handles**: The number of handles that the process has opened. - **NPM(K)**: The amount of non-paged memory that the process is using, in kilobytes. -- **PM(K)**: The amount of pageable memory that the process is using, in kilobytes. -- **WS(K)**: The size of the working set of the process, in kilobytes. The working set consists of +- **PM(M)**: The amount of pageable memory that the process is using, in megabytes. +- **WS(M)**: The size of the working set of the process, in megabytes. The working set consists of the pages of memory that were recently referenced by the process. -- **VM(M)**: The amount of virtual memory that the process is using, in megabytes. Virtual memory - includes storage in the paging files on disk. - **CPU(s)**: The amount of processor time that the process has used on all processors, in seconds. - **Id**: The process ID (PID) of the process. -- **ProcessName**: The name of the process. For explanations of the concepts related to processes, - see the Glossary in Help and Support Center and the Help for Task Manager. +- **SI**: The session ID of the process. +- **ProcessName**: The name of the process. -You can also use the built-in alternate views of the processes available with `Format-Table`, such -as **StartTime** and **Priority**, and you can design your own views. +You can use the built-in alternate views for **Process** objects available with `Format-Table`, such +as **StartTime** and **Priority**. You can also design your own views. + +For a description of all available **Process** object members, see +[Process Properties](xref:System.Diagnostics.Process#properties) and +[Process Methods](xref:System.Diagnostics.Process#methods). ## RELATED LINKS @@ -435,3 +475,5 @@ as **StartTime** and **Priority**, and you can design your own views. [Stop-Process](Stop-Process.md) [Wait-Process](Wait-Process.md) + +[Where-Object](../Microsoft.PowerShell.Core/Where-Object.md) diff --git a/reference/7.5/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md b/reference/7.5/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md index ffb91977015e..cde2e45a986e 100644 --- a/reference/7.5/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md +++ b/reference/7.5/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md @@ -2,7 +2,7 @@ external help file: Microsoft.PowerShell.Security.dll-Help.xml Locale: en-US Module Name: Microsoft.PowerShell.Security -ms.date: 03/04/2024 +ms.date: 04/15/2025 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-7.5&WT.mc_id=ps-gethelp schema: 2.0.0 title: Set-ExecutionPolicy @@ -145,7 +145,7 @@ The effective execution policy for the user becomes `AllSigned`. ### Example 5: Remove the execution policy for the current user -This example shows how use the `Undefined` execution policy to remove an execution policy for a +This example shows how to use the `Undefined` execution policy to remove an execution policy for a specified scope. ```powershell diff --git a/reference/7.6/Microsoft.PowerShell.Management/Get-Process.md b/reference/7.6/Microsoft.PowerShell.Management/Get-Process.md index dc37a98e7fe9..e7064a8f748d 100644 --- a/reference/7.6/Microsoft.PowerShell.Management/Get-Process.md +++ b/reference/7.6/Microsoft.PowerShell.Management/Get-Process.md @@ -2,7 +2,7 @@ external help file: Microsoft.PowerShell.Commands.Management.dll-Help.xml Locale: en-US Module Name: Microsoft.PowerShell.Management -ms.date: 07/03/2023 +ms.date: 04/15/2025 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.management/get-process?view=powershell-7.6&WT.mc_id=ps-gethelp schema: 2.0.0 title: Get-Process @@ -55,148 +55,178 @@ Get-Process -InputObject -IncludeUserName [] The `Get-Process` cmdlet gets the processes on a local computer. -Without parameters, this cmdlet gets all the processes on the local computer. You can also specify a -particular process by process name or process ID (PID) or pass a process object through the pipeline -to this cmdlet. +Without parameters, this cmdlet gets all processes on the local computer. You can also specify a +specific process by process name or process ID (PID), or by piping a **System.Diagnostics.Process** +object to this cmdlet. -By default, this cmdlet returns a process object that has detailed information about the process and -supports methods that let you start and stop the process. You can also use the parameters of the -`Get-Process` cmdlet to get file version information for the program that runs in the process and to -get the modules that the process loaded. +By default, this cmdlet returns a **Process** object that has detailed information about the process +and supports methods that let you control it. With parameters, you can change the type of +information returned by this cmdlet. + +- **Module**: Retrieve information for each module loaded into the process. +- **FileVersionInfo**: Retrieve file version information for the main module of the process. + +> [!NOTE] +> A module is an executable file or a dynamic link library (DLL) loaded into a process. A process +> has one or more modules. The main module is the module used to initially start the process. For +> more information, see [ProcessModule Class](/dotnet/api/system.diagnostics.processmodule). ## EXAMPLES -### Example 1: Get a list of all active processes on the local computer +### Example 1: Get a list of all running processes on the local computer ```powershell Get-Process ``` -This command gets a list of all active processes running on the local computer. For a definition of -each column, see the [Notes](#notes) section. +This command gets a list of all running processes on the local computer. For a definition of each +display column, see the [NOTES](#notes) section. -### Example 2: Get all available data about one or more processes +To see all properties of a **Process** object, use `Get-Process | Get-Member`. By default, +PowerShell displays certain property values using units such as kilobytes (K) and megabytes (M). The +actual values when accessed with the member-access operator (`.`) are in bytes. + +### Example 2: Display detailed information about one or more processes ```powershell Get-Process winword, explorer | Format-List * ``` -This command gets all available data about the Winword and Explorer processes on the computer. It -uses the **Name** parameter to specify the processes, but it omits the optional parameter name. The -pipeline operator (`|`) passes the data to the `Format-List` cmdlet, which displays all available -properties (`*`) of the Winword and Explorer process objects. +This pipeline displays detailed information about the `winword` and `explorer` processes on the +computer. It uses the **Name** parameter to specify the processes, but it omits the optional +parameter name. The pipeline operator (`|`) pipes **Process** objects to the `Format-List` +cmdlet, which displays all available properties (`*`) and their values for each object. You can also identify the processes by their process IDs. For instance, `Get-Process -Id 664, 2060`. ### Example 3: Get all processes with a working set greater than a specified size ```powershell -Get-Process | Where-Object {$_.WorkingSet -gt 20000000} +Get-Process | Where-Object { $_.WorkingSet -gt 20971520 } +Get-Process | Where-Object WorkingSet -GT 20MB ``` -This command gets all processes that have a working set greater than 20 MB. It uses the -`Get-Process` cmdlet to get all running processes. The pipeline operator (`|`) passes the process -objects to the `Where-Object` cmdlet, which selects only the object with a value greater than -20,000,000 bytes for the **WorkingSet** property. +The `Get-Process` cmdlet returns the running processes. The output is piped to the `Where-Object` +cmdlet, which selects the objects with a **WorkingSet** value greater than 20,971,520 bytes. -**WorkingSet** is one of many properties of process objects. To see all the properties, type -`Get-Process | Get-Member`. By default, the values of all amount properties are in bytes, even -though the default display lists them in kilobytes and megabytes. +In the first example, `Where-Object` uses a scriptblock to compare the **WorkingSet** property of +each **Process** object. In the second example, the `Where-Object` cmdlet uses the simplified syntax +to compare the **WorkingSet** property. In this case, `-GT` is a parameter, not a comparison +operator. The second example also uses a +[numeric literal suffix](../Microsoft.PowerShell.Core/About/about_Numeric_Literals.md) as a concise +alternative to `20971520`. In PowerShell, `MB` represents a mebibyte (MiB) multiplier. `20MB` is +equal to 20,971,520 bytes. -### Example 4: List processes on the computer in groups based on priority +### Example 4: Display processes on the computer in groups based on priority ```powershell -$A = Get-Process -$A | Get-Process | Format-Table -View Priority +$processes = Get-Process +$processes | Sort-Object { $_.PriorityClass } | Format-Table -View Priority ``` -These commands list the processes on the computer in groups based on their priority class. The first -command gets all the processes on the computer and then stores them in the `$A` variable. - -The second command pipes the **Process** object stored in the `$A` variable to the `Get-Process` -cmdlet, then to the `Format-Table` cmdlet, which formats the processes by using the **Priority** -view. +These commands display processes on the computer in groups based on their +[priority class](/dotnet/api/system.diagnostics.processpriorityclass). The first command gets all +processes on the computer and stores them in the `$processes` variable. -The **Priority** view, and other views, are defined in the PS1XML format files in the PowerShell -home directory (`$PSHOME`). +The second command pipes the **Process** objects stored in the `$processes` variable to the +`Sort-Object` cmdlet, then to the `Format-Table` cmdlet, which formats the processes using the +**Priority** view. -### Example 5: Add a property to the standard Get-Process output display +### Example 5: Add a property to the default `Get-Process` output display ```powershell -Get-Process pwsh | Format-Table ` - @{Label = "NPM(K)"; Expression = {[int]($_.NPM / 1024)}}, - @{Label = "PM(K)"; Expression = {[int]($_.PM / 1024)}}, - @{Label = "WS(K)"; Expression = {[int]($_.WS / 1024)}}, - @{Label = "VM(M)"; Expression = {[int]($_.VM / 1MB)}}, - @{Label = "CPU(s)"; Expression = {if ($_.CPU) {$_.CPU.ToString("N")}}}, - Id, ProcessName, StartTime -AutoSize +Get-Process -Name pwsh | Format-Table -Property @( + @{ Name = 'NPM(K)'; Expression = { [int] ($_.NPM / 1KB) } } + @{ Name = 'PM(M)'; Expression = { [int] ($_.PM / 1MB) } } + @{ Name = 'WS(M)'; Expression = { [int] ($_.WS / 1MB) } } + @{ Name = 'CPU(s)'; Expression = { if ($_.CPU) { $_.CPU.ToString('N') } } } + 'Id' + @{ Name = 'SI'; Expression = 'SessionId' } + 'ProcessName' + 'StartTime' +) -AutoSize ``` ```Output -NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName StartTime ------- ----- ----- ----- ------ -- ----------- --------- - 143 239540 259384 2366162 22.73 12720 pwsh 12/5/2022 3:21:51 PM - 114 61776 104588 2366127 11.45 18336 pwsh 12/5/2022 7:30:53 AM - 156 77924 82060 2366185 10.47 18812 pwsh 12/5/2022 7:30:52 AM - 85 48216 115192 2366074 1.14 24428 pwsh 12/8/2022 9:14:15 AM +NPM(K) PM(M) WS(M) CPU(s) Id SI ProcessName StartTime +------ ----- ----- ------ -- -- ----------- --------- + 84 46 79 18.297 3188 1 pwsh 4/14/2025 10:40:10 AM + 66 30 90 4.328 4640 1 pwsh 4/13/2025 3:33:50 PM + 66 30 90 4.516 9204 1 pwsh 4/14/2025 9:54:27 AM ``` -This example retrieves processes from the local computer. The retrieved processes are piped to the -`Format-Table` command that adds the **StartTime** property to the standard `Get-Process` output -display. +This example retrieves processes from the local computer and pipes each **Process** object to the +`Format-Table` cmdlet. `Format-Table` recreates the default output display of a **Process** object +using a mixture of property names and +[calculated properties](../Microsoft.PowerShell.Core/About/about_Calculated_Properties.md). The +display includes an additional **StartTime** property not present in the default display. ### Example 6: Get version information for a process ```powershell -Get-Process pwsh -FileVersionInfo +Get-Process -Name pwsh -FileVersionInfo ``` ```Output ProductVersion FileVersion FileName -------------- ----------- -------- -6.1.2 6.1.2 C:\Program Files\PowerShell\6\pwsh.exe +7.5.0 SHA: 99da… 7.5.0.500 C:\Program Files\PowerShell\7\pwsh.exe ``` -This command uses the **FileVersionInfo** parameter to get the version information for the -`pwsh.exe` file that's the main module for the PowerShell process. +This command uses the **FileVersionInfo** parameter to get file version information for the main +module of the `pwsh` process. The main module is the file used to start the process, which +in this case is `pwsh.exe`. -To run this command with processes that you don't own on Windows Vista and later versions of -Windows, you must open PowerShell with the **Run as administrator** option. +To use this command with processes that you don't own on Windows Vista and later versions of +Windows, you must run PowerShell with elevated user rights (**Run as administrator**). ### Example 7: Get modules loaded with the specified process ```powershell -Get-Process SQL* -Module +Get-Process -Name SQL* -Module ``` -This command uses the **Module** parameter to get the modules that have been loaded by the process. -This command gets the modules for the processes that have names that begin with `SQL`. +This command uses the **Module** parameter to get the modules loaded by all processes with a name +beginning with `SQL`. -To run this command on Windows Vista and later versions of Windows with processes that you don't -own, you must start PowerShell with the **Run as administrator** option. +To use this command with processes that you don't own on Windows Vista and later versions of +Windows, you must run PowerShell with elevated user rights (**Run as administrator**). ### Example 8: Find the owner of a process ```powershell -Get-Process pwsh -IncludeUserName +Get-Process -Name pwsh -IncludeUserName +``` + +```Output +WS(M) CPU(s) Id UserName ProcessName +----- ------ -- -------- ----------- +46.53 21.70 3188 DOMAIN01\user01 pwsh +``` + +```powershell +Get-CimInstance -ClassName Win32_Process -Filter "name='pwsh.exe'" | + Invoke-CimMethod -MethodName GetOwner ``` ```Output -Handles WS(K) CPU(s) Id UserName ProcessName -------- ----- ------ -- -------- ----------- - 782 132080 2.08 2188 DOMAIN01\user01 pwsh +Domain ReturnValue User PSComputerName +------ ----------- ---- -------------- +DOMAIN01 0 user01 ``` -This command shows how to find the owner of a process. -On Windows, the **IncludeUserName** parameter requires elevated user rights -(**Run as Administrator**) to view the users of processes that aren't running -as the current user. -The output reveals that the owner is `Domain01\user01`. +The first command shows how to get the owner of a process. The output reveals that the owner is +`DOMAIN01\user01`. + +The second pipeline shows a different way to get the owner of a process using `Get-CimInstance` and +`Invoke-CimMethod`. The **Win32_Process** class with a filter retrieves `pwsh` processes and the +invoked `GetOwner()` method returns information on the process's **Domain** and **User**. This +method is only available on Windows and doesn't require elevated user rights. ### Example 9: Use an automatic variable to identify the process hosting the current session ```powershell -Get-Process pwsh +Get-Process -Name pwsh ``` ```Output @@ -218,24 +248,24 @@ NPM(K) PM(M) WS(M) CPU(s) Id SI ProcessName These commands show how to use the `$PID` automatic variable to identify the process that's hosting the current PowerShell session. You can use this method to distinguish the host process from other -PowerShell processes that you might want to stop or close. - -The first command gets all the PowerShell processes in the current session. +`pwsh` processes that you might want to control. -The second command gets the PowerShell process that's hosting the current session. +The first command gets all `pwsh` processes running. The second command gets the `pwsh` process +that's hosting the current session. ### Example 10: Get all processes that have a main window title and display them in a table ```powershell -Get-Process | Where-Object {$_.MainWindowTitle} | Format-Table Id, Name, MainWindowTitle -AutoSize +Get-Process | + Where-Object -Property MainWindowTitle | + Format-Table -Property Id, Name, MainWindowTitle -AutoSize ``` -This command gets all the processes that have a main window title, and it displays them in a table -with the process ID and the process name. +This pipeline gets all processes that have a main window title, and displays them in a table with +the process ID and name. -The **MainWindowTitle** property is just one of many useful properties of the **Process** object -that `Get-Process` returns. To view all the properties, pipe the results of a `Get-Process` -command to the `Get-Member` cmdlet `Get-Process | Get-Member`. +**MainWindowTitle** is one of many useful properties of the **Diagnostics.Process** object type that +`Get-Process` returns. To view all properties, use `Get-Process | Get-Member`. ## PARAMETERS @@ -244,13 +274,13 @@ command to the `Get-Member` cmdlet `Get-Process | Get-Member`. Indicates that this cmdlet gets the file version information for the program that runs in the process. -On Windows, you must open PowerShell with the **Run as administrator** option to use this parameter -on processes that you don't own. +On Windows Vista and later versions of Windows, you must run PowerShell with elevated user rights +(**Run as administrator**) to use this parameter on processes that you don't own. -Using this parameter is equivalent to getting the **MainModule.FileVersionInfo** property of each -process object. When you use this parameter, `Get-Process` returns a **FileVersionInfo** object -**System.Diagnostics.FileVersionInfo**, not a process object. Therefore, you can't pipe the output -of the command to a cmdlet that expects a process object, such as `Stop-Process`. +Using this parameter is the same as accessing the **MainModule.FileVersionInfo** property of each +**Process** object. When you use this parameter, `Get-Process` returns a **FileVersionInfo** +object, not a **Process** object. You can't pipe output produced using this parameter to a cmdlet +that expects a **Process** object, such as `Stop-Process`. ```yaml Type: System.Management.Automation.SwitchParameter @@ -266,8 +296,9 @@ Accept wildcard characters: False ### -Id -Specifies one or more processes by process ID (PID). To specify multiple IDs, use commas to separate -the IDs. To find the PID of a process, type `Get-Process`. +Specifies one or more processes by process ID (PID). You can specify multiple IDs separated by +commas. To get the PID of a process, use `Get-Process`. To get the PID of the current PowerShell +session, use `$PID`. ```yaml Type: System.Int32[] @@ -283,7 +314,7 @@ Accept wildcard characters: False ### -IncludeUserName -Indicates that the UserName value of the **Process** object is returned with results of the command. +Indicates that this command adds a **UserName** property to each returned **Process** object. ```yaml Type: System.Management.Automation.SwitchParameter @@ -299,7 +330,7 @@ Accept wildcard characters: False ### -InputObject -Specifies one or more process objects. Enter a variable that contains the objects, or type a command +Specifies one or more **Process** objects. Use a variable that contains the objects, or a command or expression that gets the objects. ```yaml @@ -316,18 +347,18 @@ Accept wildcard characters: False ### -Module -Indicates that this cmdlet gets the modules that have been loaded by the processes. +Indicates that this cmdlet gets the modules that the process has loaded. -On Windows Vista and later versions of Windows, you must open PowerShell with the **Run as -administrator** option to use this parameter on processes that you don't own. +On Windows Vista and later versions of Windows, you must run PowerShell with elevated user rights +(**Run as administrator**) to use this parameter on processes that you don't own. -This parameter is equivalent to getting the **Modules** property of each process object. When you -use this parameter, this cmdlet returns a **System.Diagnostics.ProcessModule** object , not a -process object. Therefore, you can't pipe the output of the command to a cmdlet that expects a -process object, such as `Stop-Process`. +Using this parameter is the same as accessing the **Modules** property of each **Process** object. +When you use this parameter, `Get-Process` returns a **ProcessModule** object, not a **Process** +object. You can't pipe output produced using this parameter to a cmdlet that expects a **Process** +object, such as `Stop-Process`. -When you use both the **Module** and **FileVersionInfo** parameters in the same command, this cmdlet -returns a **FileVersionInfo** object with information about the file version of all modules. +When you use both the **Module** and **FileVersionInfo** parameters together, this cmdlet returns a +**FileVersionInfo** object with information about the file version of all modules. ```yaml Type: System.Management.Automation.SwitchParameter @@ -343,8 +374,8 @@ Accept wildcard characters: False ### -Name -Specifies one or more processes by process name. You can type multiple process names (separated by -commas) and use wildcard characters. The parameter name (`Name`) is optional. +Specifies one or more processes by process name. You can specify multiple process names separated by +commas and use wildcard characters. Using the `-Name` parameter is optional. ```yaml Type: System.String[] @@ -369,7 +400,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ### System.Diagnostics.Process -You can pipe a process object to this cmdlet. +You can pipe **Process** objects to this cmdlet. ## OUTPUTS @@ -379,12 +410,13 @@ By default, this cmdlet returns a **System.Diagnostics.Process** object. ### System.Diagnostics.FileVersionInfo -If you use the **FileVersionInfo** parameter, this cmdlet returns a **FileVersionInfo** object. +If you use the **FileVersionInfo** parameter, this cmdlet returns a +**System.Diagnostics.FileVersionInfo** object. ### System.Diagnostics.ProcessModule - If you use the **Module** parameter, without the **FileVersionInfo** parameter, this cmdlet returns -a **ProcessModule** object. +If you use the **Module** parameter, without the **FileVersionInfo** parameter, this cmdlet returns +a **System.Diagnostics.ProcessModule** object. ## NOTES @@ -395,34 +427,42 @@ PowerShell includes the following aliases for `Get-Process`: - Windows: - `ps` -On computers that are running a 64-bit version of Windows, the 64-bit version of PowerShell gets -only 64-bit process modules and the 32-bit version of PowerShell gets only 32-bit process modules. +On computers running 64-bit Windows, the 64-bit version of PowerShell gets the main module and +64-bit process modules. The 32-bit version of PowerShell gets only 32-bit process modules. + +> [!WARNING] +> When you use `Get-Process` to get a 64-bit process in the 32-bit version of PowerShell, properties +> such as `Path` and `MainModule` of the returned **Process** object are `$null`. You must use +> either the 64-bit version of PowerShell or the +> [Win32_Process](/windows/desktop/CIMWin32Prov/win32-process) class. To get process information from a remote computer, use the `Invoke-Command` cmdlet. For more -information, see [Invoke-Command](xref:Microsoft.PowerShell.Core.Invoke-Command). +information, see [Invoke-Command](../Microsoft.PowerShell.Core/Invoke-Command.md). + +On Windows, you can use the Windows Management Instrumentation (WMI) +[Win32_Process](/windows/desktop/CIMWin32Prov/win32-process) class in PowerShell as an alternative +to `Get-Process`. For more information, see: -You can use the properties and methods of the Windows Management Instrumentation (WMI) -**Win32_Process** object in PowerShell. For information, see -[Win32_Process](/windows/win32/cimwin32prov/win32-process). +- [Example 8: Find the owner of a process](#example-8-find-the-owner-of-a-process) +- [Get-CimInstance](../CimCmdlets/Get-CimInstance.md) -The default display of a process is a table that includes the following columns. For a description -of all the properties of process objects, see -[Process Properties](/dotnet/api/system.diagnostics.process). +The default display of a **Process** object is a table view that includes the following columns. -- **Handles**: The number of handles that the process has opened. - **NPM(K)**: The amount of non-paged memory that the process is using, in kilobytes. -- **PM(K)**: The amount of pageable memory that the process is using, in kilobytes. -- **WS(K)**: The size of the working set of the process, in kilobytes. The working set consists of +- **PM(M)**: The amount of pageable memory that the process is using, in megabytes. +- **WS(M)**: The size of the working set of the process, in megabytes. The working set consists of the pages of memory that were recently referenced by the process. -- **VM(M)**: The amount of virtual memory that the process is using, in megabytes. Virtual memory - includes storage in the paging files on disk. - **CPU(s)**: The amount of processor time that the process has used on all processors, in seconds. - **Id**: The process ID (PID) of the process. -- **ProcessName**: The name of the process. For explanations of the concepts related to processes, - see the Glossary in Help and Support Center and the Help for Task Manager. +- **SI**: The session ID of the process. +- **ProcessName**: The name of the process. -You can also use the built-in alternate views of the processes available with `Format-Table`, such -as **StartTime** and **Priority**, and you can design your own views. +You can use the built-in alternate views for **Process** objects available with `Format-Table`, such +as **StartTime** and **Priority**. You can also design your own views. + +For a description of all available **Process** object members, see +[Process Properties](xref:System.Diagnostics.Process#properties) and +[Process Methods](xref:System.Diagnostics.Process#methods). ## RELATED LINKS @@ -435,3 +475,5 @@ as **StartTime** and **Priority**, and you can design your own views. [Stop-Process](Stop-Process.md) [Wait-Process](Wait-Process.md) + +[Where-Object](../Microsoft.PowerShell.Core/Where-Object.md) diff --git a/reference/7.6/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md b/reference/7.6/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md index 6e5fd9611b80..5d381021ec86 100644 --- a/reference/7.6/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md +++ b/reference/7.6/Microsoft.PowerShell.Security/Set-ExecutionPolicy.md @@ -2,7 +2,7 @@ external help file: Microsoft.PowerShell.Security.dll-Help.xml Locale: en-US Module Name: Microsoft.PowerShell.Security -ms.date: 03/04/2024 +ms.date: 04/15/2025 online version: https://learn.microsoft.com/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-7.6&WT.mc_id=ps-gethelp schema: 2.0.0 title: Set-ExecutionPolicy @@ -25,7 +25,8 @@ Set-ExecutionPolicy [-ExecutionPolicy] [[-Scope]