I'm trying to automate some stuff and I need to be able to Stop-Process an application started via dotnet path\to\myProgram.dll.
I've tried Stop-Process -Name myProgram -PassThru but it says it can't find any process like that.
Just doing Stop-Process -Name dotnet -PassThru seems a bit spray'n'pray as there are several DotNet programs running and I want to stop a specific one.
How do I find the correct process to give to Stop-Process?
You can get the process running with specific commandline and stop it.
an Example below:
$Process = Get-CimInstance -ClassName Win32_PRocess -Filter "CommandLine='C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\powershell.exe'"
or
$Process = Get-CimInstance -ClassName Win32_PRocess -Filter "CommandLine LIKE '%powershell.exe'"
then
$Process | Invoke-WmiMethod -Name Terminate
Identify the command line used by the specific dotnet process and filter it with that cmdline.
Related
Good day good people.
Would someone please help me out I am trying to PS our enterprise servers to find all assets with a particular service on it and having no luck.
I tried
$servicename = "SERVICE_NAME"
$list = get-content "c:\security\comp_list.txt"
foreach ($server in $list) {
if (Get-Service $servicename -computername $server -ErrorAction 'SilentlyContinue'){
Write-Host "$servicename exists on $server
}
Any suggestions would be greatly appreciated. I'm still fairly new to PS.
My accepted answer to why Get-Service -ComputerName fails can be found in the link below and the resolution to the issue.
Powershell Results to Slack via Webhook question - Remote Server results
Summary
Differences between Windows PowerShell 5.1 and PowerShell 7.x
Please Note In Windows 7.2 the Get-Service command made use of DCOM and such functionality like '-ComputerName' is removed.
https://learn.microsoft.com/en-us/powershell/scripting/whats-new/differences-from-windows-powershell?view=powershell-7#remove--computername-from--service-cmdlets-5090
$server = $env:Computername
Invoke-Command -Computername $server -Scriptblock {Get-Service | where status -eq 'started;}
Get-Service cmdlet
The cmdlet gets the members, the properties and methods, of objects
get-service | get-member | sort Name
Names of services that start / contain 'App'
$Results = Get-Service -Name App | Select Name
Simple question but not able to find answer on google at the moment. My powershell version is 2. I want to flush and registerdns on multiple machines.
ipconfig /flushDns
ipconfig /registerdns
I can't use invoke command and psremoting is not enabled on machines.
Any advise how to flushdns & registerdns.
It's pretty easy with Invoke-wmimethod
Create a list of your computers in a file named servers.txt, then create a script like this :
$listofservers = Get-Content .\servers.txt
foreach ($servers in $listofservers) {
Invoke-WmiMethod -class Win32_process -name Create -ArgumentList ("cmd.exe /c ipconfig /flushdns") -ComputerName $servers
Invoke-WmiMethod -class Win32_process -name Create -ArgumentList ("cmd.exe /c ipconfig /registerdns") -ComputerName $servers
}
By default you'll not get the output of the command, but you'll only get information if the command sucessfully ran on remote computer through this value :
ReturnValue
If this value equal to 0 that means the command was sucessfully executed on the remote server.
If you want to get the command output, you can achieve it but adding output redirection to txt file :
$listofservers = Get-Content .\servers.txt
foreach ($servers in $listofservers) {
Invoke-WmiMethod -class Win32_process -name Create -ArgumentList ("cmd.exe /c ipconfig /flushdns > c:\flushdnsresult.txt") -ComputerName $servers
Invoke-WmiMethod -class Win32_process -name Create -ArgumentList ("cmd.exe /c ipconfig /registerdns > c:\registerdnsresult.txt") -ComputerName $servers
}
Then you'll find a txt file on your remote server containing the result output of cmd command.
If you upgrade your powershell version from 2 (highly recommended - I have a powershell & dotnet update script to do this also) you can use:
# Get Windows servers on Domain
####################
$serversraw=Get-ADComputer -Filter {(OperatingSystem -like "*windows*")}
# Filter responsive
####################
$serversup = $serversraw.name | where {Test-Connection $_ -quiet -count 1}
# Flush DNS & reregister
####################
Clear-DnsClientCache -cimsession $serversup
Register-DnsClientCache -cimsession $serversup
I have a following problem:
I'm in need of a code that will close all running process from a given path on a remote machine.
So far I've found and came up with those 2 lines but none of them actually work.
Get-Process | Where-Object {$_.Path -like "\\$computername\C$\Program Files (x86)\Adobe\Adobe Reader 10.0\Reader\**"} | Stop-Process -Force
This is the second line I've found but still does not want to work with me :)
Get-WmiObject Win32_Process -Filter "ExecutablePath LIKE '\\$computername\C$\Program Files (x86)\Adobe\Adobe Reader 10.0\Reader\'" -ComputerName $computername | Invoke-WmiMethod -Name Terminate
I will be happy to get some advice. Belive that this is something rather simple to do..I hope that is.. :)
Something like this should work:
(Get-WmiObject Win32_Process -ComputerName $computerName | ?{ $_.ExecutablePath -like "*Program Files (x86)\Adobe\Adobe Reader 10.0\Reader*" }).Terminate()
You might have to tweak the "like" expression, however.
Another way to approach this is to run that command local to the machine with PSRemoting.
Invoke-Command $computername -script {
Get-Process | Where-Object {$_.Path -like "c:\Program Files (x86)\Adobe\Adobe Reader 10.0\Reader\*"} | Stop-Process -Force
}
I am trying to restart an application pool remotely using powershell.
net use $ToPath $pass /USER:$usr
$appPool = get-wmiobject -computername $ToServerName -namespace "root\MicrosoftIISv2" -class "IIsApplicationPool" | Where-Object {$_.Name -eq "W3SVC/APPPOOLS/$appPoolName"} -Authentication PacketPrivacy
#(Get-WmiObject -Query "SELECT * FROM IIsApplicationPool WHERE Name = 'W3SVC/AppPools/$appPoolName'" -Namespace 'root\MicrosoftIISv2').Recycle()
$appPool.Recycle()
net use $ToPath /delete
I basically use the same command that I use to move files remotely, where I set up a net user. I get a Get-WMI exception
I wanted to make sure that this question was answered for those that come after me. It turns out that I was piping the -Authentication PacketPrivacy parameter to the wrong command
I have 3 instances of application running from different places. All processes have similar names.
How can I kill process that was launched from specific place?
You can get the application path:
Get-Process | Where-Object {$_.Path -like "*something*"} | Stop-Process -WhatIf
That will work for the local machine only. To terminate remote processes:
Get-WmiObject Win32_Process -Filter "ExecutablePath LIKE '%something%'" -ComputerName server1 | Invoke-WmiMethod -Name Terminate
I would like to slightly improve Shay Levy's answer, as it didn't work work well on my setup (version 4 of powershell)
Get-Process | Where-Object {$_.Path -like "*something*"} | Stop-Process -Force -processname {$_.ProcessName}
You can take a look at the MainModule property inside of the Process class (which can be invoked via powershell).
foreach (Process process in Process.GetProcesses())
{
if (process.MainModule.FileName == location)
{
process.Kill();
}
}
I'd also consider the possible exceptions that can occur while calling this code. This might occur if you're trying to access processes that are no longer present (killed since the last time GetProcess was called) or processes for while you do not have permissions.
Try this:
http://technet.microsoft.com/en-us/library/ee177004.aspx
Stop-Process -processname notepad
The below command kills processes wherein "something" is part of the path or is a command line parameter. It also proves useful for terminating powershell scripts such as powershell -command c:\my-place\something.ps1 running something.ps1 from place c:\my-place:
gwmi win32_process | Where-Object {$_.CommandLine -like "*something*"} | % { "$(Stop-Process $_.ProcessID)" }
The solution works locally on my 64bit Windows 10 machine.