You can use the following in Powershell to obtain the full path to where a specific process is running:
Get-Process | where{$_.Name -like "*iexplore*"} | Select Path
If I want to find this path for a service on a remote machine, I thought I could just utilise the following:
Get-Process -ComputerName $MyServer | where{$_.Name -like "*iexplore*"} | Select Path
However, this doesn't return anything. I can see that I can find the service itself with some details on current usage etc. but I cannot find the path for where the .exe file is located. (I also noticed I cannot see how many CPUs the process is using either).
Is there a way to find the path for the process?
Get-Process missing this, but you can use WMI:
Get-WmiObject -Class win32_process -ComputerName $MyServer -Filter 'name like "%iexplore%"' | select path
Related
I'm trying out a script to go grab installed software on servers remotely. Problem is I want it to output certain attribs including the computer name but I can't seem to figure out how to get the name inserted.
Here is what I have so far...
$servers = Get-QADComputer -SearchRoot "OU=servers,OU=mydomain:-),DC=COM" | Select Name
...which works fine of course. Then...
$servers | % {Get-WMIObject -Class Win32Reg_AddREmovePrograms} | select Displayname,Version,InstallDate,PSComputerName
... which provides the full list of software installed on all servers in that OU but the PSComputerName becomes MY COMPUTER (the computer I run the query from - not the computername of the system being queried). The goal is to have the servername the software is installed on on each line item of software. I've asked professor Google and don't seem to see anything helpful (or anything that I understand anyway).
Hope this makes sense. semi-amateur PS script writer so hopefully this is easy for you guys. Thanks in advance for your help
Your command:
Get-WMIObject -Class Win32Reg_AddREmovePrograms
Does not specify computer to query, so it just query computer command being executed on. Thus PSComputerName display MY COMPUTER, as MY COMPUTER is computer being queried. You have to specify -ComputerName parameter to Get-WMIObject cmdlet to query specific computer. And -ComputerName parameter accept array of computer names, so you can put array of computer names to it instead of using ForEach-Object cmdlet and query one computer at time.
Since the object returned from the WMI call doesn't contain the computer you made the request on, you need to include it yourself from include your ForEach-Object (%) block. You could use Add-Member to add it yourself, then do your Select-Object outside like you're doing now:
$servers | % {
Get-WMIObject -Class Win32Reg_AddREmovePrograms -ComputerName $_ |
Add-Member -MemberType NoteProperty -Name ComputerName -Value $_ -PassThru
} | select Displayname,Version,InstallDate,ComputerName
Another way is to move the Select-Object to inside the block and do it within there, by creating a new property on the fly with a hashtable:
$servers | % {
Get-WMIObject -Class Win32Reg_AddREmovePrograms -computername $_ |
Select-Object Displayname,Version,InstallDate,#{Name='ComputerName';Expression={$_}}
}
I am trying to open a command prompt to access folders of a USB connected windows phone. I have tried several commands like the following but to no avail.
wmic logicaldisk get name
GET-WMIOBJECT win32_diskdrive | Where { $_.InterfaceType -eq 'USB' }
Could someone suggest me the best way to accomplish this without using any tool?
My task is to access the mobile device to adjust language settings using PowerShell commands.
Phone : Lumia 1020 running Windows Phone 8.
To get a list of USB drives attached to the PC, execute this command.
Get-WmiObject Win32_Volume -Filter "DriveType='2'"
If your mobile is attached as a USB disk, it should show up. From the data you get back, you should be able to extract things like Caption, Label, Name and DriveLetter. Then you can automate things a little bit further:
cd (Get-WmiObject Win32_Volume -Filter "DriveType='2'" | Where-Object label -eq "YourDiskName").DriveLetter
EDIT: Since Get-WmiObject command is now depreciated, the preferred way is now to use Get-CimInstance.
Get-CimInstance -Query "SELECT * FROM Win32_LogicalDisk WHERE DriveType=2"
You can get the phone's top-level directory using this function, then add the root folder name from explorer e.g. 'Internal Shared Storage', 'Card', etc.
function Get-PhoneMainDir($phoneName) {
$o = New-Object -com Shell.Application
$rootComputerDirectory = $o.NameSpace(0x11)
$phoneDirectory = $rootComputerDirectory.Items() | Where-Object {
$_.Name -eq $phoneName } | select -First 1
if ($phoneDirectory -eq $null) {
throw "Not found '$phoneName' folder in This computer. Connect your phone."
}
return $phoneDirectory;
}
$phoneName is the name of the phone in Explorer, e.g. 'Pixel 5a'
A full example is available here:
https://github.com/nosalan/powershell-mtp-file-transfer/blob/master/phone_backup_recursive.ps1
I have a following problem:
I'm in need of a code that will close all running process from a given path on a remote machine.
So far I've found and came up with those 2 lines but none of them actually work.
Get-Process | Where-Object {$_.Path -like "\\$computername\C$\Program Files (x86)\Adobe\Adobe Reader 10.0\Reader\**"} | Stop-Process -Force
This is the second line I've found but still does not want to work with me :)
Get-WmiObject Win32_Process -Filter "ExecutablePath LIKE '\\$computername\C$\Program Files (x86)\Adobe\Adobe Reader 10.0\Reader\'" -ComputerName $computername | Invoke-WmiMethod -Name Terminate
I will be happy to get some advice. Belive that this is something rather simple to do..I hope that is.. :)
Something like this should work:
(Get-WmiObject Win32_Process -ComputerName $computerName | ?{ $_.ExecutablePath -like "*Program Files (x86)\Adobe\Adobe Reader 10.0\Reader*" }).Terminate()
You might have to tweak the "like" expression, however.
Another way to approach this is to run that command local to the machine with PSRemoting.
Invoke-Command $computername -script {
Get-Process | Where-Object {$_.Path -like "c:\Program Files (x86)\Adobe\Adobe Reader 10.0\Reader\*"} | Stop-Process -Force
}
So I'm trying to return a list of running process' descriptions on a machine which I can do no problem via get-process | select description
However, when I try: get-process -computer remote | select description nothing is returned, only empty strings.
Is there a reason for this?
Thanks
Well, if you take a look at how the description is retrieved, it will all get clearer:
PS> gps | gm | where {$_.name -eq 'description'} | select Definition
TypeName: System.Diagnostics.Process
Definition
----------
System.Object Description {get=$this.Mainmodule.FileVersionInfo.FileDescription;}
This accesses Process.MainModule for which the documentation has to say that it throws a NotSupportedExcetion in the following case:
You are trying to access the MainModule property for a process that is running on a remote computer. This property is available only for processes that are running on the local computer.
So the attempt to retrieve the description fails for remote processes.
Maybe with WMI and the GetVersionInfo method:
$ComputerName = 'server1'
Get-WmiObject Win32_Process -ComputerName $ComputerName |
Select-Object Name, #{n='Description';e={ [System.Diagnostics.FileVersionInfo]::GetVersionInfo( ($_.ExecutablePath -replace '^(.):',"\\$ComputerName\$`1$")).FileDescription }}
After experimenting with get-process I wrote the below script to show what it 'viewable' via a remote session
get-process -computer computer | select * | where {$_.name -match "tskmgr"}
How can I get the Windows service startup type using PowerShell and not using WMI?
I looked inside the Get-Service command, and it does not provide something to display the "startup type".
With PowerShell version 4:
You can run a command as given below:
Get-Service | select -property name,starttype
WMI is the way to do this.
Get-WmiObject -Query "Select StartMode From Win32_Service Where Name='winmgmt'"
Or
Get-WmiObject -Class Win32_Service -Property StartMode -Filter "Name='Winmgmt'"
In PowerShell you can use the command Set-Service:
Set-Service -Name Winmgmt -StartupType Manual
I haven't found a PowerShell command to view the startup type though. One would assume that the command Get-Service would provide that, but it doesn't seem to.
You can use also:
(Get-Service 'winmgmt').StartType
It returns just the startup type, for example, disabled.
As far as I know there is no “native” PowerShell way of getting this information. And perhaps it is rather the .NET limitation than PowerShell.
Here is the suggestion to add this functionality to the version next:
https://connect.microsoft.com/PowerShell/feedback/details/424948/i-would-like-to-see-the-property-starttype-added-to-get-services
The WMI workaround is also there, just in case. I use this WMI solution for my tasks and it works.
Once you've upgraded to PowerShell version 5 you can get the startup type.
To check the version of PowerShell you're running, use $PSVersionTable.
The examples below are for the Windows Firewall Service:
For the local system
Get-Service | Select-Object -Property Name,Status,StartType | where-object {$_.Name -eq "MpsSvc"} | Format-Table -auto
For one remote system
Get-Service -ComputerName HOSTNAME_OF_SYSTEM | Select-Object -Property MachineName,Name,Status,StartType | where-object {$_.Name -eq "MpsSvc"} | Format-Table -auto
For multiple systems (must create the systems.txt)
Get-Service -ComputerName (Get-content c:\systems.txt) | Select-Object -Property MachineName,Name,Status,StartType | where-object {$_.Name -eq "MpsSvc"} | Format-Table -auto
Use:
Get-Service BITS | Select StartType
Or use:
(Get-Service -Name BITS).StartType
Then
Set-Service BITS -StartupType xxx
[PowerShell 5.1]
If you update to PowerShell 5 you can query all of the services on the machine and display Name and StartType and sort it by StartType for easy viewing:
Get-Service |Select-Object -Property Name,StartType |Sort-Object -Property StartType
You can also use the sc tool to set it.
You can also call it from PowerShell and add additional checks if needed.
The advantage of this tool vs. PowerShell is that the sc tool can also set the start type to auto delayed.
# Get Service status
$Service = "Wecsvc"
sc.exe qc $Service
# Set Service status
$Service = "Wecsvc"
sc.exe config $Service start= delayed-auto
It is possible with PowerShell 4.
Get-Service *spool* | select name,starttype | ft -AutoSize
screenshot
By default StartType is not shown by Get-Service, but you can always explicitly ask for it:
Get-Service | select StartType,DisplayName | sort StartType,DisplayName
Use Get-Service | Get-Member to see all available fields.