When I run this command
PS C:\> gwmi Win32_Process | select CommandLine
It cuts off the command line. How can I get it to show the full command line?
That being done by the default formatting, which is using Format-Table. Try format-list
gwmi win32_process | select commandline | format-list
Alternatively Format-Table offers the -wrap and -autosize parameters.
gwmi win32_process | select handle, commandline | ft -wrap -autosize
Results
466 %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=bas
esrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileContro
l=Off MaxRequestThreads=16
550 wininit.exe
510 %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=bas
esrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileContro
l=Off MaxRequestThreads=16
546 C:\Windows\system32\services.exe
596 C:\Windows\system32\lsass.exe
3472 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
1766 "C:\Windows\system32\notepad.exe"
3384 "C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe"
1780 \??\C:\Windows\system32\conhost.exe
You're better off filtering for specific process which can be done via PID or Process Name, both pieces of information are easily obtained from the task manager if you don't already know.
Once you have the PID this will work great:
$PID=<Your Process ID)
(Get-WmiObject win32_process -Filter ProcessId=$PID -Property CommandLine).CommandLine
Example of getting java.exe by process name:
(Get-WmiObject -Class win32_process -Filter "Name='java.exe'" -Property CommandLine).CommandLine
added by barlop
example with output-
PS C:\Users\User> (Get-WmiObject win32_process -Filter ProcessId=1676 -Property CommandLine).CommandLine <ENTER>
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,1777349067310493
8616,10462310811264875730,131072 --lang=en-GB --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --devi
ce-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=1695 --no-v8-untrust
ed-code-mitigations --mojo-platform-channel-handle=11412 /prefetch:1
PS C:\Users\User>
This is a frequently asked question about how powershell formats output. Aside from making the window bigger:
gwmi Win32_Process | % CommandLine
sihost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
Related
I need a batch script to taskkill by "Command Line" arguments ("Command Line" from Windows Task Manager). To clarify - these processes are dotnet core applications. They are started via:
dotnet MyDotnetCoreApp.dll xxx yyy
If you examine under Task Managers,
Name = dotnet.exe
Image path name = C:\Program Files\dotnet\dotnet.exe
Command line = dotnet MyDotnetCoreApp.dll xxx yyy
I need a batch script to kill these tasks, probably with taskkill
OPTION 1 is Taskkill by PID but how my script search "Command Line" arguments for MyDotnetCoreApp?
OPTION 2 is taskkill by Image Name? This is no go as my server has many dotnet core applications, if kill my Image Name, all dotnet core processes be killed
I been researching:
https://superuser.com/questions/415360/how-do-i-find-out-command-line-arguments-of-a-running-program
https://www.itprotoday.com/powershell/powershell-contains
I can't get this to work, not good at PowerShell:
Get-WmiObject Win32_Process -Filter "name = 'dotnet.exe'" | Select-Object Handle
Here'd get a list of PIDs with which to kill.
Two challenges:
First Challenge, my WHERE clause dont work:
Get-WmiObject Win32_Process -Filter "name = 'dotnet.exe'" | where {$_.CommandLine -like '*MyDotnetCoreApp*'} | Select-Object Handle
I checked further, found out these "CommandLine" was NOT populated for these WmiObjects (omg!):
Get-WmiObject Win32_Process -Filter "name = 'dotnet.exe'" | Select-Object ProcessId, Name, CSName, Caption, CommandLine, ExecutablePath
I later then found out "CommandLine" would have been populated IF you run Powershell as Administrator!?! (Powershell so cryptic!)
In the end - First challenged was resolved:
Get-WmiObject Win32_Process -Filter "name = 'dotnet.exe'" | where {$_.CommandLine -like '*MyDotnetApp*'} | Select-Object ProcessId, Name, CSName, Caption, CommandLine, ExecutablePath
Second Challenge: How to kill it? Found it!!
(Get-WmiObject Win32_Process -Filter "name = 'dotnet.exe'" | where {$_.CommandLine -like '*MyDotnetCoreApp*'}).Terminate()
So this is actually resolved!
Run Powershell as Administrator! Download psexec from https://learn.microsoft.com/en-us/sysinternals/downloads/psexec
psexec -u Administrator -p SomeSecret powershell
Then from Powershell:
(Get-WmiObject Win32_Process -Filter "name = 'dotnet.exe'" | where {$_.CommandLine -like '*MyDotnetCoreApp*'}).Terminate()
Now as separate question, can you do this one line? Below wont work because -Filter has quotes in it!
psexec -u Administrator -p SomeSecret powershell -Command "(Get-WmiObject Win32_Process -Filter ""name = 'dotnet.exe'"" | where {$_.CommandLine -like '*MyDotnetCoreApp*'}).Terminate() "
As hacky work around, I removed -Filter clause (How unfortunate, not sure how to escape quotes):
psexec -u Administrator -p SomeSecret powershell -Command "(Get-WmiObject Win32_Process | where {$_.CommandLine -like '*MyDotnetCoreApp*'}).Terminate() "
Works for me as a regular user, unless the process is running as administrator?. Unfortunately, the filter syntax is like sql here, where '%' is the wildcard. Piping to where-object would probably work just as well.
get-wmiobject win32_process -filter "commandline like '%dotnet.exe%MyDotnetCoreApp%'" |
remove-wmiobject
get-wmiobject win32_process | where commandline -like '*dotnet.exe*MyDotnetCoreApp*' |
remove-wmiobject
Goal
Chain commands together and then Out-File to a filename.txt
For example
netstat -s;netstat -r;netstat -bona;netsh advfirewall show allprofiles state;Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime
Display on Screen while writing to file
I know there is a way but when I issue | Out-File
There is this other method but man is the code long
"netstat -s>>filename.txt";netstat -r>>filename.txt";netstat -bona>>filename.txt" ...
Looking for a quick one-liner to perform this operation.
This isn't a one-liner. But you could do this easily by assigning the command to a variable then outputting it to a .txt file
$output = netstat -s;netstat -r;netstat -bona;netsh advfirewall show allprofiles state;Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime
$output | out-file test.txt
You could make it a scriptblock, and immediately invoke it, then pipe to Tee-Object to both write to file and to the pipeline (and thus the screen unless you otherwise redirect it).
{netstat -s;netstat -r;netstat -bona;netsh advfirewall show allprofiles state;Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime}.Invoke() | Tee-Object -FilePath FileName.txt
So my aim is to get the number of cores on the machine my powershell script runs on and work with it as an integer. Some googleing lead me to this nice and simple command to get the number of cores:
Get-WmiObject -Class Win32_ComputerSystem | fl NumberOfLogicalProcessors
Which displays an output like this:
NumberOfLogicalProcessors : 4
Now my issue is, how so I extract the number "4" from this? I tried .Split(":") but the output is not a string so that doesn't work. Next I tried
PS C:\Windows\system32> Get-WmiObject -Class Win32_ComputerSystem | fl NumberOfLogicalProcessors | select NumberOfLogicalProcessors
But this just yields:
"NumberOfLogicalProcessors
--------------------------------------"
Not helpful. What am I missing? What is this Get-WmiObject returning and how do I work with it?
Edit:
Thank you mhu, that did the trick!
Don't use Format-List (fl), but directly select the required property, like this:
Get-WmiObject -Class Win32_ComputerSystem | select "NumberOfLogicalProcessors" -ExpandProperty "NumberOfLogicalProcessors"
As said by Mike, you could shorten this to:
Get-WmiObject -Class Win32_ComputerSystem | select -ExpandProperty "NumberOfLogicalProcessors"
I have a following problem:
I'm in need of a code that will close all running process from a given path on a remote machine.
So far I've found and came up with those 2 lines but none of them actually work.
Get-Process | Where-Object {$_.Path -like "\\$computername\C$\Program Files (x86)\Adobe\Adobe Reader 10.0\Reader\**"} | Stop-Process -Force
This is the second line I've found but still does not want to work with me :)
Get-WmiObject Win32_Process -Filter "ExecutablePath LIKE '\\$computername\C$\Program Files (x86)\Adobe\Adobe Reader 10.0\Reader\'" -ComputerName $computername | Invoke-WmiMethod -Name Terminate
I will be happy to get some advice. Belive that this is something rather simple to do..I hope that is.. :)
Something like this should work:
(Get-WmiObject Win32_Process -ComputerName $computerName | ?{ $_.ExecutablePath -like "*Program Files (x86)\Adobe\Adobe Reader 10.0\Reader*" }).Terminate()
You might have to tweak the "like" expression, however.
Another way to approach this is to run that command local to the machine with PSRemoting.
Invoke-Command $computername -script {
Get-Process | Where-Object {$_.Path -like "c:\Program Files (x86)\Adobe\Adobe Reader 10.0\Reader\*"} | Stop-Process -Force
}
How can I get the Windows service startup type using PowerShell and not using WMI?
I looked inside the Get-Service command, and it does not provide something to display the "startup type".
With PowerShell version 4:
You can run a command as given below:
Get-Service | select -property name,starttype
WMI is the way to do this.
Get-WmiObject -Query "Select StartMode From Win32_Service Where Name='winmgmt'"
Or
Get-WmiObject -Class Win32_Service -Property StartMode -Filter "Name='Winmgmt'"
In PowerShell you can use the command Set-Service:
Set-Service -Name Winmgmt -StartupType Manual
I haven't found a PowerShell command to view the startup type though. One would assume that the command Get-Service would provide that, but it doesn't seem to.
You can use also:
(Get-Service 'winmgmt').StartType
It returns just the startup type, for example, disabled.
As far as I know there is no “native” PowerShell way of getting this information. And perhaps it is rather the .NET limitation than PowerShell.
Here is the suggestion to add this functionality to the version next:
https://connect.microsoft.com/PowerShell/feedback/details/424948/i-would-like-to-see-the-property-starttype-added-to-get-services
The WMI workaround is also there, just in case. I use this WMI solution for my tasks and it works.
Once you've upgraded to PowerShell version 5 you can get the startup type.
To check the version of PowerShell you're running, use $PSVersionTable.
The examples below are for the Windows Firewall Service:
For the local system
Get-Service | Select-Object -Property Name,Status,StartType | where-object {$_.Name -eq "MpsSvc"} | Format-Table -auto
For one remote system
Get-Service -ComputerName HOSTNAME_OF_SYSTEM | Select-Object -Property MachineName,Name,Status,StartType | where-object {$_.Name -eq "MpsSvc"} | Format-Table -auto
For multiple systems (must create the systems.txt)
Get-Service -ComputerName (Get-content c:\systems.txt) | Select-Object -Property MachineName,Name,Status,StartType | where-object {$_.Name -eq "MpsSvc"} | Format-Table -auto
Use:
Get-Service BITS | Select StartType
Or use:
(Get-Service -Name BITS).StartType
Then
Set-Service BITS -StartupType xxx
[PowerShell 5.1]
If you update to PowerShell 5 you can query all of the services on the machine and display Name and StartType and sort it by StartType for easy viewing:
Get-Service |Select-Object -Property Name,StartType |Sort-Object -Property StartType
You can also use the sc tool to set it.
You can also call it from PowerShell and add additional checks if needed.
The advantage of this tool vs. PowerShell is that the sc tool can also set the start type to auto delayed.
# Get Service status
$Service = "Wecsvc"
sc.exe qc $Service
# Set Service status
$Service = "Wecsvc"
sc.exe config $Service start= delayed-auto
It is possible with PowerShell 4.
Get-Service *spool* | select name,starttype | ft -AutoSize
screenshot
By default StartType is not shown by Get-Service, but you can always explicitly ask for it:
Get-Service | select StartType,DisplayName | sort StartType,DisplayName
Use Get-Service | Get-Member to see all available fields.