Contact

Subscribe via Email

Subscribe via RSS/JSON

Categories

Recent Posts

Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan

Elsewhere

Finding all processes on a remote computer that belong to a particular user

Say you want to find all processes on a machine belonging to a particular user. This is the reverse of what we tried earlier – getting the owner of a particular process.

Here’s a one-liner to do that:

Of course replace $computer and $user appropriately.

Killing a process on a remote computer using PowerShell

Killing a process on a local computer is easy.

Or:

Or:

You get the idea …

But neither of these work on a remote computer!

The stop-process cmdlet doesn’t support the -ComputerName switch, so the second method doesn’t even work remotely. The third method fails with an error Stop-Process : Feature is not supported for remote machines and the first method fails with an error Exception calling "Kill" with "0" argument(s): "Feature is not supported for remote machines.".

So it’s back to our old friend WMI for killing processes on remote computers. The objects returned via WMI contain a Terminate method which we can make use of:

The snippet above terminates all processes with the name “notepad” on the remote computer “mango”.

If you are curious about what other methods are available when dealing with the Process class using WMI, do the following:

Finding a process owner using PowerShell

The get-process cmdlet can be used to view processes. It works remotely too via the -ComputerName switch and for Unix aficionados there’s a handy ps alias. So it’s very easy to do something like the below to list all “explorer.exe” process on a remote computer “mango”.

The problem arises when you want to find the owner of such processes. Oddly enough the process objects returned by get-process don’t have a property or method to find the owner info so we have to resort to WMI to find that. Specifically, the WMI class Process.

Reformulating the above example in terms of WMI, we have the following:

The output returned via WMI looks different compared to the output returned via get-process. If you pipe this output through the get-member cmdlet you’ll see there’s a method that lets you get the process owner.

The GetOwner method is what we are interested in. Invoke it thus:

The method returns a list of properties, of which the User property is what we are after. So here’s how we extract just that in a one-liner.