Category filter
Script to list running processes on Windows devices
An endless number of processes and programs run constantly on a device, both in the foreground and the background. A process is an instance of an executing program or a set of instructions that on execution helps obtain a desired outcome. Using Hexnode’s Execute Custom Script feature, the system administrator can deploy custom scripts to fetch filtered information about processes based on their memory usage, CPU time, process owner, etc., across all the deployed Windows devices via the Hexnode portal.
The sample scripts provided below are adapted from third-party open-source sites.
Batch script
To view the list of all running processes on a Windows device, use the following script. It will fetch the Image name (the name of the process with extension) and other details about each process.
|
1 |
tasklist |
The tasklist command is used to display a list of currently running processes on the local computer or a remote computer.
You can also include different parameters in the script to apply different filters, and/or obtain the output in your desired format.
fo: It specifies the format to use for the output. The valid values are table, list, and CSV. The default format for output is a table.fi: It specifies the types of processes to include in or exclude from the query.
Hence, if you would like to obtain the data in a list format, you can deploy the following script.
|
1 |
tasklist /fo list |
If you would like to list processes that are occupying more than a certain amount of memory, you can deploy the following script.
|
1 |
tasklist /fo list /fi "MEMUSAGE gt 'Memory usage in KB'" |
You can also filter the processes based on CPU time/process time, i.e., the time taken by the CPU to process a program.
|
1 |
tasklist /fo list /fi "CPUtime gt 'time in the format HH:MM:SS'" |
For example, tasklist /fo list /fi “CPUtime gt 00:01:00” will list all running processes that have CPU time greater than 1 minute in list format.
PowerShell script
To list all the running processes on a Windows device, you can use the following script. It will fetch the ProcessName and other details related to each process.
|
1 |
Get-Process |
The Get-Process cmdlet gets the processes on a local or remote computer.
However, the output obtained by the above script may contain a bunch of other details about the processes as well. You can use the following command to just list the names of the processes.
|
1 |
Get-Process | Select ProcessName |
You can also fetch properties of a particular process by specifying the process name. For the process name of the concerned process, refer to the list of running processes obtained from the previous script.
|
1 |
Get-Process 'ProcessName' | Format-List * |
For example, Get-Process msedge | Format-List *
Format-List * displays all the available properties in a list format.
A device may be host to multiple user accounts, and some processes may be unique to a user. Using the following script, you can determine the owner of a process.
|
1 |
Get-Process 'ProcessName’ -IncludeUserName | Select UserName, ProcessName |
For example, Get-Process msedge -IncludeUserName | Select UserName, ProcessName
- It is recommended to manually validate the script execution on a system before executing the action in bulk.
- Hexnode UEM will not be responsible for any damage/loss to the system on the behaviour of the script.
