{"id":53913,"date":"2009-04-22T23:15:00","date_gmt":"2009-04-22T23:15:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2009\/04\/22\/hey-scripting-guy-how-can-i-identify-and-delete-an-instance-of-a-process\/"},"modified":"2009-04-22T23:15:00","modified_gmt":"2009-04-22T23:15:00","slug":"hey-scripting-guy-how-can-i-identify-and-delete-an-instance-of-a-process","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/hey-scripting-guy-how-can-i-identify-and-delete-an-instance-of-a-process\/","title":{"rendered":"Hey, Scripting Guy! How Can I Identify and Delete an Instance of a Process?"},"content":{"rendered":"

\"Hey, <\/H2>\n

Hey, Scripting Guy! I want to do a query for a process, and if the process is running, I want to delete that process. I know I could write a script by using WMI, but is there something native to Windows PowerShell that I can use to find and to delete the process? Next question: what if there is more than one process I have to delete? Can I find those processes and delete them? I remain your humble youngling<\/A>.

– RB<\/P>\"Spacer\"\"Hey, \n

Hi RB,<\/P>\n

Yes, the force is strong with this one. We can sense it by the calm aura that pervades the manner of one who possesses such strength. Such power does not have to be flashy, as is exhibited by this creature:<\/P>\"Image \n

 <\/P>\n

Windows PowerShell is not flashy, but do not mistake it for a mere replacement for the command prompt. The real power of Windows PowerShell is in the way that we can use one command to feed into another command. Mastering the pipeline unlocks the key to excellent capabilities (kind of like mastering the lightsaber<\/A> is essential for younglings).<\/P>\n\n<\/THEAD>\n\n\n
\n

This week we will be looking at the basics of Windows PowerShell. Windows PowerShell is installed by default on Windows 7 and Windows Server 2008 R2. It is an optional installation on Windows Server 2008 and a download for Windows Vista<\/A>, Windows XP<\/A>, and Windows Server 2003<\/A>. The Windows PowerShell Scripting Hub<\/A> is a good place to get started with Windows PowerShell.<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n

<\/DIV>\n

We are not sure that telling you to close your eyes and feel the pipeline would do much good. Neither would exhortations to become one with the pipeline. Therefore, we will provide some examples to show by using the Windows PowerShell pipeline. If we want to obtain information about the Notepad process (assuming that Notepad is actually running), we use the Get-Process<\/B> cmdlet:<\/P>

Get-Process Notepad<\/PRE>\n
We do not have to specify the \u2013name<\/B> parameter if we do not want to do this, because the \u2013name<\/B> parameter is the default parameter with Get-Process<\/B>. We can type the \u2013name<\/B> parameter and get information about the Notepad process. This is seen here:<\/P>
PS C:\\> Get-Process -name notepad<\/p>\n
Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName\n——-  ——    —–      —– —–   ——     — ———–\n     47       2      976       3512    59     0.10   3960 notepad\n<\/PRE>\n
To stop the Notepad process, we use the Stop-Process<\/B> cmdlet. If, however, we are not used to using the \u2013name<\/B> parameter with the Get-Process<\/B>, cmdlet we will receive a shock when we try the same syntax with Stop-Process<\/B>:<\/P>
PS C:\\> Stop-Process notepad\nStop-Process : Cannot bind parameter ‘Id’. Cannot convert value “notepad” to ty\npe “System.Int32”. Error: “Input string was not in a correct format.”\nAt line:1 char:13\n+ Stop-Process <<<<  notepad\n    + CategoryInfo          : InvalidArgument: (:) [Stop-Process], ParameterBi\n   ndingException\n    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerSh\n   ell.Commands.StopProcessCommand\n<\/PRE>\n
The reason for the error is that the \u2013name<\/B> parameter occupies the first position for the Get-Process<\/B> cmdlet, and the \u2013id<\/B> parameter is the first position parameter for the Stop-Process<\/B> cmdlet. When we did not use any named parameters, the Stop-Process<\/B> cmdlet looked for a process with the process ID of “notepad” which is not an integer, and this caused the error. The \u2013name<\/B> parameter is a named parameter in the Stop-Process<\/B> cmdlet. This means if we want to use the name of a process to stop, we must specify the \u2013name<\/B> parameter. This is seen here:<\/P>
Stop-Process -name notepad<\/PRE>\n
To avoid these kinds of errors, you can always use parameters (which is a best practice when you write scripts), or you can use the pipeline. The advantage of using the pipeline is that you do not have to worry about all the parameters. You can use Windows PowerShell to find the process that you are interested in, and pipeline the results of the first command to the second command that will stop the process. This is seen here:<\/P>
Get-Process notepad | Stop-Process<\/PRE>\n
A session that starts an instance of Notepad, identifies the Notepad process, and then deletes that process is seen here:<\/P>\"Image \n
 <\/P>\n
You can use wildcard characters to identify processes. This technique can be both dangerous and useful. Here is an example of using wildcard characters to simplify finding all the Notepad processes:<\/P>
PS C:\\> Get-Process note*<\/p>\n
Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName\n——-  ——    —–      —– —–   ——     — ———–\n     47       2      976       3464    59     0.05   2056 notepad\n     47       2      976       3488    59     0.09   3292 notepad\n<\/PRE>\n
You can then pipeline the result to the Stop-Process<\/B> cmdlet and stop all instances of the Notepad process that are running on the computer:<\/P>
Get-Process note* | Stop-Process<\/PRE>\n
An example of working with processes by using wildcard characters is seen here:<\/P>\"Image \n
 <\/P>\n
Using wildcard characters can be dangerous if you are not careful. An example of such a dangerous command is seen here where we get a list of all the processes that are running on the computer, and pipeline them to the Stop-Process<\/B> cmdlet. This will stop every process that is running on the computer, which for most operating systems will cause the computer to shut down (on Windows Vista and later, this command would have to be run with administrative rights). <\/P>
Get-Process * | Stop-Process<\/PRE>\n
Of course, if you want to shutdown the operating system it is best to use the shutdown method from the Win32_OperatingSystem<\/B> WMI class. <\/P>\n
Suppose we have several instances of Notepad that are running. One instance has been running for a while and has consumed more CPU time than the other process. We can get this information as seen here:<\/P>
PS C:\\> Get-Process notepad<\/p>\n
Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName\n——-  ——    —–      —– —–   ——     — ———–\n     47       2      976       3452    59     0.10   2688 notepad\n     49       2     1160       3936    60     1.13   3984 notepad\n<\/PRE>\n
Whereas we could definitely use the process ID\u20143984 in this example\u2014to stop the process that is using the most CPU time, we may not want to type two separate commands (or perhaps we want to automate the task of stopping a process that is using too much CPU time). To do this, we pipeline the results of the first query to the Where-Object<\/B> cmdlet. We can use the alias for Where-Object<\/B>, which is just Where<\/B>. The alias eliminates some typing that is required for this command without sacrificing any readability. If we were not worrying about readability, we could use gps<\/B> as an alias for the Get-Process<\/B> cmdlet, and we could use ?<\/B> as the alias for the Where-Object<\/B>. The short command is shown the Where-Object<\/B>. The short command is shown here:<\/P>\n
PS C:\\> gps notepad | ? { $_.cpu -gt 1 }

Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
——- —— —– —– —– —— — ———–
47 2 1316 4080 60 1.38 2420 notepad<\/P>\n
The way I generally type the command is to spell out Get-Process<\/B> (I use tab completion to spell it out: I only have to type Get-p<\/B> and then I press the TAB key.) The Where-Object<\/B> cmdlet is used to filter the process objects as they come across the pipeline. Each instance of a process with the name of Notepad<\/B> is returned by the Get-Process<\/B> cmdlet. As the process comes across the pipeline, the $_<\/B> automatic variable represents the current process object on the pipeline. This enables us to examine the properties of the process object. We inspect the amount of CPU time that is being used by the process to see whether it exceeds 1. If it does, the filter will enable the process object to continue. In the example seen here we display basic information about the process on the console:<\/P>
PS C:\\> Get-Process notepad | Where { $_.cpu -gt 1 }<\/p>\n
Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName\n——-  ——    —–      —– —–   ——     — ———–\n     49       2     1160       3936    60     1.13   3984 notepad\n<\/PRE>\n
If we are not sure which properties are available for us to use in the Where-Object<\/B> filter, we can use the Get-Member<\/B> cmdlet. If we select the properties, we will eliminate the methods. This command is seen here: <\/P>
PS C:\\> Get-Process | Get-Member -MemberType property<\/PRE>\n
However, we will also miss the instances of ScriptProperty<\/B> and AliasProperty<\/B>. To make sure we can find the other properties that were added by the Windows PowerShell team, we use a wildcard character in front of the MemberType<\/B> property. The CPU property is one that was added by the Windows PowerShell team. It is a ScriptProperty<\/B>. This is seen This is seen here:<\/P>
PS C:\\> Get-Process | Get-Member -MemberType *property<\/p>\n
   TypeName: System.Diagnostics.Process<\/p>\n
Name                       MemberType     Definition\n—-                       ———-     ———-\nHandles                    AliasProperty  Handles = Handlecount\nName                       AliasProperty  Name = ProcessName\nNPM                        AliasProperty  NPM = NonpagedSystemMemorySize\nPM                         AliasProperty  PM = PagedMemorySize\nVM                         AliasProperty  VM = VirtualMemorySize\nWS                         AliasProperty  WS = WorkingSet\n__NounName                 NoteProperty   System.String __NounName=Process\nBasePriority               Property       System.Int32 BasePriority {get;}\nContainer                  Property       System.ComponentModel.IContainer C…\nEnableRaisingEvents        Property       System.Boolean EnableRaisingEvents…\nExitCode                   Property       System.Int32 ExitCode {get;}\nExitTime                   Property       System.DateTime ExitTime {get;}\nHandle                     Property       System.IntPtr Handle {get;}\nHandleCount                Property       System.Int32 HandleCount {get;}\nHasExited                  Property       System.Boolean HasExited {get;}\nId                         Property       System.Int32 Id {get;}\nMachineName                Property       System.String MachineName {get;}\nMainModule                 Property       System.Diagnostics.ProcessModule M…\nMainWindowHandle           Property       System.IntPtr MainWindowHandle {get;}\nMainWindowTitle            Property       System.String MainWindowTitle {get;}\nMaxWorkingSet              Property       System.IntPtr MaxWorkingSet {get;s…\nMinWorkingSet              Property       System.IntPtr MinWorkingSet {get;s…\nModules                    Property       System.Diagnostics.ProcessModuleCo…\nNonpagedSystemMemorySize   Property       System.Int32 NonpagedSystemMemoryS…\nNonpagedSystemMemorySize64 Property       System.Int64 NonpagedSystemMemoryS…\nPagedMemorySize            Property       System.Int32 PagedMemorySize {get;}\nPagedMemorySize64          Property       System.Int64 PagedMemorySize64 {get;}\nPagedSystemMemorySize      Property       System.Int32 PagedSystemMemorySize…\nPagedSystemMemorySize64    Property       System.Int64 PagedSystemMemorySize…\nPeakPagedMemorySize        Property       System.Int32 PeakPagedMemorySize {…\nPeakPagedMemorySize64      Property       System.Int64 PeakPagedMemorySize64…\nPeakVirtualMemorySize      Property       System.Int32 PeakVirtualMemorySize…\nPeakVirtualMemorySize64    Property       System.Int64 PeakVirtualMemorySize…\nPeakWorkingSet             Property       System.Int32 PeakWorkingSet {get;}\nPeakWorkingSet64           Property       System.Int64 PeakWorkingSet64 {get;}\nPriorityBoostEnabled       Property       System.Boolean PriorityBoostEnable…\nPriorityClass              Property       System.Diagnostics.ProcessPriority…\nPrivateMemorySize          Property       System.Int32 PrivateMemorySize {get;}\nPrivateMemorySize64        Property       System.Int64 PrivateMemorySize64 {…\nPrivilegedProcessorTime    Property       System.TimeSpan PrivilegedProcesso…\nProcessName                Property       System.String ProcessName {get;}\nProcessorAffinity          Property       System.IntPtr ProcessorAffinity {g…\nResponding                 Property       System.Boolean Responding {get;}\nSessionId                  Property       System.Int32 SessionId {get;}\nSite                       Property       System.ComponentModel.ISite Site {…\nStandardError              Property       System.IO.StreamReader StandardErr…\nStandardInput              Property       System.IO.StreamWriter StandardInp…\nStandardOutput             Property       System.IO.StreamReader StandardOut…\nStartInfo                  Property       System.Diagnostics.ProcessStartInf…\nStartTime                  Property       System.DateTime StartTime {get;}\nSynchronizingObject        Property       System.ComponentModel.ISynchronize…\nThreads                    Property       System.Diagnostics.ProcessThreadCo…\nTotalProcessorTime         Property       System.TimeSpan TotalProcessorTime…\nUserProcessorTime          Property       System.TimeSpan UserProcessorTime …\nVirtualMemorySize          Property       System.Int32 VirtualMemorySize {get;}\nVirtualMemorySize64        Property       System.Int64 VirtualMemorySize64 {…\nWorkingSet                 Property       System.Int32 WorkingSet {get;}\nWorkingSet64               Property       System.Int64 WorkingSet64 {get;}\nCompany                    ScriptProperty System.Object Company {get=$this.M…\nCPU                        ScriptProperty System.Object CPU {get=$this.Total…\nDescription                ScriptProperty System.Object Description {get=$th…\nFileVersion                ScriptProperty System.Object FileVersion {get=$th…\nPath                       ScriptProperty System.Object Path {get=$this.Main…\nProduct                    ScriptProperty System.Object Product {get=$this.M…\nProductVersion             ScriptProperty System.Object ProductVersion {get=…\n<\/PRE>\n
As soon as we have the filter working correctly and we see that it is returning the results that we are interested in obtaining, we can just pipeline the resulting process object to the Stop-Process<\/B> cmdlet. This is shown here:<\/P>
PS C:\\> Get-Process notepad | Where { $_.cpu -gt 1 } | Stop-Process<\/PRE>\n
The ability to add pipelines together, by feeding the results of one pipeline into another pipeline as shown earlier, is where we obtain the real power of Windows PowerShell. It is a new concept for people who have a Windows background, but is something that people have done for years in other consoles. The big difference is that we pass objects through the pipeline, and not merely text. Join us tomorrow as we continue our Windows PowerShell Basics Week. Until then, peace. <\/P>\n
 <\/P>\n
Ed Wilson and Craig Liebendorfer, Scripting Guys<\/B><\/P><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! I want to do a query for a process, and if the process is running, I want to delete that process. I know I could write a script by using WMI, but is there something native to Windows PowerShell that I can use to find and to delete the process? Next question: […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[51,3,4,45],"class_list":["post-53913","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-getting-started","tag-scripting-guy","tag-scripting-techniques","tag-windows-powershell"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! I want to do a query for a process, and if the process is running, I want to delete that process. I know I could write a script by using WMI, but is there something native to Windows PowerShell that I can use to find and to delete the process? Next question: […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/53913","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=53913"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/53913\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=53913"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=53913"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=53913"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}