Get process remotely including username using PowerShell

Posted on by Pawel Janowicz
Get-Process

In today’s article I would like to describe how to get process remotelty used by some specific username. Most of PowerShell admins are familiar with this command but no all knows its paramter called IncludeUserName. Recently I had to check processes under some username on bunch of servers. Below you can find few helpful examples.

Get process locally

Get all processes for some specific user is not difficult. Paramter -IncludeUserName allows to display another column with user details in final output:

-IncludeUserName
Indicates that the UserName value of the Process object is returned with results of the command.
IncludeUserName parameter requires elevated user rights.

More information about Get-Process can be found on Mirocosft docs page.

Get-Process -IncludeUserName 
Get-Process -IncludeUserName -Name Chrome
Get-Process -IncludeUserName | Where-Object {$_.username -match "Pawel.Janowicz"}
Get process remotely

To get this from remote machine we have to place our command inside the Invoke-Command.

#Get process remotely without user information
Get-Process -Computername ADFS01

#Get process remotely include username:
Invoke-Command ADFS01 -ErrorAction Stop -ScriptBlock{ Get-Process -IncludeUserName | Where-Object {$_.username -match "Pawel.Janowicz"} }
Get process function

To get output from all of the machines I prepared simple function. It uses Invoke-Command and results are placed into an array. Results can be displayed in console, new pop-up window or saved to CSV file.

Final script:

Function Get-UserProcess {
        [CmdletBinding()]     
        param ( 
            [Parameter(Position=0, Mandatory = $true, HelpMessage="Provide server names", ValueFromPipeline = $true)] $Computername,
            [Parameter(Position=1, Mandatory = $false, HelpMessage="Provide username", ValueFromPipeline = $false)] $UserName = $env:USERNAME
        ) 
        $Array = @()
        Foreach ($Comp in $Computername) {
            $Comp = $Comp.Trim()
            Write-Verbose "Processing $Comp"
            Try{
                $Procs = $null
                $Procs = Invoke-Command $Comp -ErrorAction Stop -ScriptBlock{param($Username) Get-Process -IncludeUserName | Where-Object {$_.username -match $Username}} -ArgumentList $Username
                If ($Procs) {
                    Foreach ($P in $Procs) {
                        $Object = $Mem = $CPU = $null
                        $Mem = [math]::Round($P.ws / 1mb,1)
                        $CPU = [math]::Round($P.CPU, 1)
                        $Object = New-Object PSObject -Property ([ordered]@{    
                                    "ServerName"             = $Comp
                                    "UserName"               = $P.username
                                    "ProcessName"            = $P.processname
                                    "CPU"                    = $CPU
                                    "Memory(MB)"             = $Mem
                        })
                        $Array += $Object  
                    }
                }
                Else {
                    Write-Verbose "No process found for $Username on $Comp"
                }
            }
            Catch{
                Write-Verbose "Failed to query $Comp"
                Continue
            }
        }
    If ($Array) {
        Return $Array
    }
}

How to use it:

#Usage:
Get-UserProcess -Computername ADFS01,ADFS02,ADFS03 -Verbose | Sort-Object ProcessName 
Get-UserProcess -Computername (GC "C:\temp\servers.txt") -Verbose | Out-GridView -Title "Procs" 
Get-UserProcess -Computername ADFS01,ADFS02,ADFS03 -Username "system" -Verbose | Sort-Object Processname | format-table
Get-UserProcess -Computername ADFS01,ADFS02,ADFS03 -Username "system" -Verbose | Sort-Object Processname | Export-Csv -Path C:\users\$env:username\desktop\results.csv -NoTypeInformation

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.