Get-Process and Process Owner

Question

I'm trying to sort a script that will retrieve all instances of a process and the respective owners of the process.

I have a script to get the process name and start time:

get-process -name notepad | select-object starttime,name

I have a script to get the process owner:

$process = (Get-CimInstance Win32_Process -Filter "name = 'notepad.exe'")
$owner = Invoke-CimMethod -InputObject $process -MethodName GetOwner | select user | ft -HideTableHeaders

However, when I create a property and put it all together, I get a result which I'm almost certain relates to formatting:

$process = (Get-CimInstance Win32_Process -Filter "name = 'notepad.exe'")
$owner = Invoke-CimMethod -InputObject $process -MethodName GetOwner | select user | ft -HideTableHeaders

get-process -name notepad | select-object starttime,name,@{n='Owner';e={$owner}}

Result:

StartTime                                                               Name                                                                   Owner                                                                 
---------                                                               ----                                                                   -----                                                                 
31/01/2017 14:44:57                                                     notepad                                                                {Microsoft.PowerShell.Commands.Internal.Format.FormatStartData, Mic...

From reading around, it appears to be with the formatting of $owner, but I can't for the life of me figure it out. Any ideas?

Answer 1

In my personal opinion this the easiest way:

Based on a common tool like tasklist, you can run in powershell:

$a_tasks= tasklist /v /fo csv | convertfrom-csv

now, in $a_tasks variable, you have all the running process running in your system.

The tasklist parameter "/v" show detailed list of tasks.

The tasklist parameter "/fo csv" show that detailed list in csv format.

The piped command "convertfrom-csv" convert the detailed output in csv format to "internal powershell format".

Then you can access the specific fields that you need.

for example, if your windows os is in English:

$a_tasks | select pid, "image name", "session name", "user name", "mem usage"

or if your windows os is in Spanish:

$a_tasks | select "pid", "nombre de imagen", "nombre de sesión", "nombre de usuario", "uso de memoria"

In general you can show your field names using the following command, useful for os languages other than English:

$a_tasks | gm

Now, if you want to save the output in a json format:

$a_tasks | convertto-json | out-file "mytaks.json" -encoding ascii

or if you only want to save in csv:

$a_tasks | convertto-csv -notypei | out-file "mytaks.csv" -encoding ascii

Regards.

Answer 2

Another way:

$owners = @{} 
gwmi win32_process |% {try {$owners[$_.handle] = $_.getowner().user} catch{} } 
(get-process | select processname,Id,@{l="Owner";e={$owners[$_.id.tostring()]}})

Answer 3

Format-Table turns your object into formatted strings, which is great for displaying and for outputting to text files, will mess up any objects that you want to pass. So be careful with any of the format commands. Also since you might want to expand the users property.

$process = (Get-CimInstance Win32_Process -Filter "name = 'notepad.exe'")
$owner = Invoke-CimMethod -InputObject $process -MethodName GetOwner | select -ExpandProperty user
get-process -name notepad | select-object starttime,name,@{n='Owner';e={$owner}}