Homepage 5 How-to Articles 5 How to Get a List of Running Processes on Domain Computers

How to Get a List of Running Processes on Domain Computers

Manage remote endpoints, deploy software and patches with Action1 cloud RMM solution.

Sign up and use free on up to 50 endpoints with no functionality limits or expiration.

October 26, 2018
Getting a list of running processes on all endpoints is a very common task that is typically required in virus attack investigations, performance analysis and other projects. Win32 provides several ways to list running processes. Unfortunately, there is no single way to work on all Win32 platforms. Programmers have to combine several methods in one program so that it works on all versions of Windows. Information about running system processes should include Windows process name, process ID, executable file location and some other data. System utilities, text and image editors, browsers and RSS aggregators, cryptographers and mail clients, all of these, and many other types of programs have one common function that does not depend on the purpose of the application, namely printing. For programs, one way or another dealing with content that can be displayed on analog media, the print function is considered almost non-mandatory. But there are exceptions. Take, for example, the standard Windows Task Manager or process explorer remote computer. Despite the fact that the information displayed on processes tab may well be printed out, you will not find the usual ‘Print’ command in it. But what if you suddenly need to print a list of current processes? Do not rewrite them one by one into a text file! In fact, listing the processes, services, and other system information to a file (print) is very simple. The easiest way is to use special software, for example, Action1 RMM. This manual describes actions to create a list of running processes. 1. Execute WMI Query in ROOT\CIMV2 Namespace: – Launch WMI Explorer or any other tool which can run WMI queries. – Run WMI query: SELECT * FROM Win32_Process 2. Open WMIC Command-line Interface: – Press WIN+R – Type “wmic”, press Enter – In wmic command line tool type: /node:RemoteComputerName process 3. Run This Simple Windows Powershell Script: – thru WMI object: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Process -Computer RemoteComputerName 4. Use Following Code to Select Specific Columns: – execute: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Process -Computer RemoteComputerName | Select-Object Name, ProcessId, PSComputerName 5. Sort the Results Using the Line Below: – invoke command: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Process -Computer RemoteComputerName | Select-Object Name, ProcessId, PSComputerName | Sort-Object Name 6. The Next Code Helps to Filter Results: – use it: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Process -Computer RemoteComputerName | Select-Object Name, ProcessId, PSComputerName | Where-Object -FilterScript {$_.Name -like “putty.exe”} 7. Save Results to CSV File: – run: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Process -Computer RemoteComputerName | Select-Object Name, ProcessId, PSComputerName | Export-CSV “c:\file.csv” -Append -NoTypeInformation 8. The Next Step Is to Query Multiple Computers: – computers from a text file: Get-Content -Path c:\computers.txt | ForEach-Object {Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Process -Computer $_} – computers from AD domain: Get-ADComputer -Filter {OperatingSystem -Like ‘Windows 10*’} | ForEach-Object {Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Process -Computer $_.Name}

Related Articles

How To Delete User Profiles Remotely with PowerShell

When a user logs onto the computer for the first time (not via the network to access shared folders or printers), Windows creates a user profile. Among its contents are the NTUSER.DAT file (user profile settings), user-specific folders (My Documents, Desktop, etc.),...

About Action1 RMM

Action1 RMM is a cloud-based IT solution for remote monitoring and management, patching, and remote support.

Start your free two-week trial of Action1, or use RMM tools for free forever on 50 endpoints with no functionality limitations!


Submit a Comment

Your email address will not be published.

cloud patch management solutions action1

MSP Solution

Centralize endpoint management and boost efficiency of IT service delivery.

automated server patch management action compliance

Patch Management

Identify and deploy missing OS and third-party software updates.

cloud software deployment tools windows

Software Deployment

Distribute software and updates across managed endpoints.

software distribution tools software inventory action1

IT Asset Inventory

Keep a detailed inventory and manage hardware and software assets.

web client remote desktop

Remote Desktop

Support users via seamless remote desktop connection.

web based rdp client

Unattended Access

Provide administrative support and manage remote devices.

automated patch management action1

Endpoint Management

Run PowerShell, custom scripts, reboot computers and restart services.

API integrations action1


Integrate Action1 RMM to your IT ecosystem.

computer inventory tool for compliance

Reports and Alerts

Conduct endpoint security audits with comprehensive reporting.