PowerShell, Scripting, wmi
comments 3

Watch-Process: PowerShell to monitor local or remote process creation or deletion

After answering this question on StackOverflow, I started writing a simple function, for my own use, to monitor remote process creation or termination. I do lot of SharePoint installs on remote machines in my lab environment. This involves installing prerequisite software and SharePoint 2010 bits. I need a way to wait for the remote process to terminate and then do something based on the exit code of the process. This function is very useful to me. I don’t have to worry about event registrations every time I want to monitor a remote process. For the sake of sharing with others, I added monitoring of remote process creation also.

If you think you can do this using Wait-Process, go head and explore it yourself.

So, here it is:

PoshCode: http://poshcode.org/2560

Update1: removed if ($computerName -eq “.”) check. Thanks to @cjwarwickps for the quick feedback.

Update2: This results in a blocking call. This means, if you embed a call to Watch-Process in your script, your script just waits for this to complete before proceeding. I have not tested this with background jobs yet.

Update3: As Doug points out in the comments, you can use Start-Job to run Watch-Process in the background job.

You can either monitor process creation or process termination. When monitoring process creation, you must specify the name of the process. For example, notepad.exe. When monitoring process termination, you can specify process name or process ID. This applies to both local and remote processes. By default, if -computerName if not provided, a local process monitor will be started. The moment an event arrives (either creation or deletion), the monitor will simply return the event and exit.

Couple things you  must know:

  • I am not checking if the remote computer can be reached or not.
  • I am not checking if you have privileges to connect to the WMI namespace on the remote computer.
  • I am not checking if the PID you provided really exists on the remote system or not.
  • I am not checking if multiple processes (for example, more than one notepad.exe) exist on the remote system when looking for termination events. So, when any of those processes exit, the event gets fired.
  • Also, there is no ability to continuously monitor for process creation or deletion.

This is primarily designed for my lab environment and I am sharing it as is here. I may add those features in future.

This is how I use it:

Here is a quick video on how to use this function:

httpvh://www.youtube.com/watch?v=W5EI2wZOWQo

Hope you find this helpful.

Filed under: PowerShell, Scripting, wmi

by

Ravikanth is a principal engineer and the lead architect for Microsoft and VMware virtualized and hybrid cloud solutions within the Infrastructure Solutions Group at Dell EMC. He is a multi-year recipient of Microsoft Most Valuable Professional (MVP) award in Windows PowerShell (CDM) and Microsoft Azure. Ravikanth is the author of Windows PowerShell Desired State Configuration Revealed (Apress) and leads Bangalore PowerShell and Bangalore IT Pro user groups. He can be seen speaking regularly at local user group events and conferences in India and abroad.