Using Powershell to identify Child Processes

I got a challenge yesterday on how to identify child processes, and googling it led to the conclusion that this is either not a common issue or no one knows the answer.

My issue was this: if a child process locks up or needs to be killed, how do we identify the process using powershell. The thing about finding child processes is that you need to know who their parents are. In fact, you need to use the parent process id (PID) to identify the child.

How does it work?

First choose how to identify the parent process in Powershell. You can usually use ProcessName, Description, Path etc. Then you need to find any process which has the ParentProcessId of it’s parent (obviously)!

Here’s my solution:

$procid = (Get-WmiObject win32_process | where {$_.ProcessName -eq ‘Powershell.exe’} | select processid)
Get-WmiObject win32_process | where {$_.ParentProcessId -eq $id}

This only identifies the child process, what you’d like to do with it afterwards is your call. Nonetheless, this could help you automate some of the tasks you’ve been using Process Explorer to solve until now.

Techtip: Change name using Powershell

In Windows Server 2012, you can do most, if not all administrative tasks using Powershell. There are roughly 2400 comdlets letting you manipulate the system in every unholy way imaginable! One of those ways is to change the computer name.

To change the computer name, simply run the following two lines:

You can for example use this code to script renaming multiple computers in bulk, or just to avoid cluttering up your screen with a GUI.

 

 

Powershell: Share size reporting

A security admin came to me the other day and asked me if I could measure the size of each individual share on the system. I asked him if this wasn’t something most easily done by using Explorer, but since he wanted every single share on all file servers, it would a lot of “right click->Properties”, so I took pitty on him and got to work 😉

I created a script where you’re asked the name of the file server. The script then lists out the shares and writes out their individual size to a text file.

Here’s the script:

This script takes a long time to complete in large environments. If anyone has tips on how to streamline the code for better performance, please add a comment 🙂