-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGet-RunningProcess.ps1
80 lines (72 loc) · 2.82 KB
/
Get-RunningProcess.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<#
.Synopsis
Script for inspecting a host, or hosts, for a given process
.Description
Uses the RemoteRegistry service to check for processes running on a host by a given name
.Parameter Process
the -process parameter is required and defines what process to search for
.Parameter Computer
the -computer defaults to localhost but can also refer to a remote host
#>
[cmdletbinding()]
param(
[parameter(
Position=0,
Mandatory=$true,
ValuefromPipeline=$true,
ValueFromPipelineByPropertyName=$true)
]
[string[]]$computer='localhost',
[parameter(
Mandatory=$true)]
[string[]]$process
)
$results = @()
$RE1 = '^((\d{1,3}\.){3}\d{1,3})'
foreach ($pc in $computer) { #beginning of work
if (Test-Connection -count 1 -computername $pc -Quiet) {
$wasdisabled = @()
$service = get-service -name RemoteRegistry -ComputerName $pc
$state = Get-WMIObject win32_service -filter "name='RemoteRegistry'" -computer $pc -Property * | select -expand startMode
# If RemoteRegistry is "Running", move on.
if ($service.Status -ne "stopped" ) {
#do nothing
}
# if RemoteRegistry is "stopped", start RemoteRegistry
else {
# record the startup state of the service so we can put it back later if need be
if ($state -eq "disabled") {
Set-Service $service.name -computername $pc -StartupType "manual"
$wasdisabled = "true"
}
else {
$wasdisabled = "false"
}
(Get-WmiObject -computer $pc Win32_service -filter "Name='RemoteRegistry'").invokemethod("StartService",$null) | Out-Null
}
# let's start the actual inspection
$p = (Get-Process -ComputerName $pc -name $process -ErrorAction 'silentlycontinue').count
if ($pc -match $RE1) {
$ipv4 = $pc
$hostname = (Resolve-DnsName $pc).namehost.split('.')[0]
}
else {
$hostname = $pc
$ipv4 = (test-connection -computername $pc -count 1).IPV4Address.ipaddresstostring
}
$hostinfo = New-Object PSObject -Property @{
"IP" = $ipv4
"Hostname" = $hostname
"Count of $process" = $p
"User" = (get-wmiobject -computer $pc -class win32_computersystem).username.split("\")[1]
}
$results += $hostinfo
if ($wasdisabled -eq "true") {
Set-Service $service.name -computername $pc -StartupType "Disabled"
}
}
else {
Write-Host "$pc is down. skipping"
}
} #end of work
$results | select IP,Hostname,"Count of $process",User