When you run get-process you will see a number of entries named svchost. These are processes that host services. In task manager on Windows 7 and below all we see is the svchost entry. In the Windows 8 family we see the services running in a particular host
Now can we do anything similar with PowerShell.
Get-Service doesn’t do anything to help BUT the Win32_Service class has a ProcessID property that we can use
Get-CimInstance -ClassName Win32_Service | sort ProcessID -Descending | foreach { $proc = Get-Process -Id $_.ProcessID $_ | Add-Member -MemberType NoteProperty -Name ProcessName -Value $($proc.ProcessName) -PassThru } | Format-Table DisplayName, ProcessName -GroupBy ProcessId
I’ve used Get-CimInstance in this example because of the CIM cmdlets are new to PowerShell v3. For a PowerShell v2 install use Get-WmiObject
Get-WmiObject -Class Win32_Service | sort ProcessID -Descending | foreach { $proc = Get-Process -Id $_.ProcessID $_ | Add-Member -MemberType NoteProperty -Name ProcessName -Value $($proc.ProcessName) -PassThru } | Format-Table DisplayName, ProcessName -GroupBy ProcessId
The WMI objects are piped through sort & into foreach where we add the process name. In both cases I’ve used Get-Process – either Get-CIMInstance or Get-WmiObject using the Win32_Process class could be used instead.
Format-table is used with GroupBy to produce a nicely formatted report. This information is important because it shows the services that are related to a particular process and the impact if that process fails..