Originally published at commandinline.com.

Get-Process is the daily-driver cmdlet for listing and inspecting running processes on Windows and (in PowerShell 7+) Linux and macOS. It returns System.Diagnostics.Process objects you can filter, sort, and pipe into Stop-Process or Wait-Process. This cheat sheet covers the parameters, pipeline patterns, and pitfalls you will hit in everyday automation.

Quick Reference

TL;DR: Get-Process emits live Process objects (not text). It is fully pipeline-friendly — chain it into Where-Object, Sort-Object, or Stop-Process. The default formatter shows handles, NPM, PM, WS, CPU, Id, SI, ProcessName, but every property on System.Diagnostics.Process is available downstream.

Syntax & Common Parameters

Three parameter sets cover almost everything: by name, by Id, and by InputObject. The -Name parameter accepts wildcards and an array; -Id takes an integer or array of integers; -IncludeUserName requires elevation but adds the owning account.

# Core syntaxGet-Process[[-Name]][-ComputerName][-Module][-FileVersionInfo][-IncludeUserName]Get-Process-Id[-ComputerName]Get-Process-InputObject# ExamplesGet-Process# all processesGet-Process-Namenotepad# exact name (no .exe)Get-Processchrome*# wildcardGet-Process-Id1234,5678# by PID

Common Use Cases

Most workflows fall into “list everything,” “find one,” or “inspect details.” Use -FileVersionInfo to grab vendor and product strings, and -Module to enumerate loaded DLLs.

# Snapshot of every processGet-Process|Format-Table-AutoSize# Single process by nameGet-Process-Nameexplorer# Get version info on the running pwsh.exeGet-Processpwsh-FileVersionInfo# Loaded modules for a single processGet-Process-Id$PID-Module|Select-ObjectModuleName,FileName

Filtering & Output Formatting

Filter on the rich object surface: WorkingSet64, CPU, StartTime, Path, Responding. Format-cmdlets are display-only — never pipe them into a real cmdlet.

# Top 10 by working-set memory (bytes)Get-Process|Sort-ObjectWorkingSet64-Descending|Select-Object-First10Name,Id,@{N='WS_MB';E={[math]::Round($_.WorkingSet64/1MB,1)}}# Hung processes (Responding flag false; Windows GUI apps only)Get-Process|Where-Object{-not$_.Responding}# Processes started in the last hourGet-Process|Where-Object{$_.StartTime-gt(Get-Date).AddHours(-1)}

Pipeline Patterns

Get-Process shines as a producer. Pipe its output to other process cmdlets — they accept Process objects via -InputObject or ValueFromPipeline.

# Stop every Notepad instanceGet-Processnotepad-ErrorActionSilentlyContinue|Stop-Process# Wait for a build to exit, then continueGet-Processmsbuild-ErrorActionSilentlyContinue|Wait-Process# Group by process name and countGet-Process|Group-ObjectName|Sort-ObjectCount-Descending|Select-Object-First5Count,Name

Error Handling

If a name does not match, Get-Process emits a non-terminating error: Cannot find a process with the name "X". Use -ErrorAction SilentlyContinue to suppress, or wrap in try/catch with -ErrorAction Stop for strict pipelines.

# Suppress missing-process noise$p=Get-Processnotepad-ErrorActionSilentlyContinueif($p){'Notepad is running'}else{'Not running'}# Promote to terminating errortry{Get-Processbogus-ErrorActionStop}catch{Write-Warning"Lookup failed: $($_.Exception.Message)"}

Real-World Examples

Aggregate views, ownership lookups, and remote inspections cover most production needs. -IncludeUserName requires an elevated session.

# Memory grouped by process nameGet-Process|Group-ObjectName|ForEach-Object{[pscustomobject]@{Name=$_.NameCount=$_.CountTotalMB=[math]::Round(($_.Group|Measure-ObjectWorkingSet64-Sum).Sum/1MB,1)}}|Sort-ObjectTotalMB-Descending|Select-Object-First10# Owner per process (admin shell required)Get-Process-IncludeUserName|Select-ObjectName,Id,UserName-First20# Remote host (PS 5.1; deprecated in 7+)Get-Process-ComputerNameSERVER01-Namew3wp

Common Pitfalls

• Name lookup fails with .exe — pass notepad, not notepad.exe.
• Access denied on other users' processes — run elevated when using -IncludeUserName or reading paths.
• CPU column is total CPU-seconds since start, not current load. Sample twice and diff for percentage.
• -ComputerName is removed in PowerShell 7 — use Invoke-Command or CIM cmdlets for remote process queries.
• Wildcard with -Name is case-insensitive on Windows but case-sensitive on Linux file systems for path matching.

Pro Tips

• gps and ps are built-in aliases — gps chrome | % Id.
• Need PID of the current shell? $PID is a built-in variable; Get-Process -Id $PID.
• (Get-Process -Name code).Path | Select-Object -Unique reveals install location.
• Combine with Where-Object using simple syntax: Get-Process | ? WorkingSet64 -gt 500MB.

Related Cmdlets

• Stop-Process Cmdlet Cheat Sheet
• Start-Process Cmdlet Cheat Sheet
• Wait-Process Cmdlet Cheat Sheet

Bookmark this page for the next time a runaway process eats your RAM — Get-Process plus Sort-Object WorkingSet64 gets you to the culprit in two keystrokes.