Monitor process start and end using Powershell
Rating: 27 user(s) have rated this article Average rating: 5.0
Posted by: Chandra Hundigam, on 2/24/2013, in category "Windows PowerShell"
Views: this article has been read 43205 times
Abstract: Simple steps to monitor process using Powershell WMI CmdLets

Using WMI (Windows Management Instrumentation)  Event monitoring and event subscription you can monitor process.

We will be using following Register-WMIEvent Cmdlet parameters in our example script.
  • -query. This is a standard WMI event query.
  • -messageData. Any time a subscribed-to event occurs, PowerShell records information about that event.
  • -sourceIdentifier. The Source Identifier is nothing more than the name we want to give our event subscription. 
Following sample script below monitors notepad.exe application.

Step 1: Register Event

Register-WMIEvent -query “SELECT * FROM Win32_ProcessStartTrace WHERE ProcessName=’notepad.exe’” -SourceIdentifier “MonitorNotePad” -action 
$evt = $Event.SourceEventArgs.NewEvent
Write-Host $evt.ProcessName, "Notepad Started"


Step 2: Unregister Event

Unregister-Event MonitorNotePad

About Author
Chandra Hundigam
Author image I have Master’s degree in Computer Application, Microsoft Certified Professional and Software Architect. My experience significantly involved in enterprise application development and distributed object oriented system development using Microsoft .Net technologies to serve global giants in the Media, Finance, Mortgage and Software Industries. I am currently doing Independent Software Consultation for various US-based companies.

How would you rate this article? 1-Poor and 5-Excellent

User Feedback

Post your comment
Insert Cancel

Top Rated Articles
Popular Articles
Popular Links
Register to the site for free, and subscribe to the newsletter. Every month you will receive new articles and special content not available elsewhere on the site, right into your e-mail box!

Archived Newsletters