0

I'm currently trying to find a command line that is running on a client machine and if the command line running the script is found, I need to terminate that process id. Here is what I currently have, but I'm a bit lost on what a good way to kill that ParentProcessID.

You can see in my Get-WMIObject, I'm getting the properties of CommandLine and ParentProcess ID. I can run a foreach and -match those command lines with a string. But at this point, I don't know how to pass or link the ParentProcessID property so I can kill that ParentProcessID.

$process = "powershell.exe"
$GetCommand = Get-WmiObject Win32_Process -Filter "name = '$process'" |select CommandLine, ParentProcessID

foreach($command in $GetCommand){
    If($command -match "MyScript.ps1"){
    #kill ParentProcessID
    }

 }

Any ideas how I would accomplish this?

4

1 回答 1

0

在 PowerShell 中(与传统的 shell 不同)——一切都是一个包装好的 .NET 对象。

这意味着您可以引用Select-Object使用.运算符选择的属性

$process = "powershell.exe"
$GetCommand = Get-WmiObject Win32_Process -Filter "name = '$process'" |Select-Object CommandLine, ParentProcessID

foreach($command in $GetCommand){
    if($command.CommandLine -match "MyScript.ps1"){
        Stop-Process -Id $command.ParentProcessID
    }
 }
于 2016-03-08T17:11:36.083 回答