原文地址:http://app.en25.com/e/es.aspx?s=1403&e=5287&elq=ffdaeb1db50d44cd98829640038cf0d4
原文:
If you need to filter running processes by owner, for example to terminate the ones owned by some user, you should use WMI and the GetOwner() method. This code will retrieve all processes from a local or remote system and add an Owner property, which you can then use to select or filter processes:
Get-WmiObject Win32_Process | ForEach-Object { $ownerraw = $_.GetOwner(); $owner = '{0}\{1}' -f $ownerraw.domain, $ownerraw.user; $_ | Add-Member NoteProperty Owner $owner -PassThru } | Select-Object Name, Owner
Note that you can get owner information for other users only when you have admin privileges.
翻译:
如果需要根据进程的所有者来过滤运行着的进程,比如想要关闭某些用户的进程,可以使用WMI的GetOwner()方法。下面的代码会检索本地或者远程的所有进程信息并且加入Owner属性,根据这个就可以选择并且过滤进程:
Get-WmiObject Win32_Process | ForEach-Object { $ownerraw = $_.GetOwner(); $owner = '{0}\{1}' -f $ownerraw.domain, $ownerraw.user; $_ | Add-Member NoteProperty Owner $owner -PassThru } | Select-Object Name, Owner
需要注意的是,当你有管理员权限的时候你还可以获取进程用户的其它信息。【质疑】
笔记:
适合用于根据所有者杀进程,排查病毒进程等。