4

I am trying to individually monitor memory usage of a process (w3wp.exe) that has multiple instances of itself by filtering out a string found in the process' CommandLine property.

It works when I run this script locally:

$proc = (WmiObject Win32_Process -Filter "Name = 'w3wp.exe'" | Where-Object {$_.CommandLine -like "*SomeTextFromCl*"})
$id = $proc.ProcessId 
$ws = [math]::round((Get-Process -Id $id).WS/1MB)
Write-Host $ws

However, when I try to run it remotely through Invoke-Command, I get an error telling that the Id property's value is null:

Cannot bind argument to parameter 'Id' because it is null.
+ CategoryInfo          : InvalidData: (:) [Get-Process], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.GetProcessCommand
+ PSComputerName        : RemoteServerName

My Invoke-Command syntax is:

Invoke-Command -ComputerName RemoteServerName -FilePath script.ps1 -Credential $mycredential

I'm sure it's simple but I'm back to PS after a long absence and I had a look around but couldn't find anything really helpful.

Under Vhoorls Shadow
  • 41
  • 5
  • Have you checked that the WMI call on the remote machine actually results in anything being returned? – Mathias R. Jessen Aug 05 '15 at 12:50
  • Yes it actually returns the Working Set of the correct w3wp.exe instance. – Under Vhoorls Shadow Aug 05 '15 at 13:09
  • 3
    Are you running PowerShell v2 and have more than one process returned? PowerShell v2 doesn't support the syntax `.` for accessing properties of the members of an array. Check what output you get if you echo just `$proc`. – Ansgar Wiechers Aug 05 '15 at 15:46
  • I'm PowerShell v4 on Windows Server 2012 R2. When echoing `$proc` I get all the properties of my _w3wp_ object. – Under Vhoorls Shadow Aug 05 '15 at 15:51
  • 1
    Is the credential you're connecting with the same user you use to run it locally? – briantist Aug 05 '15 at 16:59
  • No it wasn't. Locally, I was using the default local admin and remotely another user (called _prtg_). I tried locally with _prtg_ and I got the same error locally. Oddly enough _prtg_ is member of the following local groups on the remote machine: _Administrators_, _Distributed COM Users_, _Performance Monitor Users_ and _Remote Management Users_. What other permissions does that user need? – Under Vhoorls Shadow Aug 05 '15 at 20:11
  • I have also tried to give full permissions to _prtg_ via `Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI` but I'm still getting the same error, even locally. – Under Vhoorls Shadow Aug 06 '15 at 07:20
  • I've been drilling further down and it looks like it's actually the `CommandLine` property's ACL that causes the problem for any user other than the default local admin. When I run `WmiObject Win32_Process -Filter "Name = 'w3wp.exe'"` as the _prtg_ user I see most of the object's properties but `CommandLine` is empty. If I run the same command as the default local admin, I get the `CommandLine` value correctly. This [post](http://goo.gl/dzSDux) gives an alternative, by giving the user the `Debug Programs` permission in the Local Security Policy but it doesn't work for me. Any other ideas? – Under Vhoorls Shadow Aug 07 '15 at 13:03
  • 1
    Normal users can only view the `CommandLine` property of their own processes. This behavior is by design. However as a member of the administrators group on the remote host, the user should be able to get that information on the remote host. Perhaps the Security eventlog contains information about why the access is denied/fails. – Ansgar Wiechers Aug 09 '15 at 20:48
  • I vaguely remember a similar problem in the past whereby I could access certain WMI process properties when running locally or as the system account on another server (running as a service) but not when running under a different account. I think there's some sort of permissioning involved to see certain WMI properties. Are you able to run the script on the server as yourself and see the correct results? – Sean Oct 09 '15 at 10:45
  • Just an unimportant comment - you can replace the second and third lines with $ws = [math]::round($proc.WS/1MB). No need to get the id of the process and call Get-Process after that. – olegk Nov 26 '15 at 08:06

1 Answers1

0

You are writing the answer to the console. You use the ps1 as a function, so you should use:

return $ws

instead of 

write-host $ws
Rahvin47
  • 91
  • 5