How can I pass Get-WMIObject Properties into a variable

Question

I'm currently trying to find a command line that is running on a client machine and if the command line running the script is found, I need to terminate that process id. Here is what I currently have, but I'm a bit lost on what a good way to kill that ParentProcessID.

You can see in my Get-WMIObject, I'm getting the properties of CommandLine and ParentProcess ID. I can run a foreach and -match those command lines with a string. But at this point, I don't know how to pass or link the ParentProcessID property so I can kill that ParentProcessID.

$process = "powershell.exe"
$GetCommand = Get-WmiObject Win32_Process -Filter "name = '$process'" |select CommandLine, ParentProcessID

foreach($command in $GetCommand){
    If($command -match "MyScript.ps1"){
    #kill ParentProcessID
    }

 }

Any ideas how I would accomplish this?

`if($command.CommandLine -match "MyScript.ps1"){ Stop-Process -Id $command.ParentProcessID }` — Mathias R. Jessen, Mar 08 '16 at 16:24
Thank you Mathias! I did not think I could pass the properties through the main varible that way. Wow, I learned something new. Thank you. I'm not sure how to mark this as Answered so you get credit for it. — TheInfamousOne, Mar 08 '16 at 16:44

score 0 · Accepted Answer · answered Mar 08 '16 at 17:11

In PowerShell (unlike traditional shells) - everything is a wrapped .NET object.

This means that you can reference the properties selected with Select-Object using the . operator

$process = "powershell.exe"
$GetCommand = Get-WmiObject Win32_Process -Filter "name = '$process'" |Select-Object CommandLine, ParentProcessID

foreach($command in $GetCommand){
    if($command.CommandLine -match "MyScript.ps1"){
        Stop-Process -Id $command.ParentProcessID
    }
 }

How can I pass Get-WMIObject Properties into a variable

1 Answers1