This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 86%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Hi,
I'm sure a lot of people have had the same problem. When many scripts are running on a machine and there are times when one of the scripts creates a load on the processor or memory.
I need to find out what the script is. However, in the task manager, we can only observe powershell.exe processes, but it is not clear what script is being executed in this process.
Also Process Monitor and Process Explorer do not show the ps1 filename or path. Because the process is already running and powershell was reading and started executing the script.
If it is not possible to know which script is running. Perhaps there is a way to write processes ID to a log file. Is it possible to find out the ID of the powershell process that initialized the script? What would the script add to the log file, the ID of the process from which it started.
Thank you.
Add command line to the task manger display.
That will tell you the initiating script. If it calls other scripts, review the code or add a transcript to see what other scripts are being called.
I was blind, but now I can see.
Thank you :) I did not know about such a column, everything turned out to be simple.
Hi Denis,
Only setting I can recollect is the PS logging via the GPO, as you already tried procmon and proc explorer. about_logging_windows
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Thanks for the answer.
Yes, this is the solution. But in this case, the user can see the tokens that are specified in the body of the script.
You can enable log encryption, but then the monitoring and log collection tools will not be able to read these logs.
Too bad this is the only way available.