3,085 questions
Add command line to the task manger display.
That will tell you the initiating script. If it calls other scripts, review the code or add a transcript to see what other scripts are being called.
How to find out which script is being executed?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 86%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Mountain Pond
1,576
Reputation points
Hi,
I'm sure a lot of people have had the same problem. When many scripts are running on a machine and there are times when one of the scripts creates a load on the processor or memory.
I need to find out what the script is. However, in the task manager, we can only observe powershell.exe processes, but it is not clear what script is being executed in this process.
Also Process Monitor and Process Explorer do not show the ps1 filename or path. Because the process is already running and powershell was reading and started executing the script.
If it is not possible to know which script is running. Perhaps there is a way to write processes ID to a log file. Is it possible to find out the ID of the powershell process that initialized the script? What would the script add to the log file, the ID of the process from which it started.
Thank you.
Windows for business Windows Client for IT Pros Devices and deployment Configure application groups
Windows for business Windows Server User experience PowerShell
Windows for business Windows Server User experience Other
20,212 questions
Accepted answer
-
MotoX80 36,291 Reputation points2022-09-03T00:24:54.367+00:00 -
Mountain Pond 1,576 Reputation points
2022-09-03T00:34:00.197+00:00 I was blind, but now I can see.
Thank you :) I did not know about such a column, everything turned out to be simple.
Sign in to comment -
1 additional answer
Sort by: Most helpful
-
JimmySalian-2011 42,486 Reputation points2022-09-02T21:40:23.813+00:00 Hi Denis,
Only setting I can recollect is the PS logging via the GPO, as you already tried procmon and proc explorer. about_logging_windows
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.-
Mountain Pond 1,576 Reputation points
2022-09-02T23:44:17.66+00:00 Thanks for the answer.
Yes, this is the solution. But in this case, the user can see the tokens that are specified in the body of the script.
You can enable log encryption, but then the monitoring and log collection tools will not be able to read these logs.
Too bad this is the only way available.
Sign in to comment -