parent process of a powershell console

Yeniye
Yeniye used Ask the Experts™
on
Hi,

How can i find the parent process which launches my powershell script(or console).
I have the automatic $PID then i want to find the parent process . I want to make sure if the process that run the powershell is the allowed process otherwise i will block that scritpt from executing

thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Bill PrewTest your restores, not your backups...
Top Expert 2016

Commented:
$myParentID=(Get-WmiObject win32_process -filter "ProcessID=$PID").ParentProcessID
$myParent=Get-WmiObject win32_process -filter "ProcessID=$myParentID"

~bp

Author

Commented:
But i tried this...
It doesn't give me the right parent in the chain ...i am not looking the immediate parent but any of the process in the chain above the current process.
Is there a case where a process holds child processes?
Test your restores, not your backups...
Top Expert 2016
Commented:
Not sure exactly what your situation is, but you can just keep working your way back up the parent chain if that makes sense.  Here's an example from my system when I ram PowerShell from a DOS window.

~bp
PS C:\> $procId=$PID
PS C:\> $procObj=Get-WmiObject win32_process -filter "ProcessID=$procId"
PS C:\> $procObj | Format-Table -property ProcessID, ParentProcessID, ProcessName
 
                              ProcessID                         ParentProcessID ProcessName
                              ---------                         --------------- -----------
                                   3264                                    5548 powershell.exe
 
 
PS C:\> $procId=$procObj.ParentProcessID
PS C:\> $procObj=Get-WmiObject win32_process -filter "ProcessID=$procId"
PS C:\> $procObj | Format-Table -property ProcessID, ParentProcessID, ProcessName
 
                              ProcessID                         ParentProcessID ProcessName
                              ---------                         --------------- -----------
                                   5548                                    5560 cmd.exe
 
 
PS C:\> $procId=$procObj.ParentProcessID
PS C:\> $procObj=Get-WmiObject win32_process -filter "ProcessID=$procId"
PS C:\> $procObj | Format-Table -property ProcessID, ParentProcessID, ProcessName
 
                              ProcessID                         ParentProcessID ProcessName
                              ---------                         --------------- -----------
                                   5560                                    3576 ntvdm.exe
 
 
PS C:\> $procId=$procObj.ParentProcessID
PS C:\> $procObj=Get-WmiObject win32_process -filter "ProcessID=$procId"
PS C:\> $procObj | Format-Table -property ProcessID, ParentProcessID, ProcessName
 
                              ProcessID                         ParentProcessID ProcessName
                              ---------                         --------------- -----------
                                   3576                                    3416 explorer.exe

Open in new window

Author

Commented:
Not answered the way i want.
Thanks anyways

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial