Finding parent process ID on Windows

Problem

Given a process ID & command-line access on a remote Windows host, how can you find its parent's PID?

Solution

Given Marc B's answer, we can use WMIC (Command samples here) and do something like this:

wmic process where (processid=PROCID_HERE) get parentprocessid

C:\> wmic process get processid,parentprocessid,executablepath|find "process id goes here"

Based on joslinm's solution in the question, here's a snippet of how to use this in a batch script:

set PID=<this is the child process ID>
for /f "usebackq tokens=2 delims==" %%a in (`wmic process where ^(processid^=%PID%^) get parentprocessid /value`) do (
    set PARENT_PID=%%a
)

In powershell:

PS> wmic process  where '(processid=4632)' get 'processid,parentprocessid,executablepath'
ExecutablePath                                              ParentProcessId  ProcessId
C:\Program Files\Docker\Docker\Resources\com.docker.db.exe  4488             4632

Or you can do something like this in PowerShell:

Get-CimInstance -className win32_process | where-object {$_.ProcessId -eq processId_goes_here } | select ParentProcessId, Name

as well you can filter by name just substitute $_.ProcessId with $_.Name property