January 3rd, 2005

How Can I Determine the Account a Process is Running Under?

Hey, Scripting Guy! Question

Hey, Scripting Guy! I’ve got a script that returns information about all the processes running on a computer, except I can’t seem to figure out how to get the name of the user account that these processes are running under. Can you help?

— DL

SpacerHey, Scripting Guy! AnswerScript Center

Hey, DL. Yes, we can help. It’s actually fairly easy to determine which account a process is running under, it’s just not very obvious how you go about doing that. If you’re like most people, you probably scanned the properties for the Win32_Process class trying to find a property named Account or UserName or something similar. Most likely you didn’t find it. And there’s a good reason for that: the Win32_Process doesn’t have a property that tells you which account a process is running under.

Instead, you need to use a method – GetOwner – to track down this information. Here’s a script that tells you which account Microsoft Word (Winword.exe) is running under:

strComputer = “.”
Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)

Set colProcessList = objWMIService.ExecQuery _ (“Select * from Win32_Process Where Name = ‘Winword.exe'”)

For Each objProcess in colProcessList objProcess.GetOwner strUserName, strUserDomain Wscript.Echo “Process ” & objProcess.Name & ” is owned by ” _ & strUserDomain & “\” & strUserName & “.” Next

The line of code we’re most interested in is this one:

objProcess.GetOwner strNameOfUser, strUserDomain

What we’re doing here is calling the GetOwner method. GetOwner returns two “out parameters,” one that returns the name of the user responsible for the process, the other returning the domain that user belongs to. In order to capture these two out parameters we need to supply the GetOwner method with two variables. In this sample script, we’ve used variables named strUserName and strUserDomain. The names are arbitrary; you can call the variables A and B or X and Y or anything you want.

However, the order of the variables is not arbitrary: the first value returned will always be the user name, the second value will always will be the domain. Which means that if you want X to represent the user name and Y to represent the domain, then make sure your code looks like this:

objProcess.GetOwner X, Y

After calling GetOwner we simply echo back the process name and the owner. Notice that – to be a little fancy – we use the domain\user format; that way, we echo a name like fabrikam\kenmyer.

Incidentally, here’s a script that lists all the processes on a computer as well as the owner of each process:

strComputer = “.”
Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)

Set colProcessList = objWMIService.ExecQuery _ (“Select * from Win32_Process”)

For Each objProcess in colProcessList objProcess.GetOwner strUserName, strUserDomain Wscript.Echo “Process ” & objProcess.Name & ” is owned by ” _ & strUserDomain & “\” & strUserName & “.” Next

Oh, and in case anyone is wondering, January 3, 2005 happens to be an official day off for Microsoft employees. So why is there a Hey, Scripting Guy! column today? Well, that can only be because of the incredible dedication and devotion to duty shown by the Microsoft Scripting Guys. Either that, or one of the Scripting Guys – who shall remain nameless – didn’t realize it was a holiday and came in anyway (and at 7:00 AM to boot!).

Author

0 comments

Discussion are closed.

Feedback