{"id":67943,"date":"2006-02-16T11:26:00","date_gmt":"2006-02-16T11:26:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2006\/02\/16\/how-can-i-determine-which-account-a-script-is-running-under\/"},"modified":"2006-02-16T11:26:00","modified_gmt":"2006-02-16T11:26:00","slug":"how-can-i-determine-which-account-a-script-is-running-under","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/how-can-i-determine-which-account-a-script-is-running-under\/","title":{"rendered":"How Can I Determine Which Account a Script is Running Under?"},"content":{"rendered":"

\"Hey, \n

Hey, Scripting Guy! How can I determine which account a script is running under?

— KW<\/P>\"Spacer\"\"Hey,\"Script<\/A> \n

Hey, KW. You know, it\u2019s been awhile since we started off a column with a bunch of excuses, and that\u2019s been hard on us: after all, making excuses is what we Scripting Guys do best. With that in mind, then, let\u2019s start off with one of our favorite excuses: the script we\u2019re about to show you works only on Windows XP and Windows Server 2003. We\u2019ll show you a way to kind of, sort of do this same thing on Windows 2000, but it\u2019s definitely not as good.<\/P>\n

Ah, yes: now that<\/I> felt good.<\/P>\n

OK, no more excuses (for now, at least). Instead, let\u2019s talk scripting. Here\u2019s what the script looks like:<\/P>

strComputer = “.”\nSet objWMIService = GetObject(“winmgmts:\\\\” & strComputer & “\\root\\cimv2”)<\/p>\n
Set colProcessList = objWMIService.ExecQuery(“Select * from Win32_Process Where ” & _\n    “Name = ‘cscript.exe’ or Name = ‘wscript.exe'”)<\/p>\n
For Each objProcess in colProcessList\n    If InStr(objProcess.CommandLine, “test.vbs”) Then\n        colProperties =   objProcess.GetOwner(strNameOfUser,strUserDomain)\n        Wscript.Echo “This script is running under the account belonging to ” _ \n            & strUserDomain & “\\” & strNameOfUser & “.”\n    End If\nNext\n<\/PRE>\n
As you can see, we begin by connecting to the WMI service on the local computer, although this same script could just as easily be targeted against a remote machine. (Yes, we do<\/I> say that a lot. But that isn\u2019t an excuse, it\u2019s just a statement of fact: almost all WMI scripts work equally well against a remote computer as they do the local computer. Every now and then we do say something<\/I> that isn\u2019t an excuse!) <\/P>\n
We then encounter this line of code:<\/P>
Set colProcessList = objWMIService.ExecQuery(“Select * from Win32_Process Where ” & _\n    “Name = ‘cscript.exe’ or Name = ‘wscript.exe'”)\n<\/PRE>\n
You might have already guessed that we need to use the Win32_Process<\/B> class to carry out our task; that\u2019s because Win32_Process is the WMI class that keeps track of all the processes currently running on a computer. Of course, we aren\u2019t interested in all<\/I> the processes running on the computer; we\u2019re only interested in the scripts. Because of that we include a Where clause that restricts the returned information only to instances of the two Windows script hosts: Cscript.exe and Wscript.exe.<\/P>\n\n<\/THEAD>\n\n\n
\n
Note<\/B>. Yes, we could have written this script in a slightly different fashion, and maybe saved a line or two of code in the process. We opted for this approach because it more closely resembles the way we have to do this chore on Windows 2000.<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n
<\/DIV>\n
After issuing the query we set up a For Each loop to walk through the returned collection. In this example we\u2019re trying to determine the owner for a script named Test.vbs. Therefore, we need to check each script to see if it happens to be named Test.vbs. How do we do that? By using this line of code:<\/P>
If InStr(objProcess.CommandLine, “test.vbs”) Then\n<\/PRE>\n
All we\u2019re doing here is using the InStr<\/B> function to see if the string test.vbs<\/I> can be found anywhere in the CommandLine<\/B> property. And what is<\/I> the CommandLine property? In somewhat simplistic fashion, this is the command string required to start the script from a command prompt. For example, the CommandLine might be something like this:<\/P>
C:\\Scripts\\Test Scripts\\Test.vbs\n<\/PRE>\n
We\u2019re checking for test.vbs<\/I> because we\u2019re assuming we don\u2019t have a script named, say, MyTest.vbs. If you\u2019re concerned with this kind of name collision, then we could simply use InStr and test for a string like \\test.vbs<\/I>. That\u2019s something you\u2019ll have to decide for yourself.<\/P>\n
If it turns out that our target string can be found in the CommandLine value we then call the GetOwner<\/B> method to find out the \u201cowner\u201d of the process (that is, the name of the account that the script is running under):<\/P>
objProcess.GetOwner(strNameOfUser,strUserDomain)\n<\/PRE>\n
With GetOwner, we need to pass along a pair of \u201cout parameters.\u201d An out parameter is nothing more than a variable (which we name ourselves) that the method will fill with a value. Here we\u2019re passing variables named strNameOfUser and strUserDomain; in return, GetOwner will assign those variables the name of the user and the domain of the user who owns the process.<\/P>\n
At that point all we have to do is echo back the returned information:<\/P>
Wscript.Echo “This script is running under the account belonging to ” _ \n    & strUserDomain & “\\” & strNameOfUser & “.”\n<\/PRE>\n
So then why can\u2019t we run this same script on Windows 2000? Actually there\u2019s a good reason for that: the CommandLine property is found only on Windows XP and Windows Server 2003. On other versions of Windows we can\u2019t identify individual scripts; the best we can do is return owner information for any instances of Cscript.exe and Wscript.exe that happen to be running. If there\u2019s only one script running, no problem: that single instance of CScript.exe or Wscript.exe has<\/I> to represent that one script. In turn, that means the owner of the script host process is also the owner of the script process. If you have multiple scripts running, though, that\u2019s a different story. If that\u2019s the case, the best you can do is say, \u201cWell, Ken Myer owns one<\/I> of these scripts, although we don\u2019t know which one. And whichever one he doesn\u2019t own Pilar Ackerman does<\/I> own.\u201d<\/P>\n
No, not quite as good. But it is what it is. (And yes, that is<\/I> an excuse. A somewhat lame one, but an excuse nonetheless.)<\/P>\n
Here\u2019s what the Windows 2000 solution (OK: semi-solution) looks like:<\/P>
strComputer = “.”\nSet objWMIService = GetObject(“winmgmts:\\\\” & strComputer & “\\root\\cimv2”)<\/p>\n
Set colProcessList = objWMIService.ExecQuery(“Select * from Win32_Process Where ” & _\n    “Name = ‘cscript.exe’ or Name = ‘wscript.exe'”)<\/p>\n
For Each objProcess in colProcessList\n    objProcess.GetOwner strNameOfUser,strUserDomain\n    Wscript.Echo “A script is running under the account belonging to ” _ \n        & strUserDomain & “\\” & strNameOfUser & “.”\nNext\n<\/PRE><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! How can I determine which account a script is running under?— KW Hey, KW. You know, it\u2019s been awhile since we started off a column with a bunch of excuses, and that\u2019s been hard on us: after all, making excuses is what we Scripting Guys do best. With that in mind, then, […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[31,87,3,5],"class_list":["post-67943","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-operating-system","tag-processes","tag-scripting-guy","tag-vbscript"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! How can I determine which account a script is running under?— KW Hey, KW. You know, it\u2019s been awhile since we started off a column with a bunch of excuses, and that\u2019s been hard on us: after all, making excuses is what we Scripting Guys do best. With that in mind, then, […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/67943","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=67943"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/67943\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=67943"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=67943"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=67943"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}