{"id":70743,"date":"2005-01-03T11:04:00","date_gmt":"2005-01-03T11:04:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2005\/01\/03\/how-can-i-determine-the-account-a-process-is-running-under\/"},"modified":"2005-01-03T11:04:00","modified_gmt":"2005-01-03T11:04:00","slug":"how-can-i-determine-the-account-a-process-is-running-under","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/how-can-i-determine-the-account-a-process-is-running-under\/","title":{"rendered":"How Can I Determine the Account a Process is Running Under?"},"content":{"rendered":"

\"Hey, \n

Hey, Scripting Guy! I\u2019ve got a script that returns information about all the processes running on a computer, except I can\u2019t seem to figure out how to get the name of the user account that these processes are running under. Can you help?

— DL<\/P>\"Spacer\"\"Hey,\"Script<\/A> \n

Hey, DL. Yes, we can help. It\u2019s actually fairly easy to determine which account a process is running under, it\u2019s just not very obvious how you go about doing that. If you\u2019re like most people, you probably scanned the properties for the Win32_Process class trying to find a property named Account or UserName or something similar. Most likely you didn\u2019t find it. And there\u2019s a good reason for that: the Win32_Process doesn\u2019t have<\/I> a property that tells you which account a process is running under.<\/P>\n

Instead, you need to use a method – GetOwner – to track down this information. Here\u2019s a script that tells you which account Microsoft Word (Winword.exe) is running under:<\/P>

strComputer = “.”\nSet objWMIService = GetObject(“winmgmts:\\\\” & strComputer & “\\root\\cimv2”)<\/p>\n
Set colProcessList = objWMIService.ExecQuery _\n    (“Select * from Win32_Process Where Name = ‘Winword.exe'”)<\/p>\n
For Each objProcess in colProcessList\n    objProcess.GetOwner strUserName, strUserDomain \n    Wscript.Echo “Process ” & objProcess.Name & ” is owned by ” _ \n        & strUserDomain & “\\” & strUserName & “.”\nNext\n<\/PRE>\n
The line of code we\u2019re most interested in is this one:<\/P>
objProcess.GetOwner strNameOfUser, strUserDomain\n<\/PRE>\n
What we\u2019re doing here is calling the GetOwner<\/B> method. GetOwner returns two \u201cout parameters,\u201d one that returns the name of the user responsible for the process, the other returning the domain that user belongs to. In order to capture these two out parameters we need to supply the GetOwner method with two variables. In this sample script, we\u2019ve used variables named strUserName and strUserDomain. The names are arbitrary; you can call the variables A and B or X and Y or anything you want. <\/P>\n
However, the order of the variables is not<\/I> arbitrary: the first value returned will always be the user name, the second value will always will be the domain. Which means that if you want X to represent the user name and Y to represent the domain, then make sure your code looks like this:<\/P>
objProcess.GetOwner X, Y\n<\/PRE>\n
After calling GetOwner we simply echo back the process name and the owner. Notice that – to be a little fancy – we use the domain\\user format; that way, we echo a name like fabrikam\\kenmyer<\/B>.<\/P>\n
Incidentally, here\u2019s a script that lists all the processes on a computer as well as the owner of each process:<\/P>
strComputer = “.”\nSet objWMIService = GetObject(“winmgmts:\\\\” & strComputer & “\\root\\cimv2”)<\/p>\n
Set colProcessList = objWMIService.ExecQuery _\n    (“Select * from Win32_Process”)<\/p>\n
For Each objProcess in colProcessList\n    objProcess.GetOwner strUserName, strUserDomain\n    Wscript.Echo “Process ” & objProcess.Name & ” is owned by ” _ \n        & strUserDomain & “\\” & strUserName & “.”\nNext\n<\/PRE>\n
Oh, and in case anyone is wondering, January 3, 2005 happens to be an official day off for Microsoft employees. So why is there a Hey, Scripting Guy! <\/I>column today? Well, that can only be because of the incredible dedication and devotion to duty shown by the Microsoft Scripting Guys. Either that, or one of the Scripting Guys – who shall remain nameless – didn\u2019t realize it was a holiday and came in anyway (and at 7:00 AM to boot!).<\/P><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! I\u2019ve got a script that returns information about all the processes running on a computer, except I can\u2019t seem to figure out how to get the name of the user account that these processes are running under. Can you help?— DL Hey, DL. Yes, we can help. It\u2019s actually fairly easy to […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[31,87,3,5],"class_list":["post-70743","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-operating-system","tag-processes","tag-scripting-guy","tag-vbscript"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! I\u2019ve got a script that returns information about all the processes running on a computer, except I can\u2019t seem to figure out how to get the name of the user account that these processes are running under. Can you help?— DL Hey, DL. Yes, we can help. It\u2019s actually fairly easy to […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/70743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=70743"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/70743\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=70743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=70743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=70743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}