Determining Process Owners

Microsoft® Windows® 2000 Scripting Guide

microsoft windows 2000 scripting guide

« Previous | Next »   

Because processes represent such things as software applications or services, they need to carry out actions on a computer. For example, a process might write data to a particular folder, modify a specific registry key, or connect to a remote computer. The ability of a process to carry out these actions depends on the security context under which the action is attempted. Processes generally run under the security context of the user who started the process. (This user is known as the process owner.) If the user account that owns the process has the appropriate access rights, the action succeeds; if it does not, the action fails.

By identifying the owner of a process, you can tell which account the process is running under. This information can help you:

  • Identify users who have remotely created processes on a computer.
  • Determine whether a specific user can terminate a specific process. By default, users can terminate only those processes that they themselves have started.
  • Create scripts that automatically terminate all the processes owned by a specified user.

To retrieve the owner of a process, use the Win32_Process class GetOwner method. GetOwner returns the user account name for the process owner as well as the domain for that user account.

Scripting Steps

Listing 14.8 contains a script that determines the owner of each process running on a computer. To carry out this task, the script must perform the following steps:

  1. Create a variable to specify the computer name.
  2. Use a GetObject call to connect to the WMI namespace root\cimv2 on the computer, and set the impersonation level to "impersonate."
  3. Use the ExecQuery method to query the Win32_Process class. This returns a collection consisting of all the processes running on the computer.
  4. For each process in the collection, use the GetOwner method to determine the user name and domain for the process.
  5. Echo the name of the process and its owner by using the following format:

    Process Winword.exe is owned by Fabrikam\kmyer.

Listing 14.8   Determining Process Ownership

1 2 3 4 5 6 7 8 9 10 
strComputer = "." Set objWMIService = GetObject("winmgmts:" _     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colProcessList = objWMIService.ExecQuery _     ("SELECT * FROM Win32_Process") For Each objProcess in colProcessList     colProperties = objProcess.GetOwner(strNameOfUser,strUserDomain)     Wscript.Echo "Process " & objProcess.Name & " is owned by " _         & strUserDomain & "\" & strNameOfUser & "." Next

send us your feedback Send us your feedback « Previous | Next »   


Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 635

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net