So, I'm trying to get the owner of a process on a remote machine. More
specifically, I'm trying to determine if one or more of many processes
with the same name is owned by a particular user. If at least one
process is running in that user context, all is good, otherwise, alarm
bells will go off.
The machine on which the script is executed is Win2008R2, and the
machine it's querying is Win2003R2.
This is the script - a little one-liner:
get-wmiobject -class win32_process -filter "name = 'example.exe'"
-computername computer.example.tld | where-object { $_.getowner().user
-eq 'userid' }
It seems to work - at least I always get output like the following:
__GENUS : 2
__CLASS : Win32_Process
__SUPERCLASS : CIM_Process
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_Process.Handle="12600"
__PROPERTY_COUNT : 45
__DERIVATION : {CIM_Process, CIM_LogicalElement,
CIM_ManagedSystemElement}
__SERVER : computername
__NAMESPACE : root\cimv2
__PATH :
\\computername\root\cimv2:Win32_Process.Handle="12600"
Caption : example.exe
CommandLine : E:\bin\example PHANTOM "ECL.SVCMGR 20001"
"_PH_\userid24"
CreationClassName : Win32_Process
CreationDate : 20150219000024.108524-480
CSCreationClassName : Win32_ComputerSystem
CSName : computername
Description : example.exe
ExecutablePath : E:\bin\example.exe
ExecutionState :
Handle : 12600
HandleCount : 122
InstallDate :
KernelModeTime : 2594375000
MaximumWorkingSetSize : 1380
MinimumWorkingSetSize : 200
Name : example.exe
OSCreationClassName : Win32_OperatingSystem
OSName : Microsoft Windows Server 2003 Standard
Edition|C:\WINDOWS|\Device\Harddisk0\Partition2
OtherOperationCount : 4149573
OtherTransferCount : 112256404
PageFaults : 1217120
PageFileUsage : 5480
ParentProcessId : 12780
PeakPageFileUsage : 9368
PeakVirtualSize : 83656704
PeakWorkingSetSize : 12732
Priority : 8
PrivatePageCount : 5611520
ProcessId : 12600
QuotaNonPagedPoolUsage : 4
QuotaPagedPoolUsage : 100
QuotaPeakNonPagedPoolUsage : 6
QuotaPeakPagedPoolUsage : 112
ReadOperationCount : 1485929
ReadTransferCount : 7417721489
SessionId : 0
Status :
TerminationDate :
ThreadCount : 2
UserModeTime : 1453593750
VirtualSize : 66973696
WindowsVersion : 5.2.3790
WorkingSetSize : 11386880
WriteOperationCount : 5844057
WriteTransferCount : 5828253887
PSComputerName : computername
ProcessName : example.exe
Handles : 122
VM : 66973696
WS : 11386880
Path : E:\bin\example.exe
But, if I run it manually more than once or twice, I get an error
afterward, about every other time I run it:
Exception calling "GetOwner" : "Not found "
At line:1 char:111
+ ... Where-Object { $_.GetOwner().User -eq 'userid' }
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WMIMethodException
The script will be polling the target machine about every 5 minutes,
which might be sufficient to avoid this problem, but also perhaps not.
Anyone have insight into what might be happening?
Kurt
================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1
