By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,201 Members | 937 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,201 IT Pros & Developers. It's quick & easy.

Get account name associated with a running process.

P: n/a
I posted this a short while ago , but I don't think I explained the problem
clearly. Task Manager lists processes running on a local system, including a
"user name" associated with each process (e.g. SYSTEM). My application
needs to check if a particular process is running, and if so get the
associated "owner". I am really trying to determine the security context in
which the process was started. Thanks for any input.

-- Moses
Nov 16 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
Hm. I'm not aware of a way to get the process owner. You can certainly
find the process using the static Process.GetProcesses() or
Process.GetProcessByName() methods, and you can determine the machine it's
running on using the MachineName property of a particular Process instance.
From there, I suppose you'd have to have access to the running machine's
Active Directory and find some way to track down process ownership from
there.

If you don't really need to know who the owner is, but just whether YOU own
it or not, you can perhaps find some non-destructive method call against a
Process instance that is disallowed for non-owners, and execute it in a try
block. I know that Kill() and Close() require that you have ownership, but
obviously those wouldn't be methods you'd call to test if you have
ownership. Maybe an attempt to read the Threads collection or something
like that.

Just some random ideas that might suggest an avenue of exporation for you.

--Bob

"Moses M" <Mm*****@msn.com> wrote in message
news:et**************@TK2MSFTNGP11.phx.gbl...
I posted this a short while ago , but I don't think I explained the problem clearly. Task Manager lists processes running on a local system, including a "user name" associated with each process (e.g. SYSTEM). My application
needs to check if a particular process is running, and if so get the
associated "owner". I am really trying to determine the security context in which the process was started. Thanks for any input.

-- Moses

Nov 16 '05 #2

P: n/a
Thanks Bob. I will keep poking around. A friend suggested I use
OpenProcessToken() which looks to me like "backsliding" into unamaged code!
-- Moses
"Bob Grommes" <bo*@bobgrommes.com> wrote in message
news:eC**************@TK2MSFTNGP10.phx.gbl...
Hm. I'm not aware of a way to get the process owner. You can certainly
find the process using the static Process.GetProcesses() or
Process.GetProcessByName() methods, and you can determine the machine it's
running on using the MachineName property of a particular Process instance. From there, I suppose you'd have to have access to the running machine's
Active Directory and find some way to track down process ownership from
there.

If you don't really need to know who the owner is, but just whether YOU own it or not, you can perhaps find some non-destructive method call against a
Process instance that is disallowed for non-owners, and execute it in a try block. I know that Kill() and Close() require that you have ownership, but obviously those wouldn't be methods you'd call to test if you have
ownership. Maybe an attempt to read the Threads collection or something
like that.

Just some random ideas that might suggest an avenue of exporation for you.

--Bob

"Moses M" <Mm*****@msn.com> wrote in message
news:et**************@TK2MSFTNGP11.phx.gbl...
I posted this a short while ago , but I don't think I explained the problem
clearly. Task Manager lists processes running on a local system,

including a
"user name" associated with each process (e.g. SYSTEM). My application
needs to check if a particular process is running, and if so get the
associated "owner". I am really trying to determine the security context

in
which the process was started. Thanks for any input.

-- Moses


Nov 16 '05 #3

P: n/a
Don't feel guilty; sometimes a little backsliding is just what the doctor
ordered.

P/Invoke and COM Interop are designed, in part, to allow you to get on with
your work even in those areas that .NET doesn't have a managed interface
for. For example, the CLR has virtually no implementation for multimedia
APIs, so you have to resort to P/Invoke to do a simple console beep.

If the truth were known, a lot of the CLR methods are just fig leaves over
P/Invoke calls anyway. How do you think they implement file I/O?

--Bob

"Moses M" <Mm*****@msn.com> wrote in message
news:OH**************@TK2MSFTNGP12.phx.gbl...
Thanks Bob. I will keep poking around. A friend suggested I use
OpenProcessToken() which looks to me like "backsliding" into unamaged code! -- Moses
"Bob Grommes" <bo*@bobgrommes.com> wrote in message
news:eC**************@TK2MSFTNGP10.phx.gbl...
Hm. I'm not aware of a way to get the process owner. You can certainly
find the process using the static Process.GetProcesses() or
Process.GetProcessByName() methods, and you can determine the machine it's running on using the MachineName property of a particular Process

instance.
From there, I suppose you'd have to have access to the running machine's
Active Directory and find some way to track down process ownership from
there.

If you don't really need to know who the owner is, but just whether YOU

own
it or not, you can perhaps find some non-destructive method call against a Process instance that is disallowed for non-owners, and execute it in a

try
block. I know that Kill() and Close() require that you have ownership,

but
obviously those wouldn't be methods you'd call to test if you have
ownership. Maybe an attempt to read the Threads collection or something
like that.

Just some random ideas that might suggest an avenue of exporation for you.
--Bob

Nov 16 '05 #4

P: n/a
Hi Moses:

You are on the right track. See some sample C# code here:

http://www.sellsbrothers.com/askthew...curityprin.htm

--
Scott
http://www.OdeToCode.com

On Wed, 23 Jun 2004 15:53:23 -0600, "Moses M" <Mm*****@msn.com> wrote:
Thanks Bob. I will keep poking around. A friend suggested I use
OpenProcessToken() which looks to me like "backsliding" into unamaged code!
-- Moses


Nov 16 '05 #5

P: n/a
Thanks guys for all the input. I got OpenProcessToken() to work OK for a
local system, but it throws an exception for remote systems (says "Feature
is not supported for remote machines"). Severe limitation for my needs.
Grateful for any more suggestions. Meanwhile I will keep searching among the
thorns and thistles!

-- Moses

"Scott Allen" <bitmask@[nospam].fred.net> wrote in message
news:53********************************@4ax.com...
Hi Moses:

You are on the right track. See some sample C# code here:

http://www.sellsbrothers.com/askthew...curityprin.htm
--
Scott
http://www.OdeToCode.com

On Wed, 23 Jun 2004 15:53:23 -0600, "Moses M" <Mm*****@msn.com> wrote:
Thanks Bob. I will keep poking around. A friend suggested I use
OpenProcessToken() which looks to me like "backsliding" into unamaged code!-- Moses

Nov 16 '05 #6

P: n/a
Use System.Management and the Win32_Process class.
Here's a sample...

using System;
using System.Management;
using System.Diagnostics;
class App {
public static void Main() {
GetProcessInfo(Process.GetCurrentProcess().Handle. ToInt32());
}

static void GetProcessInfo(int handle)
{
using(ManagementObject proc = new
ManagementObject("Win32_Process.Handle='" + handle.ToString() + "'"))
{
proc.Get();
string[] s = new String[2];
//Invoke the method and populate the array with the user name and domain
proc.InvokeMethod("GetOwner",(object[])s);
Console.WriteLine("User: " + s[1]+ "\\" + s[0]);
}
}
}

Willy.

"Moses M" <Mm*****@msn.com> wrote in message
news:et**************@TK2MSFTNGP11.phx.gbl...
I posted this a short while ago , but I don't think I explained the problem
clearly. Task Manager lists processes running on a local system, including
a
"user name" associated with each process (e.g. SYSTEM). My application
needs to check if a particular process is running, and if so get the
associated "owner". I am really trying to determine the security context
in
which the process was started. Thanks for any input.

-- Moses

Nov 16 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.