FiveTech Software tech support forums

www.FiveTechSoft.com
https://forums.fivetechsupport.com/~fivetec1/forums/

Name of the user

https://forums.fivetechsupport.com/~fivetec1/forums/viewtopic.php?t=41171

Page 1 of 1

Name of the user

Posted: Wed Dec 08, 2021 7:52 am
by Natter
Hi,

I'm looking through the list of processes via WMI.
Is it possible to find out the name of the user on whose behalf the process is opened?

Re: Name of the user

Posted: Thu Dec 09, 2021 12:24 pm
by driessen
Hi,

Why don't you use this function : WNetGetUser()

Good luck.

Re: Name of the user

Posted: Thu Dec 09, 2021 3:06 pm
by ADutheil
driessen wrote:Hi,

Why don't you use this function : WNetGetUser()

Good luck.

I guess probably because he's looking for someone connected to the server or locking a file.

You can use the following function to start working.

Code: Select all | Expand


FUNCTION TstUser()
LOCAL cDest := "procown.ps1"
LOCAL   nHndl

nHndl := fCreate( cDest )
fClose( nHndl )
IF ( nHndl := fOpen( cDest, 17 ) ) != -1 // write+exclusive
    fWrite( nHndl, [$proc = Get-CimInstance Win32_Process -Filter "name = 'notepad.exe'"]  + HB_OsNewline() )
    fWrite( nHndl, [Invoke-CimMethod -InputObject $proc -MethodName GetOwner >procown.txt]  + HB_OsNewline() )
    fClose( nHndl )
ENDIF
WinExec( "powershell.exe -windowstyle hidden -File procown.ps1" )
RETURN NIL 
 


It creates a text file which is easy to treat to get the user name but it has 2 caveats: it opens a shell window that appears shortly and the function has to be executed as administrator dues to default Windows restriction to run PowerShell scripts.
The first caveat might be resolved by using PsRun available at https://github.com/gbuktenica/PsRun. If it is possible you can avoid the second one by changing the execution policy in registry.
If I get some spare time I'll try another approach by using OLE.

Re: Name of the user

Posted: Thu Dec 09, 2021 4:39 pm
by Natter
Thanks, ADutheil !

To prevent the Powershell shell window from appearing, the script must be run through Wscript and cmd.exe .
Of course, I made a flag DBF, where each launching application locks its own line.
But it seemed to me that by viewing all processes through WMI, you can find out the name of the user on whose behalf a particular process is opened.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited