Solved

How to List processes by user and session ID

Posted on 2007-11-19
7
1,304 Views
Last Modified: 2008-02-01
Hi, I need VB6 code to get the list of processes on a PC that works with multiple users and sessions, that is a Windows XP with Terminal Server capabilities, ultra thin clients connect to that server. We found it possible through WMI, but it  consumes lots of  CPU, we need another API method that gives us user and session ID of every process on the machine
0
Comment
Question by:cyberproject
  • 4
  • 2
7 Comments
 
LVL 17

Expert Comment

by:Shanmuga Sundaram
ID: 20320055
0
 
LVL 6

Expert Comment

by:Taconvino
ID: 20320581
This has been a long standing issue for me too.  WMI is slow, and I did find a solution using API only.  I haven't tested this completely yet, so you may want to wait for a few minutes until I get this thing working properly.  The bad thing is that I'm not sure if this works on a Terminal Services environment...

Anyway, if you feel like digging a little deeper, take a look at this:

http://msdn2.microsoft.com/en-us/library/aa382990.aspx

Looks like it may solve your problem completely, but I have not tested it (yet).  I'm curious enough to try to make this work, so I'll do it as soon as I have the time.

Hope this helps!
TCV
0
 
LVL 6

Expert Comment

by:Taconvino
ID: 20334647
OK, managed to get user names from processes... but only SYSTEM and processes runing on the same user name as the user launching the app (that would be me).  For all other processes, I would probably have to use an impersonation token, or something like that.  BUT, I found some working code for XP/2003 machines.  Maybe you can use it:

http://www.xtremevbtalk.com/showthread.php?t=240098

It should be easy to adapt to your needs.

TCV
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:cyberproject
ID: 20343835
Th last you sent Tacovino, is great. Works perfect if you logged on Windows as administrator. But my soft uses a "Run As" to relunch itself with an admin account, from a restricted user account that was originally logged on Windows. I mean, the user is in a restricted not Admin account, but my soft runs itself with a preconfigured admin account to get all the rights. The thing is that in every aspect I have admin priviledges, but the api WTSEnumProcesses used in the example returns fail in this case.
any ideas? , thanks
0
 
LVL 6

Expert Comment

by:Taconvino
ID: 20348224
As far as I know, there are some privileges regarding processes that not even the Admin group has.  I'm not sure how you implemented the "Run As" part, but if possible, try to make it run under SYSTEM account instead of and Admin account.  Remember that the SYSTEM account you need to use is the "server" system account (the server running terminal services).

TCV
0
 

Author Comment

by:cyberproject
ID: 20351457
I tested the project, logging with an admin account normally on the client, and still doesn´t work. That means the server doesn´t give me the right just because my session is remote. I´m logging ini from an ultra thin client hardware client. (www.ncomputing.com). I read that for this api to work I need "query information priviledges", don´t know how to get it.
0
 
LVL 6

Accepted Solution

by:
Taconvino earned 500 total points
ID: 20352305
Same thing for me.  As I posted before, this could involve impersonation, or security token modification... it's a complicated (yet fun) thing to do!  The time I played around with this thing was on a local computer only.  As far as I know, Terminal Services provide a complete set of APIs of its own, although I couldn't find anything that resembles SetTokenInformation in the WTS* set of APIs (look here: http://msdn2.microsoft.com/en-us/library/aa383464.aspx), but apparently it works just the same (http://msdn2.microsoft.com/en-us/library/aa379591.aspx).  The bottom line is, there is a lot of reading and "head banging" involved.

Here is a good example on how you can escalate privileges (it is implemented to kill processes):

http://support.microsoft.com/kb/185215/en-us

Didn't work for me, but maybe you can tweak it a little bit more.

TCV
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction In a recent article (http://www.experts-exchange.com/A_7811-A-Better-Concatenate-Function.html) for the Excel community, I showed an improved version of the Excel Concatenate() function.  While writing that article I realized that no o…
Since upgrading to Office 2013 or higher installing the Smart Indenter addin will fail. This article will explain how to install it so it will work regardless of the Office version installed.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now