Why are tasklist results different when run locally vs over ssh

1

I have a windows box setup with cygwin and an ssh server that has been working fine, however today I came across a command I am trying to use that returns different results based on whether it is used locally or over ssh.

First we have the results of running it over ssh...

ssh -i /tmp/tmpyEW3f0 Administrator@10.13.7.210 'tasklist /FI "username eq Administrator"'
INFO: No tasks running with the specified criteria.

Now we run the same command locally on 10.13.7.210 and recieve this result...

C:\Documents and Settings\Administrator>tasklist /FI "username eq Administrator"
Image Name                   PID Session Name     Session#    Mem Usage
========================= ====== ================ ======== ============
explorer.exe                 536 RDP-Tcp#14              0     24,400 K
jusched.exe                  776 RDP-Tcp#14              0      9,228 K
ctfmon.exe                   780 RDP-Tcp#14              0      3,456 K
ApacheMonitor.exe            796 RDP-Tcp#14              0      2,520 K
rdpclip.exe                  444 RDP-Tcp#14              0      4,344 K
jucheck.exe                 1160 RDP-Tcp#14              0      8,708 K
cmd.exe                      876 RDP-Tcp#14              0      2,852 K
tasklist.exe                3008 RDP-Tcp#14              0      4,292 K

Any idea why these are producing different results?

EEP

Posted 2013-05-16T13:34:23.457

Reputation: 133

@EEP I'm having the same problem, did you find a solution or a workaround since? – zovits – 2018-07-27T13:40:11.050

Almost certainly yes, but just to make sure, are you running the command as the same user in the local session? – Costa – 2013-05-16T15:19:45.190

Yes, it is running as the same user in both situations. – EEP – 2013-05-21T18:04:36.800

try with 'CMD /C' before your tasklist command, also run 'whoami' instead of tasklist and see what it says – golimar – 2013-05-23T10:31:40.690

Answers

0

The cause of the difference is said to be a security mechanism in Windows where the user sessions are treated separately. The same user account logging in locally and via SSH costitues two different sessions, and thus no window titles are made visible between these sessions.

According to the support reply from Bitvise SSH Server:

It makes sense this would not work cross-session because the desktops of different logins are supposed to be insulated from one another. If this works over FreeSSHD, it seems possible it might be launching the process in the same desktop.

[...]

I don't see how we can make window titles accessible across Windows sessions. Windows prevents that, there's a security boundary between the desktops.

As for a possible solution for some of these cases: In a similar case I ended up using WMIC as an alternative.

The previously used call was

tasklist /T /F /FI \"WINDOWTITLE eq Some window title\"

And it got replaced by

wmic process where "commandline like '%%some command line%%' and name like '%%filename%%'" list

Note though that WMIC can't filter based on the window title or the user account running the process. In my case the application had a unique combination of executable file and command line which could be used for filtering but this is not going to be so in all such situations so this alternative will not be usable for all cases.

zovits

Posted 2013-05-16T13:34:23.457

Reputation: 101

(1) Please show the command line for listing the tasks;  i.e., answer the question.  (2) Does wmic support filtering on username (i.e., what the question is about)?  … … … … … … … … … … … … …  Please do not respond in comments; [edit] your answer to make it clearer and more complete. – Scott – 2018-08-06T14:24:26.687

@Scott Done, at least AFAIK. – zovits – 2018-08-06T15:49:38.860

Asked: 2013-05-16T13:34:23.457

Viewed: 516 times

Active: 2018-08-06T15:48:49.463