0
I used several WMI queries in Windows8.1x64 on wbemtest.exe to attempt finding out which user started a particular service. The ones that got me "this far" are presented here. I know that if I query the win32_service object like:
select * from win32_service where name like '%SERVICENAME%'
I obtain only one result (the service I'm looking for), then I double click it to browse the service properties, and found out there's a property called "StartName" which shows the name of the user that started it (that's what I want).
Now, the problem begins when I do:
select StartName from win32_service where name like '%SERVICENAME%'
I get Win32_Service = <no key>
Even without the where clause it shows the same. (But for all local services)
What am I missing to make it work properly?
safejrz
Posted 2014-01-10T17:03:23.883
Reputation: 213
Try something like
Get-WmiObject win32_service -Property * | % { 'service:' + $_.Name + ' startas: ' + $_.StartName }in powershell? – Zoredache – 2014-01-10T18:11:39.780This works well, but since I'm planning to implement the query on a windows form app in C# I cannot depend on powershell to do so. Thanks anyway :) – safejrz – 2014-01-10T18:28:26.613
Why not? Anyway see: http://stackoverflow.com/questions/18280977/powershell-to-c-sharp-get-wmiobject
– Zoredache – 2014-01-10T19:00:23.387There's nothing to stop you doing a WMI query in C#! – arco444 – 2014-01-10T19:29:19.137
I know this will work for Windows 7 and newer OS that include it but, my app has to be supported in Windows XP too (yes I know, that sucks), but in that case, Will this still work without requiring my users to download/install any extra msi's, runtimes, etc? – safejrz – 2014-01-10T20:32:23.073