PowerShell: Get A Process Owner
Today in the MSSMS email list someone asked: “how do I know who owns a process?” They wanted to know if the user account had elevated privileges. Well I can help you find the process owner in one line of code… elevated privileges will require and LDAP query J
Pre-Req
- You will need to know the process name
- You will need PowerShell installed
To return all the processes on a local workstation
To return all the processes on a remote workstation
Warning: This will usually error out. See PowerShell 2.0 for remote connectivity
Cool. I have 64 processes.
How do I filter on a single process? In PowerShell you can pass the results of one command to another in line with a vertical pipe ‘|’. Great, so I pass the results of the query above and perform a ‘where’. Where? What is a ‘where’? Where is like asking a question. Where clouds are blue, or in this case, where the ProcessName equals ‘powershell.exe’
Great, now we have the process, I do not see an owner property. What do I do now?
Along with properties in WMI there are also methods. What is are methods? Methods are actions that can be preformed on a class, in this case win32_process. Get-Member will return all the membertypes, including Methods.
Note: The above is only a partial list
See the GetOwner Method? Let’s try that against the process we selected.
Hmm still some system properties. I just want the Domain and User. 
How about a quicker way just to get the User?
One last thing, lets try using the Get-Member against the getowner() method.
Note: the above is only a partial list
Okay, in one line I can get who owns a process? That’s neat. Is there an online reference for all the methods? Yep, try here for get-process and here for get-wmiobject win32_process.
Summary: you can look up the owner of a process in PowerShell in one line versus 20+ it would require in VBA
(Get-WmiObject -class win32_process | where{$_.ProcessName -eq 'mshta.exe'}).getowner() | Select -property domain, user
Have fun playing with PowerShell and Get-Member