Pid of Process of Service

(imported topic written by SystemAdmin)

Im trying to get the PID of a service, there are a bunch of svchost processes running and I’m looking for the TermServ process.

Q: expand environment string of (image path of service “termservice”)

A: C:\Windows\System32\svchost.exe -k termsvcs

T: 0.232 ms

Q: service whose (service name of it as lowercase contains “termservice” )

A: “TermService” “Remote Desktop Services” “Running”

T: 74.244 ms

(imported comment written by Lee Wei)

There is an inspector “process”, but I cannot find a way to extract the command parameters.

This WMI seems to work.

On my Windows 7 and Windows 2008 computers, the names seem to be “NetworkService”.

The %25 is the percent sign for a wild card match.

q: selects "Caption, CommandLine, ProcessId from win32_process where CommandLine like '%25NetworkService'" of wmi
A: Caption=svchost.exe
A: CommandLine=C:\Windows\system32\svchost.exe -k NetworkService
A: ProcessId=1516

or simple

q: string value of selects "ProcessId from win32_process where CommandLine like '%25NetworkService'" of wmi
A: 1516

Lee Wei

1 Like

how to check/get PID if OS is LINUX/UNIX.

The process inspectors have “pid” properties ( see https://developer.bigfix.com/relevance/reference/process.html ) on all platforms

Even the original question is more easily done now from 9.1 onwards with the “pid of service” inspector ( see https://developer.bigfix.com/relevance/reference/service.html#pid-of-service-integer )

1 Like