system
1
(imported topic written by SystemAdmin)
Im trying to get the PID of a service, there are a bunch of svchost processes running and I’m looking for the TermServ process.
Q: expand environment string of (image path of service “termservice”)
A: C:\Windows\System32\svchost.exe -k termsvcs
T: 0.232 ms
Q: service whose (service name of it as lowercase contains “termservice” )
A: “TermService” “Remote Desktop Services” “Running”
T: 74.244 ms
leewei
2
(imported comment written by Lee Wei)
There is an inspector “process”, but I cannot find a way to extract the command parameters.
This WMI seems to work.
On my Windows 7 and Windows 2008 computers, the names seem to be “NetworkService”.
The %25 is the percent sign for a wild card match.
q: selects "Caption, CommandLine, ProcessId from win32_process where CommandLine like '%25NetworkService'" of wmi
A: Caption=svchost.exe
A: CommandLine=C:\Windows\system32\svchost.exe -k NetworkService
A: ProcessId=1516
or simple
q: string value of selects "ProcessId from win32_process where CommandLine like '%25NetworkService'" of wmi
A: 1516
Lee Wei
1 Like
how to check/get PID if OS is LINUX/UNIX.
AlanM
4
The process inspectors have “pid” properties ( see https://developer.bigfix.com/relevance/reference/process.html ) on all platforms
Even the original question is more easily done now from 9.1 onwards with the “pid of service” inspector ( see https://developer.bigfix.com/relevance/reference/service.html#pid-of-service-integer )
1 Like