This came in handy for a very interesting task I had to work on.  I cobbled it together in about 15 minutes, so it can probably be cleaned up and improved upon.

What: PowerShell function to return a list of unique process owner names (user accounts associated with running processes) on a local or remote computer.  The optional -UserMode switch filters out system processes to only show actual logged-on user processes.  Granted, this won’t filter by Interactive or Locked, etc. so like I said, let me know if you have a better method?

Inputs: ComputerName (string: optional), UserMode (switch: optional)

Outputs: Array of strings

function Get-ProcessOwners {
  param (
    [parameter(Mandatory=$False)] [string] $ComputerName="",
    [parameter(Mandatory=$False)] [switch] $UserMode
  )
  if ($ComputerName -ne "") {
    $px = Get-CimInstance -ClassName Win32_Process -ComputerName $ComputerName
  }
  else {
    $px = Get-CimInstance -ClassName Win32_Process
  }
  $po = $px | Invoke-CimMethod -MethodName GetOwner
  if (Test-Path -Path VARIABLE:$UserMode) {
    $dn = $(Get-WmiObject -Class Win32_NTDomain | Select-Object -ExpandProperty Description)
    $result = $po | Where-Object {$_.Domain -eq $dn} | Select-Object -ExpandProperty User -Unique | Sort-Object 
  } 
  else {
    $result = $po | Select-Object -ExpandProperty User -Unique | Sort-Object
  }
  return $result
}
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s