How to use PowerShell get the start up account of a process? - security

On windows, I can use runas to run an application as another account (not the one your are logged in at the moment) like this:
runas /netonly /user:some_domain\account "utility.exe"
How can I get this some_domain\account from PowerShell? I've checked Get-Process and win32_process WMI class but didn't find anything useful.
Update
Re #briantist's answer:
I'm a little confused about the result from #briantist's answer. I logged on to my computer using a local account (my computer is not in a domain) and runas the utility (SQL Server management studio aka SSMS here) as a domain account. When I run the script that #briantist provided, the result just shows me that SSMS is running on my local account not the domain account. But in SSMS I can use a function suser_sname() to ask the server who am i and the result is some_domain\account. It's a little weird to me. Is this by design or am I wrong some where?

Get-process has an -IncludeUserName switch:
get-process -IncludeUserName
Specifically for utility.exe:
get-process utility -IncludeUserName

Tony Hinkle's answer (+1) is great, and very simple, but it does require elevation.
To do this as a non-privileged user, you can use CIM:
Get-CimInstance Win32_Process -Filter "name='utility.exe'" | Invoke-CimMethod -MethodName GetOwner
If you can elevate, I do recommend the other answer.

Related

Open Excel File on Azure VM with Powershell Script Sent from Local Computer

Can someone show how I can open an Excel document and show it visually on an Azure virtual machine using a Powershell script sent from my local machine? I have already figured out how to run Powershell script on the VM through the AzureVM module but am running into the issue of Windows not allowing remote Powershell users to interact with a user interface. Notes:
I have tried PSEXEC with no luck. This may be the way to go, but I have had no luck getting it to actually work.
I am not smart, so please use the most dumbed-down terminology as possible.
My end goal is exactly that stated above - nothing more nothing less.
Riches and honor to the one who can solve this.

Get the list of installed applications remotely (not WMI)

Is there a way to get the list of installed applications from Regestry without interacting with the PC directly via WMI?
I have a promoted to RW user on a Domain Controller and a bunch of PCs. I want to write an automation PS-script which will grab strings from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
You can use the WMI:
Get-WmiObject win32_product
But not recommended to use that cause it's broken. You should use the registry approach only like:
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table –AutoSize

HOW TO:: Notify user IIS application pool recycle or IIS reset?

Is there any way through code to notify users about IIS application recycle or IIS reset?
better if I could check using APIs so that i can dispatch the message to central server which could sent out email or send instant messages?
There are many ways to do this. One of the easiest, I have realized is to use powershell. You could use something like:
Get-EventLog -log system -Source IISCTLS,WAS,W3SVC | Format-Table
Source,Message -Wrap -auto | Out-File some1.txt
to get a good txt file containing all the app pools restarts and IIS restarts.
If you would like to do it through IIS API then check http://www.muqeetkhan.com/how-to-use-microsoft-web-administration-from-powershell
You could easily translate that powershell script to a C# program as well.
Hope this helps.
You may use windows scheduled tasks with event trigger for this purpose. They are relatively simple to implement: find some recycle event in eventvwr (in System logs locate an event with ID 5074), right click on it, choose "Attach a Task to this event". Then choose "Start a program" and specify your batch/powershell script or an exe, etc. You can pass any data from the event as an argument. You can also define multiple events as triggers for this task.

run sharepoint powershell from c# on another PC?

If the C# application is on the same server as sharepoint, I know we can use RunSpace to run the pwoershell script, but what if the C# app. and sharepoint server are on different PCs?
Is this possible?
thanks
yes, its possible, though messy. In Powershell 2.0+, there's a feature called remote powershell, so you can effectively, via c# code, send Powershell commands to your local powershell instance, and use that to log into the remote instance.
A slightly less insane idea would be to simply create a web service on the remote machine, and have that run the remote powershell commands, from the web service.
And even less crazy idea is just to write a web service, and have that run code on the remote server. : )
Good luck!
If you are administrator on the remote box, you can try combining PsExec and PowerShell.

Web frontend to my Powershell scripts for helpdesk

I'd like to have a web frontend to my powershell scripts for helpdesk.
These scripts would typically be user-creation scripts and scripts to restart a specific service on a specific server.
Where should I start? What would I need?
There is no problem for me to set up a IIS for this purpose if needed. We also have Sharepoint on a dedicated server.
Hoping for some startup-tips:)
You can consider Powershell Web Access feature on Powershell V3.0
http://technet.microsoft.com/en-us/library/hh831611.aspx
This is a robust solution, factoring in IIS, security and shell access.
You can use PowerShell Remoting. You can open a PS session that would look like a local PS console to you but it would be running on the remote machine. You can type PS code to be executed remotely and launch a buch of ready-to-run ps1 scripts for SP administration there too. Have a look at those links, for example:
http://www.computerperformance.co.uk/powershell/powershell_remote.htm,
http://blogs.technet.com/b/heyscriptingguy/archive/2011/11/17/learn-how-to-manage-remote-powershell-sessions.aspx
--- Ferda

Resources