Reputation: 4440
I am trying to retrieve the user account under which a process has been started. So far i have not found any answers that retrieve the good information. All of them return the string
of the username which is not the account. I have tried WMI and Diagnostic all with the same results which are half correct.
Let's say i start notepad twice.
Then use either WMI or Diagnostics and both return username "Franck" and i have not way to know if it's running under the local user or the domain one.
One way could be to use Diagnostics
var procs = Process.GetProcessesByName("Notepad").ToList();
var notepad1 = procs[0].StartInfo.Environment["Username"];
var notepad2 = procs[1].StartInfo.Environment["Username"];
Both return Franck
but one is the domain account and the other is the local.
Upvotes: 3
Views: 112
Reputation: 2205
tasklist /v
gives the relevant info that you are interested in, i.e., the user name with the domain name.
The official documentation does not show any sample outputs.
tasklist
Displays a list of currently running processes on the local computer or on a remote computer.
/v Displays verbose task information in the output.
You can use it together with /fo csv
option to get the result and parse it.
This answer from SuperUser has screen shots showing the output.
You can run this command as a separate process from your application similar to this, but passing the other parameters.
Upvotes: 1
Reputation: 1697
If you want the name of the domain that contains the user's account, then you're looking for UserDomain Environment Variable
If you want which domain controller authenticated the client's logon request, then you're looking for LogonServer Environment Variable
var procs = Process.GetProcessesByName("Notepad").
var userDomain = procs[0].StartInfo.Environment["UserDomain"];
var logonServer = procs[0].StartInfo.Environment["LogonServer"];
Values on my windows machine (local user):
userDomain: "LAPTOP-DDK137L8"
logonServer: "\\LAPTOP-DDK137L8"
So from this you should be able to determine if it's running under the local user or the domain one.
Upvotes: 1