7.9. Finding the Process a Service Is Running From

Problem

You want to find the process from which a service is running from.

Solution

Using a graphical user interface

You can view the executable that is run for a process by opening the Services snap-in and double-clicking a service. You'll see the full path below Path to executable.

Using a command-line interface:

The following command displays the process ID (PID) that corresponds to a service:

> sc <ServerName> queryex <ServiceName>

Using VBScript

' This code displays the process ID for a service
' ------ SCRIPT CONFIGURATION ------
strSvcName     = "<ServiceName>"   ' e.g., Messenger
strComputer    = "<ServerName>"    ' e.g., fs-rtp01 (use . for local server)
' ------ END CONFIGURATION ---------
set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
set objService = objWMI.Get("Win32_Service.Name='" & strSvcName & "'")
WScript.Echo "Service: " & strSvcName
WScript.Echo "PID: " & objService.ProcessID

Discussion

When it comes down to it, a service is really nothing more than a process that is managed by the SCM, which allows you to send various commands to it (start, stop, pause, etc.). In Recipe 6.6, I described how to find the services that are being run from a single process. In this recipe, I show how to find the process from which a particular service is being run. This can be useful if you attempt to stop a service, but it won't stop. If you can determine the PID or name of the service's process, you can kill the process ( Recipe ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.