Boswell's Q&A
Serving Time
Get the exact time that Windows processes via the WMIC command.
- By Bill Boswell
- 07/23/2003
Bill: Is there a way to determine the start
times of Windows processes? In
Task Manager under the Processes tab, fields such as "PID" and
"CPU Time " can be displayed. However, these columns may not
be an accurate
indication of the day or time that a process started. There are many circumstances
when I'd like to know the start time of a process. In Unix, this information
is available with the "ps -ef" command.
—Paul
If you're running Windows 2000 or higher, you can get this information
quickly using the WMIC utility. Here's the syntax:
wmic path win32_process get caption,parentprocessid,
creationdate
Here's a sample listing:
|
Caption |
CreationDate |
ParentProcessId |
| smss.exe |
20030714170032.498756-240
|
4 |
| csrss.exe |
20030714170034.701924-240
|
956 |
winlogon.exe
|
20030714170035.222673-240 |
956 |
| services.exe |
20030714170035.352860-240
|
1128 |
| lsass.exe |
20030714170035.362875-240
|
1128 |
| svchost.exe |
20030714170036.875049-240
|
1172 |
| spoolsv.exe |
20030714170037.175481-240
|
1172 |
| explorer.exe |
20030714170303.095304-240
|
676 |
| wuauclt.exe |
20030714170317.435924-240
|
1564 |
| outlook.exe |
20030714171041.644665-240
|
688 |
| msimn.exe |
20030714200523.016137-240
|
688 |
| msmsgs.exe |
20030714200523.977520-240
|
1368 |
| iexplore.exe |
20030714200659.725198-240
|
1368 |
| cmd.exe |
20030714202310.030428-240
|
688 |
| sol.exe |
20030714202311.432444-240 |
1332 |
The CreationDate format is YYYYMMDDHHMMSS with fractions of a second
to the right of the decimal. In this example, it shows that I started
playing Solitaire (sol.exe) at 8:23:11 on July 14, 2003.
| Get
Help from Bill |
Got a Windows or Exchange question
or need troubleshooting help? Or maybe you want a better
explanation than provided in the manuals? Describe
your dilemma in an e-mail to Bill at mailto:[email protected];
the best questions get answered in this column.
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message but submit the requested
information for verification purposes.) |
|
|
If you want to list the processes on a remote machine, you can specify
the machine at the WMIC command line using the /node switch followed by
the machine name in double quotes as follows:
wmic /node:"machinename" path win32_process
get caption,creationdate,parentprocessid
Hope this helps!
—Bill Boswell
About the Author
Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.