What Scripts Are Running on My Computer?


This doesn’t really have anything to do with scripting, but when I was driving to work this morning I happened to pass by a construction site. The site had a sign up stating that the area was currently undergoing an environmental impact analysis. That reminded me of the time when I passed by another construction site and saw a copy of their Certificate of Non-Significance. What they meant by that was that the site had been inspected and been certified by the state of Washington as not having a significant (detrimental) impact on the environment. I thought that was cool, though: a Certificate of Non-Significance. I’m just glad Microsoft doesn’t hand out certificates of non-significance; I don’t think I’d have enough wall space to display all the ones I would receive.


 


I thought I’d take a moment this morning to address a question that we get every now and then. Using WMI’s Win32_Process class, it’s easy to see if any scripts are running on a computer; all you have to do is check and see whether any instances of Wscript.exe or Cscript.exe (the two built-in scripting hosts) are running. But how the heck can you tell which scripts are running?


 


Well, to tell you the truth, you can’t, at least not if you’re running Windows 2000 or earlier. Why? Beats me; I guess no one ever thought about that. If you’re running Windows XP or Windows 2003, however, you’re in luck; that’s because a new property – CommandLine – has been added to the WIN32_Process class. CommandLine simply reports the command string that was used to start the process in question. For example, suppose you open a command prompt and type the following:


 


cscript myscript.vbs


 


In that case, you’ll get an instance of Cscript.exe, and the value of the CommandLine property will be cscript myscript.vbs. What if you included some command-line switches when you ran the script:


 


cscript myscript.vbs /server:atl-ws-01 /action:stop


 


You guessed it: cscript myscript.vbs /server:atl-ws-01 /action:stop. What if you double-click the icon in Windows Explorer, and thus run the script under Wscript.exe? In that case, you’re likely to get back something similar to this: C:\Windows\System32\Wscript.exe C:\Scripts\Myscript.vbs. Pretty cool, huh?


 


If you’re looking for sample code, here’s a script that checks to see if any scripts are running on a computer and, if so, reports back the script names and command-line arguments. (Note: If you run this on the local computer, you’ll always see that at least one script – this one – is currently running.)


 


strComputer = “.”


Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)


Set colProcesses = objWMIService.ExecQuery _


    (“SELECT * FROM Win32_Process WHERE Name = ” & _


        “‘Wscript.exe’ OR Name = ‘Cscript.exe'”)


 


If colProcesses.Count = 0 Then


    Wscript.Echo “No scripts are running.”


Else


    For Each objProcess in colProcesses


        Wscript.Echo objProcess.CommandLine


    Next


End If


 


Simple and to the point. And, hey, maybe even significant, huh? (Though we don’t have a certificate to prove that.)


 


Comments (4)

  1. Dakurl says:

    OK So what how exactly can I post to this board. For example is this [what I’ve done] all it takes?

  2. Dave Anderson says:

    If you like the Certificate of Non-Significance, then you’ll love the Air Force’s form AF-483: Certificate of Competency. I used to carry mine around long after I left the service, just to prove to any doubters that I was, in fact, competent.

    FWIW, mine was issued as a motorcycle defensive driving certificate, and was a required for driving a motorcycle on base. You would never have known that from reading it, however.

  3. Smita Kelkar says:

    I tried executing this script.However got an error message displaying:

    Microsoft VBScript runtime error: Object doesn’t support this property or method: ‘objProcess.CommandLine’

  4. Smita Kelkar says:

    I tried executing this script.However got an error message displaying:

    Microsoft VBScript runtime error: Object doesn’t support this property or method: ‘objProcess.CommandLine’