What Scripts Are Running on My Computer?

  • Article

This doesn’t really have anything to do with scripting, but when I was driving to work this morning I happened to pass by a construction site. The site had a sign up stating that the area was currently undergoing an environmental impact analysis. That reminded me of the time when I passed by another construction site and saw a copy of their Certificate of Non-Significance. What they meant by that was that the site had been inspected and been certified by the state of Washington as not having a significant (detrimental) impact on the environment. I thought that was cool, though: a Certificate of Non-Significance. I’m just glad Microsoft doesn’t hand out certificates of non-significance; I don’t think I’d have enough wall space to display all the ones I would receive.

I thought I’d take a moment this morning to address a question that we get every now and then. Using WMI’s Win32_Process class, it’s easy to see if any scripts are running on a computer; all you have to do is check and see whether any instances of Wscript.exe or Cscript.exe (the two built-in scripting hosts) are running. But how the heck can you tell which scripts are running?

Well, to tell you the truth, you can’t, at least not if you’re running Windows 2000 or earlier. Why? Beats me; I guess no one ever thought about that. If you’re running Windows XP or Windows 2003, however, you’re in luck; that’s because a new property – CommandLine – has been added to the WIN32_Process class. CommandLine simply reports the command string that was used to start the process in question. For example, suppose you open a command prompt and type the following:

cscript myscript.vbs

In that case, you’ll get an instance of Cscript.exe, and the value of the CommandLine property will be cscript myscript.vbs. What if you included some command-line switches when you ran the script:

cscript myscript.vbs /server:atl-ws-01 /action:stop

You guessed it: cscript myscript.vbs /server:atl-ws-01 /action:stop. What if you double-click the icon in Windows Explorer, and thus run the script under Wscript.exe? In that case, you’re likely to get back something similar to this: C:\Windows\System32\Wscript.exe C:\Scripts\Myscript.vbs. Pretty cool, huh?

If you’re looking for sample code, here’s a script that checks to see if any scripts are running on a computer and, if so, reports back the script names and command-line arguments. (Note: If you run this on the local computer, you’ll always see that at least one script – this one – is currently running.)

strComputer = "."

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colProcesses = objWMIService.ExecQuery _

    ("SELECT * FROM Win32_Process WHERE Name = " & _

        "'Wscript.exe' OR Name = 'Cscript.exe'")

If colProcesses.Count = 0 Then

    Wscript.Echo "No scripts are running."

Else

    For Each objProcess in colProcesses

        Wscript.Echo objProcess.CommandLine

    Next

End If

Simple and to the point. And, hey, maybe even significant, huh? (Though we don’t have a certificate to prove that.)