joenorton8014 · August 28, 2018 17:57
diff --git a/all-pids-owned-by-SYSTEM.vbs b/all-pids-owned-by-SYSTEM.vbs
 dim list
 Set list = CreateObject("System.Collections.ArrayList")
 strComputer = "." 
 Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") 
 Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_Process",,48) 
 For Each objItem in colItems 
    list.Add objItem.ProcessId
 Next

 list.Sort

 For Each objitem in list
    Set objShare = objWMIService.Get("Win32_Process.Handle=" & objitem)
    Set objOutParams = objWMIService.ExecMethod("Win32_Process.Handle=" & objitem , "GetOwner")
    if objOutParams.User = "SYSTEM" Then
        Wscript.echo "=========================="
        Wscript.echo "PID Numnber: " & objitem
        Wscript.echo "=========================="
        Wscript.Echo "Out Parameters: "
        Wscript.echo "Domain: " & objOutParams.Domain
        Wscript.echo "ReturnValue: " & objOutParams.ReturnValue
        Wscript.echo "User: " & objOutParams.User
        Wscript.echo ""
    End If
 Next
	dim list
	Set list = CreateObject("System.Collections.ArrayList")
	strComputer = "."
	Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
	Set colItems = objWMIService.ExecQuery( _
	"SELECT * FROM Win32_Process",,48)
	For Each objItem in colItems
	list.Add objItem.ProcessId
	Next

	list.Sort

	For Each objitem in list
	Set objShare = objWMIService.Get("Win32_Process.Handle=" & objitem)
	Set objOutParams = objWMIService.ExecMethod("Win32_Process.Handle=" & objitem , "GetOwner")
	if objOutParams.User = "SYSTEM" Then
	Wscript.echo "=========================="
	Wscript.echo "PID Numnber: " & objitem
	Wscript.echo "=========================="
	Wscript.Echo "Out Parameters: "
	Wscript.echo "Domain: " & objOutParams.Domain
	Wscript.echo "ReturnValue: " & objOutParams.ReturnValue
	Wscript.echo "User: " & objOutParams.User
	Wscript.echo ""
	End If
	Next