Retrieves the security identifier (SID) for the owner of a process.
Example
Do not run below example code just to see what happens next. Many methods seriously affect your system. Always make sure you actually understand what the method and the code do.
# select the instance(s) for which you want to invoke the method
# you can use "Get-CimInstance -Query (ADD FILTER CLAUSE HERE!)" to safely play with filter clauses
# if you want to apply the method to ALL instances, remove "Where...." clause altogether.
$query = 'Select * From Win32_Process Where (ADD FILTER CLAUSE HERE!)'
Invoke-CimMethod -Query $query -Namespace Root/CIMV2 -MethodName GetOwnerSid |
Add-Member -MemberType ScriptProperty -Name ReturnValueFriendly -Passthru -Value {
switch ([int]$this.ReturnValue)
{
0 {'Successful completion'}
2 {'Access denied'}
3 {'Insufficient privilege'}
8 {'Unknown failure'}
9 {'Path not found'}
21 {'Invalid parameter'}
default {'Unknown Error '}
}
}
To run this method on one or more remote systems, use New-CimSession
:
$ComputerName = 'server12','server14' # adjust to your server names
$Credential = Get-Credential # submit a user account with proper permissions
$session = New-CimSession -ComputerName $ComputerName -Credential $Credential
# select the instance(s) for which you want to invoke the method
# you can use "Get-CimInstance -Query (ADD FILTER CLAUSE HERE!)" to safely play with filter clauses
$query = 'Select * From Win32_Process Where (ADD FILTER CLAUSE HERE!)'
Invoke-CimMethod -Query $query -Namespace Root/CIMV2 -MethodName GetOwnerSid -CimSession $session |
Add-Member -MemberType ScriptProperty -Name ReturnValueFriendly -Passthru -Value {
switch ([int]$this.ReturnValue)
{
0 {'Successful completion'}
2 {'Access denied'}
3 {'Insufficient privilege'}
8 {'Unknown failure'}
9 {'Path not found'}
21 {'Invalid parameter'}
default {'Unknown Error '}
}
}
Remove-CimSession -CimSession $session
Learn more about
Invoke-CimMethod
and invoking WMI methods.
Syntax
uint32 GetOwnerSid(
[out] string Sid
);
Parameters
The method takes no arguments.
Return Value
Returns a value of type UInt32. Return values:
$returnValues = @{
0 = 'Successful completion'
2 = 'Access denied'
3 = 'Insufficient privilege'
8 = 'Unknown failure'
9 = 'Path not found'
21 = 'Invalid parameter'
}
Requirements
To use Win32_Process, the following requirements apply:
PowerShell
Get-CimInstance
was introduced with PowerShell Version 3.0, which in turn was introduced on clients with Windows 8 and on servers with Windows Server 2012.
If necessary, update Windows PowerShell to Windows PowerShell 5.1, or install PowerShell 7 side-by-side.
Operating System
Win32_Process was introduced on clients with Windows Vista and on servers with Windows Server 2008.
Namespace
Win32_Process lives in the Namespace Root/CIMV2. This is the default namespace. There is no need to use the -Namespace parameter in Get-CimInstance
.
Implementation
Win32_Process is implemented in CIMWin32.dll and defined in CIMWin32.mof. Both files are located in the folder C:\Windows\system32\wbem
:
explorer $env:windir\system32\wbem
notepad $env:windir\system32\wbem\CIMWin32.mof