We're running a Citrix farm and I'm trying to track heavy users of our DB, I can get the PID of the process from Sql Profiler but I then need to laboriously search for that PID in each server in the farm - anyone know a better way?
Use the Citrix API's (WFAPI) to programmatically enumerate the Citrix Servers (WFEnumerateServers) in your Farm(s) and enumerate all processes (WFEnumerateProcesses). It is of course possible to have the same PID so you need some method to determine the correct one (such as username).
Also note that a PID can be reused and only the combination of PID and starttime makes it unique.
Related
In the context of system monitoring, I need to determine which user is running a certain process on a remote machine.
As the host may be running Linux, Windows or Solaris it was decided to achieve this through SNMP queries.
The information I have so far is:
The process IDs can be queried from the OID 1.3.6.1.2.1.25.4.2.1.1,
the corresponding process names from the OID 1.3.6.1.2.1.25.4.2.1.2.
Is it possible to use this information to determine which user is running a process with some given ID?
Thanks in advance for your help.
While searching for a MIB that supports the required functionality, I came across NET-SNMP-EXTEND-MIB.
This MIB allows to extend SNMP to execute scripts.
Following this guide, allowed me to retrieve process owners by process name resp. PID for Linux OS.
However, for Windows I have not yet found a solution.
In my research of "what is a process" every page keeps saying that it's exactly like a process but no GUI. So why does it need/have a PID? On top of that, I've seen 2 services with the same PID.
What's the real relationship between services and processes?
No two processes can have the same PID. Difference between service & process is that the service doesn't have user associated with it so it starts before any user login to the system where as process usually runs with a user login token.
Is it allowed to have some process's icon to be displayed in all user sessions including terminal/multiple local logons, without spawning another process per each session? I don't need to share any windows between session, just the status icon to be able to check service's status without taking additional actions..
It's not even possible. Shell_NotifyIcon communicates with a single instance of Explorer.EXE, the one running in the current user context.
Processes can only access the interactive window station and desktops in the same session as the process. So this means you need one process per session.
I know at least one program that do it - TightVNC server running as a service. You can lookup their sources to understandhow it's done.
I have an application that can list the opened windows of the current session. It uses the EnumWindows method from the user32.dll.
I would like to run this code from a windows service, but as the service is not attached to a user session, it returns nothing obviously.
So the question is, how can I enumerate the open windows of another user session (e.g. with a specific logon user)?
Similarly to EnumWindows, I also would like to get the foreground window of the user session as well (like GetForegroundWindow works for the current user).
As far as I'm aware, you can't access the windows of one session from another. It's also worth noting that there's not really any such thing as "the current session" - there may be multiple users logged on through terminal services, or XP's fast user switching.
One approach to this would be to add a program to each user's profile with no UI that just communicates with your service. You'd still have to cope with the fact that there could be multiple active sessions, though.
According to this document you can create a process in an other user's logon session using CreateProcessAsUser, and could enumerate the windows there. You will still need some IPC mechanism to communicate with the service.
The accepted answer is not correct.
So the question is, how can I enumerate the open windows of another user session?
You can enumerate the open windows of any session if you're running as a service running as the local System account.
To do this first enumerate the sessions with WTSEnumerateSessions. Then enumerate the window stations inside each session with EnumWindowStations. Then enumerate the desktops for each Window Station with EnumDesktops. Finally you an enumerate the Windows in those Desktops with EnumWindows.
(e.g. with a specific logon user)
There can be many concurrent logged on users via Terminal services or fast user switching.
Similarly to EnumWindows, I also would like to get the foreground window of the user session as well (like GetForegroundWindow works for the current user).
This can be done by launching an app with a found user token in the Session, Window Station, and Desktop. From there you can call any Win32 API like GetForegroundWindow and report the info back to your parent process.
You can learn more about how Sessions, Window Stations, and Desktops work here.
In perfmon in Windows Server 2003, there are counter objects to get per-process processor time and memory working set statistics. The only problem is that in an environment with multiple application pools, there is no way to reliably identify the correct worker process. In perfmon, they are all called "w3wp", and if there is more than one, they are w3wp, w3wp#1, w3wp#2, and so on. Even these names are unreliable - the number depends on which one started first, and obviously changes when an app pool is recycled because the process is destroyed and restarted.
I haven't found any ASP.NET-specific counters, and for some reason, my IIS object doesn't separate instances - there's only one "global" instance.
Ultimately, I just want the "% Processor Time" and "Working Set" counters for a specific IIS App Pool. Any suggestions?
We'd always collect the stats for all the w3wp processes, and we would capture PID. This is one of the counters in the Process group.
There's a script that site in Server 2003's system32 folder called IISApp.vbs, that will list all the processes and their PIDs. You will need to run this to capture the PID's.
I'm sure there has to be a better way but this worked when we needed to do adhoc monitoring.
The w3wp instance may not appear, if the worker process is idle for a long time .
The UI interface has to be used for small course of time , so that the worker process (w3wp) can show up in the instances.