Serving Time

Get the exact time that Windows processes via the WMIC command.

Bill: Is there a way to determine the start times of Windows processes? In
Task Manager under the Processes tab, fields such as "PID" and "CPU Time " can be displayed. However, these columns may not be an accurate
indication of the day or time that a process started. There are many circumstances when I'd like to know the start time of a process. In Unix, this information is available with the "ps -ef" command.
—Paul

If you're running Windows 2000 or higher, you can get this information quickly using the WMIC utility. Here's the syntax:

wmic path win32_process get caption,parentprocessid,
creationdate

Here's a sample listing:

Caption
CreationDate
ParentProcessId
smss.exe
20030714170032.498756-240
4
csrss.exe
20030714170034.701924-240
956
winlogon.exe
20030714170035.222673-240
956
services.exe
20030714170035.352860-240
1128
lsass.exe
20030714170035.362875-240
1128
svchost.exe
20030714170036.875049-240
1172
spoolsv.exe
20030714170037.175481-240
1172
explorer.exe
20030714170303.095304-240
676
wuauclt.exe
20030714170317.435924-240
1564
outlook.exe
20030714171041.644665-240
688
msimn.exe
20030714200523.016137-240
688
msmsgs.exe
20030714200523.977520-240
1368
iexplore.exe
20030714200659.725198-240
1368
cmd.exe
20030714202310.030428-240
688
sol.exe

20030714202311.432444-240

1332

The CreationDate format is YYYYMMDDHHMMSS with fractions of a second to the right of the decimal. In this example, it shows that I started playing Solitaire (sol.exe) at 8:23:11 on July 14, 2003.

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:boswell@101com.com; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

If you want to list the processes on a remote machine, you can specify the machine at the WMIC command line using the /node switch followed by the machine name in double quotes as follows:

wmic /node:"machinename" path win32_process get caption,creationdate,parentprocessid

Hope this helps!
—Bill Boswell

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.

Featured

  • Cloud Services Starting To Overtake On-Prem Database Management Systems

    Database management system (DBMS) growth is happening more on the cloud services side than on the traditional "on-premises" side, according to a report by Gartner Inc.

  • How To Replace an Aging Domain Controller

    If the hardware behind your domain controllers has become outdated, here's a step-by-step guide to performing a hardware refresh.

  • Azure Backup for SQL Server 2008 Available at Preview Stage

    Microsoft added the option of using the Azure Backup service to provide recovery support for SQL Server 2008 and SQL Server 2008 R2 when those workloads are hosted on Azure virtual machines.

  • Microsoft Suggests Disabling Old Protocols with Exchange Server 2019

    Exchange Server 2019 with Cumulative Update 2 (CU2) can help organizations rid themselves of old authentication protocols, which constitute a potential security risk.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.