Serving Time

Get the exact time that Windows processes via the WMIC command.

Bill: Is there a way to determine the start times of Windows processes? In
Task Manager under the Processes tab, fields such as "PID" and "CPU Time " can be displayed. However, these columns may not be an accurate
indication of the day or time that a process started. There are many circumstances when I'd like to know the start time of a process. In Unix, this information is available with the "ps -ef" command.
—Paul

If you're running Windows 2000 or higher, you can get this information quickly using the WMIC utility. Here's the syntax:

wmic path win32_process get caption,parentprocessid,
creationdate

Here's a sample listing:

Caption
CreationDate
ParentProcessId
smss.exe
20030714170032.498756-240
4
csrss.exe
20030714170034.701924-240
956
winlogon.exe
20030714170035.222673-240
956
services.exe
20030714170035.352860-240
1128
lsass.exe
20030714170035.362875-240
1128
svchost.exe
20030714170036.875049-240
1172
spoolsv.exe
20030714170037.175481-240
1172
explorer.exe
20030714170303.095304-240
676
wuauclt.exe
20030714170317.435924-240
1564
outlook.exe
20030714171041.644665-240
688
msimn.exe
20030714200523.016137-240
688
msmsgs.exe
20030714200523.977520-240
1368
iexplore.exe
20030714200659.725198-240
1368
cmd.exe
20030714202310.030428-240
688
sol.exe

20030714202311.432444-240

1332

The CreationDate format is YYYYMMDDHHMMSS with fractions of a second to the right of the decimal. In this example, it shows that I started playing Solitaire (sol.exe) at 8:23:11 on July 14, 2003.

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:boswell@101com.com; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

If you want to list the processes on a remote machine, you can specify the machine at the WMIC command line using the /node switch followed by the machine name in double quotes as follows:

wmic /node:"machinename" path win32_process get caption,creationdate,parentprocessid

Hope this helps!
—Bill Boswell

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.

Featured

  • Gears

    Top 10 Microsoft Tips and Analyses of 2018

    Here are the year's most popular explainers and how-to columns -- along with some plain, old "Why did Microsoft do that?" musings thrown in.

  • Sign

    2018 Microsoft Predictions Revisited

    From guessing the fate of Windows 10 S to predicting Microsoft's next big move with Linux, Brien's predictions from a year ago were on the mark more than they weren't.

  • Microsoft Recaps Delivery Optimization Bandwidth Controls for Organizations

    Microsoft expects organizations using its Delivery Optimization peer-to-peer update scheme will optimally see 60 percent to 70 percent improvements in terms of network bandwidth use.

  • Getting a Handle on Hyper-V Virtual NICs

    Hyper-V usually makes it easy to configure virtual network adapters within VMs. That is, until you need to create a VM containing multiple virtual NICs.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.