Serving Time

Get the exact time that Windows processes via the WMIC command.

Bill: Is there a way to determine the start times of Windows processes? In
Task Manager under the Processes tab, fields such as "PID" and "CPU Time " can be displayed. However, these columns may not be an accurate
indication of the day or time that a process started. There are many circumstances when I'd like to know the start time of a process. In Unix, this information is available with the "ps -ef" command.
—Paul

If you're running Windows 2000 or higher, you can get this information quickly using the WMIC utility. Here's the syntax:

wmic path win32_process get caption,parentprocessid,
creationdate

Here's a sample listing:

Caption
CreationDate
ParentProcessId
smss.exe
20030714170032.498756-240
4
csrss.exe
20030714170034.701924-240
956
winlogon.exe
20030714170035.222673-240
956
services.exe
20030714170035.352860-240
1128
lsass.exe
20030714170035.362875-240
1128
svchost.exe
20030714170036.875049-240
1172
spoolsv.exe
20030714170037.175481-240
1172
explorer.exe
20030714170303.095304-240
676
wuauclt.exe
20030714170317.435924-240
1564
outlook.exe
20030714171041.644665-240
688
msimn.exe
20030714200523.016137-240
688
msmsgs.exe
20030714200523.977520-240
1368
iexplore.exe
20030714200659.725198-240
1368
cmd.exe
20030714202310.030428-240
688
sol.exe

20030714202311.432444-240

1332

The CreationDate format is YYYYMMDDHHMMSS with fractions of a second to the right of the decimal. In this example, it shows that I started playing Solitaire (sol.exe) at 8:23:11 on July 14, 2003.

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:[email protected]; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

If you want to list the processes on a remote machine, you can specify the machine at the WMIC command line using the /node switch followed by the machine name in double quotes as follows:

wmic /node:"machinename" path win32_process get caption,creationdate,parentprocessid

Hope this helps!
—Bill Boswell

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.

Featured