Showing results for 
Search instead for 
Did you mean: 

Monitoring the Existence of a Specific Process on a Remote Machine Running Windows 2000/XP/2003

This script will allow you to monitor the existence of a specific process on a remote machine, rather than a service.

Processes are much more difficult to Monitor than Services. The state of a Service may be determined, even if it is not running (stopped or disabled, for example). In a situation where it is necessary to monitor a machine to see if a specific process is running, this may be accomplished through the use of the EXEC Monitor and a third-party script.

The sample script returns the following:

  • 0 if the process is running on the machine
  • 1 if the process is not detected

It should be noted that the script will only detect the specific process if it is running at the same time the script is executed. If the process was launched and stopped between a test interval, the script will not be able to detect this fact.


Sample Monitor Settings
For the following example, we will assume the following:
Remote Machine: REMOTESRV
Process Name: notepad.exe
Script Location: c:\ipmscripts\

For Windows 2000
Executable Name: cscript.exe
Directory: c:\winnt\system32\
Command Line Parameters: perfmon_process.vbs REMOTESRV notepad.exe
Startup Directory: c:\ipmscripts\
Compare the Process Return Value = SELECTED
Expected Return Value: 0

For Windows XP / 2003
Executable Name: cscript.exe
Directory: c:\windows\system32\
Command Line Parameters: perfmon_process.vbs REMOTESRV notepad.exe
Startup Directory: c:\ipmscripts\
Compare the Process Return Value = SELECTED
Expected Return Value: 0

In the event the process is running on the remote machine, the script will return a 0, which will trigger an Alert.

This is great and would work great for me I think, expect for the fact that I get an error message when I use a credential. I'm using the same credential I'm using for all the other monitors on this server, and I get error
"The Credential is not available for external process impersonation". Any ideas?
I am having a problem getting this to run through a firewall. If I put a packet capture device on the server I can get the port and open up the firewall and it works. Is there a way to edit the script to use a standard port?
rfranks, you need to edit the Credential you are using and ensure that the following box is checked:

-May be used with Windows Impersonation to start an external process

brocku, the script uses a WMI query. You will need to look through the following article:

i know this is very old but i am getting access permission errors in ipmonitor and when i run it from command line i get object not initialized errors for remote computers. if i run the script on local pc it works fine. any ideas? tried all kind of wmi and dcom permissions options. the account being used is an admin account so i am confused at this point.
I have created this Monitor, and I receive

PROCESS FOUND :: Processname.exe when I run it from a command prompt,

but within IPmonitor it errors with

The return value does not match the expected value.

Even though this is set to 0 and the process is running.

Any ideas?
Is there step by step directions on how to set this monitor up? Thanks.


Is this solution still the only one for monitoring a process?

I tried to set this up, but get "Access rights are insufficient". The monitor is running as Administrator on a machine in same domain. The machine is a win2008-64Bit.

I can run the script from a command promt on the ipmonitor server, manually and get Process_found. But in IpMonitor it fails.

Come on Fodome! Help please....

I'm seeing the same results as JMelia above and haven't been able to resolve after several hours testing and tweaking. Script runs manually in CMD and produces output text indicating the process is running. But ipMonitor reports "return value does not match the expected value." I'd love to see what ipMonitor is seeing, but can't find a way to do so. Anyone have luck using this script in the the suggested manner?

Is  there any update for win7?

this feature should be built into a sw productproduct

Version history
Revision #:
1 of 1
Last update:
‎06-12-2009 12:00 AM
Updated by: