This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 61%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
During our machine Run we can find some process get started by the system in Task Manager.
For example, Sometimes automatically Microsoft Edge gets started in the background and we can see in Task Manager.
So is there any Windows API to find whether a process is started by User or by system....?
I mean windows API to differentiate Foreground windows and background windows
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Please do not ask the same question more than once on Microsoft Q&A. I've redirected other two similar questions to this one. @Xiaopo Yang - MSFT Has already answered your newest question about how to get the owner of a process on this question. Also, please take a look at How to write a quality question to make sure that you are asking a good question.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXY%3C/text%3E%3C/svg%3E)
According the document sample Finding the Owner of a File Object in C++, You can use GetSecurityInfo and and LookupAccountSid function to retrieve the process owner.
Or you can determine the SID type like the answer.
Thanks @Xiaopo Yang - MSFT this one worked well for me.
Hi, I tried the code you referred "Finding the Owner of a File Object in C++", But I'm getting ERROR 122 for the first LookupAccountSidA in the code. I trying to get the solution for this . do you have any idea of solving this
ERROR 122 is The data area passed to a system call is too small.
According to LookupAccountSid,
If the function fails because the buffer is too small or if cchReferencedDomainName is zero, cchReferencedDomainName receives the required buffer size, including the terminating null character.
Oh do you mean that it will fail for the first call but it receives the required buffer sizes during that call ?
yes .
I mean windows API to differentiate Foreground windows and background windows
A Background process in Task Manager is just a process without visible window
(you can see How does Task Manager categorize processes as App, Background Process, or Windows Process?)
Thank you for the answer, It helps me a lot but I got another, can we able to find from PID that the process have a visible window ?
My task is I'm developing a small application and I need to find the Process Triggered by User and Process Triggered by System. and I only need the names of the Process that is Invoked by User(i.e The names of the process when the user clicks and open the windows app manually).
can we able to find from PID that the process have a visible window ?
With EnumWindows and GetWindowThreadProcessId in the EnumProc