Manage Windows services using PowerShell. Part 3. Configuring Services with WMI and CIM
We continue to publish translations of articles published on the 4sysops.com portal dedicated to managing Windows services using PowerShell. In the two previous posts, the issues of obtaining the status of services on the local and remote computers ( here ) and the basic aspects of managing services (start, stop, pause, etc.) were discussed. This post will explain how to use WMI and CIM for configuring services on remote computers.
Previous articles:
Manage Windows services using PowerShell. Part 1. Get the status of services
Manage Windows services using PowerShell. Part 2. Stop, start, pause.
In the last article, I showed a couple of examples of using Set-Service to configure services. However, there are some limitations, especially when we work with services on remote machines. This is partly due to the fact that cmdlets such as Get-Service and Set-Service are designed to work with a service object, which is expressed through the .NET Framework - System.ServiceProcess.ServiceController. From the point of view of the administrator, there is no useful information in such an object definition, for example, under which account the service is running. Fortunately, Windows Management Instrumentation (WMI) comes to our rescue.
')
We use WMI
We can use Get-WmiObject to retrieve an instance of the service object. I will demonstrate in PS 3.0 on Windows 8, but the same team should work and PS 2.0. Find those services whose class is Win32_Service.
PS C:\> get-wmiobject win32_service | format-table 
I formatted the output of the command to make it easier to read. And now let's take a look at a separate service.
PS C:\> get-wmiobject win32_service -filter "name='bits'" ExitCode : 0 Name : BITS ProcessId : 876 StartMode : Auto State : Running Status : OK To get other properties, use the following command.
PS C:\> get-wmiobject win32_service -filter "name='bits'" | Select * The output is shown in the screenshot.
Now you know the properties of the service, and you can create refinement queries using the –Filter parameter.
We get the type of startup
The StartMode property indicates whether the service starts automatically or must be started manually. When you find out, you can use the following commands:
PS C:\> get-wmiobject win32_service -filter "StartMode <>'disabled'" | sort StartMode | format-table -GroupBy StartMode -Property Name,State,PathName -AutoSize The team will bring us a table grouped by download type with new key properties. Run it yourself and look at the result.
PS C:\> get-wmiobject win32_service -filter "startmode='auto' AND state<>'Running'" | Select Name,State Name State ---- ----- MMCSS Stopped RemoteRegistry Stopped sppsvc Stopped wuauserv Stopped I request information about local services, but the same can be done on remote machines
PS C:\> get-wmiobject win32_service -filter "startmode='auto' AND state<>'Running'" -computername chi-dc01,chi-dc02,chi-dc03 | Select Name,State,Systemname Name State Systemname ---- ----- ---------- sppsvc Stopped CHI-DC01 sppsvc Stopped CHI-DC02 VMTools Stopped CHI-DC02 RemoteRegistry Stopped CHI-DC03 ShellHWDetection Stopped CHI-DC03 sppsvc Stopped CHI-DC03 wuauserv Stopped CHI-DC03 We get the account under which the service is running
You can also get an account under which the service is running using WMI. In WMI, this is the Startname property.
PS C:\> get-wmiobject win32_service -comp chi-ex01 | group startname Count Name Group ----- ---- ----- 95 localSystem {\\CHI-EX01\root\cimv2:Win32_Service.Name="AeLook... 36 NT AUTHORITY\LocalService {\\CHI-EX01\root\cimv2:Win32_Service.Name="ALG", ... 24 NT AUTHORITY\NetworkSe... {\\CHI-EX01\root\cimv2:Win32_Service.Name="aspnet... And of course, you can filter on this property.
This is very convenient if you are looking for services running under a specific account, for example, a domain administrator.
PS C:\> get-wmiobject win32_service -computer $computers -filter "startname like '%administrator%'"| Select Name,startmode,state,startname,systemname Name : BITS startmode : Manual state : Stopped startname : .\Administrator systemname : CHI-EX01 Name : PeerDistSvc startmode : Manual state : Stopped startname : Administrator@GLOBOMANTICS.local systemname : CHI-WIN8-01 Using one simple command, I found those services that are running under a specific administrator account.
We use CIM
In PowerShell 3.0, you can use CIM cmdlets to perform the same queries. The advantages of CIM are related to remote work with PowerShell.
PS C:\> get-ciminstance win32_service -comp chi-dc01 
Filters work in a similar way.
PS C:\> get-ciminstance win32_service -filter "startmode='auto' AND state<>'Running'" -comp chi-ex01 | Select Name,State,Systemname Name State Systemname ---- ----- ---------- clr_optimization_v4.0.30319_32 Stopped CHI-EX01 clr_optimization_v4.0.30319_64 Stopped CHI-EX01 MSExchangeProtectedServiceHost Stopped CHI-EX01 MSExchangeRPC Stopped CHI-EX01 MSExchangeSA Stopped CHI-EX01 MSExchangeServiceHost Stopped CHI-EX01 ShellHWDetection Stopped CHI-EX01 sppsvc Stopped CHI-EX01 As you can see in the output, there are some issues with Exchange. With them and them like we will understand in the next article.
Total
Using WMI or CIM is a good way to get service configuration reports for your environment. The Win32_Service class contains a lot of useful information. Plus You can run long queries with the –Asjob parameter or use alternative credentials. You can always do this with Get-Service , but it takes a lot of time. In the next article, we will look at how to change services using WMI and CIM.
Upd:
The post is a translation of an article from the portal 4sysops.com
Managing Services the PowerShell way - Part 5
Previous articles:
Manage Windows services using PowerShell. Part 1. Get the status of services
Manage Windows services using PowerShell. Part 2. Stop, start, pause.
Source: https://habr.com/ru/post/168011/
All Articles