PowerShell Scripts to Investigate Windows Services
One reason for using PowerShell’s Get-Service is for investigating whether any rogue programs have installed themselves as services. Another benefit is to restart services such as Spooler or DNS Client automatically. However, I want to start with a simple PowerShell script to check whether Service Names match their Display Names.
- Find Service Cmdlets with Get-Command
- Check Examples with Get-Help
- Investigate Properties with Get-Member
- Put Get-Service To Work
♣
Getting Started Once PowerShell Has Arrived
Assuming that you have installed PowerShell, or ‘Turned Windows feature on’, let us find the executable. Click on the Start button, type PowerShell in the search box, now right-click the PowerShell ISE icon, I suggest you create a shortcut, or better still, Pin to the Taskbar or Start Menu.
Trap: You launch PowerShell but forget to right-click the icon and: ‘Run as Administrator’.
1) Find Service Cmdlets with Get-Command
How do we know that the PowerShell cmdlet is called Get-Service and not Get-Services or Get-WinService? If you research with Get-Command you will discover a whole family of service cmdlets.
Get-Command *service
Note 1: Restart-Service can be handy for other projects.
2) Check Examples with Get-Help
Compared with other cmdlets, Get-Help does not reveal much new information about Get-Service. However, it’s always worth studying the examples shown by the -full switch.
Get-Help Get-Service -full
3) Investigate Properties with Get-Member
While applying Get-Help to Get-Service is a little disappointing, Get-Member reveals a treasure of properties that we can use in our PowerShell scripts, for example, Status, DisplayName and CanStop. One of my secrets of learning PowerShell is take every opportunity to match the results of a PowerShell script with what you see in the corresponding GUI. To see what I mean compare the properties Name and DisplayName listed with Get-Member, with Service Name and Display Name as seen in Services.msc.
Get-Service | Get-Member
Note 2: You can always refine Get-Member by appending: -MemberType property
4) Put Get-Service to Work
Thanks to these trusty techniques Get-Command, Get-Help, and Get-Member, we have all tools necessary for a more detailed study of the operating system’s services. One scenario is that we are investigating the operating system to see if there are any rogue services, or merely essential Windows services, but with unfamiliar names.
Let us enlist the support of Format-Table to select properties such as ‘Status’. Clear-Host simply gives us a blank console.
Select the Properties
Clear-Host
Get-Service | Format-Table Name, DisplayName, Status -auto
Note 3: Observe how PowerShell’s pipe (|) pushes the list of services into Format-Table, the benefit is that we can arrange the output columns to display just the properties that we want. Incidentally, there are other ways of creating the same result.
Results. We learn that Windows 7 no longer has the Alerter or Messenger service. I am not sure if I would be pleased or sorry if you also discovered a rogue service on your machine.
Filter the Services
How about filtering the columnar list so that we see only those services that have started, or are ‘Running’?
Get-Service | Where {$_.Status -eq ‘Running’} `
| Format-Table Name, DisplayName, Status, CanStop -auto
Note 4: The tiny backtick ` character tells PowerShell that the same instruction word-wraps to the second line. Put it this way, without the backtick PowerShell will terminate at the end of the first line, and in this instance, it would result in an error.
In a real-life scenario we could employ sister cmdlets such as Stop-Service or Restart-Service to cure a problem.
Find Services Containing the Name ‘Microsoft’ or ‘Windows’
Another task where a PowerShell script could help is for checking which services contain the displayname Microsoft or Windows. For this we employ PowerShell’s Where clause {With curly brackets for the payload}.
Clear-Host
Get-Service | Where {$_.DisplayName -match ‘Microsoft’ `
-or $_.DisplayName -match ‘Windows’}
Note 5: From a learning point of view this example represents a bit of a jump. Firstly, it introduces the | pipeline whereby the output of Get-Service becomes the input of the Where clause. Secondly, it uses $_. to indicate ‘this data stream’; thirdly it employs the comparison operators -match and -or.
A cruder method to filter the list of services would be: Get-Service [M-W]*
Guy Recommends: WMI Monitor and It’s Free!
Windows Management Instrumentation (WMI) is one of the hidden treasures of Microsoft’s operating systems. Fortunately, SolarWinds have created a Free WMI Monitor so that you can discover these gems of performance information, and thus improve your scripts.
Take the guess work out of which WMI counters to use when scripting the operating system, Active Directory or Exchange Server. Give this WMI monitor a try – it’s free.
Download your free copy of WMI Monitor
Summary of PowerShell’s Get-Service
With some Windows services the DisplayName differs from the default ‘Name’, this can catch you out unless you are aware of this possible discrepancy, for example, Spooler and Printer Spooler. PowerShell can also help you discover properties not shown in the GUI, for example CanStop. In addition to the trusty threesome Get-Command, Get-Help and Get-Member, my examples show you how to filter with a Where clause and how to use the backtick to wrap commands onto a second line.
As usual, my role is to get you started. I just want to give you the basics so that you can tackle real problem on your machine. I hope you now have the confidence to modify my examples and thus create scripts that interest you.
Guy Recommends: Tools4ever’s UMRA
Tired of writing scripts? The User Management Resource Administrator solution by Tools4ever offers an alternative to time-consuming manual processes.
It features 100% auto provisioning, Helpdesk Delegation, Connectors to more than 130 systems/applications, Workflow Management, Self Service and many other benefits. Click on the link for more information onUMRA.
If you like this page then please share it with your friends
See more PowerShell examples of process and service
• PowerShell Home • Get-Process • Stop-Process • PowerShell Start-Process • Set-Service
• Get-Service • Start-Service • Stop-Service • Restart-Service • Free WMI Monitor
• PowerShell Start-Sleep • Get-WmiObject win32_service • Windows PowerShell
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
