PowerShell Get-WmiObject Win32_service Log on Account

PowerShell Gwmi Win32_service Log on AccountGet-WMIObject Win32_Service

Our mission is to set a service to 'Log On' using a specific account.  The default is Local Computer or Network Service, we want to change 'This account' to a local user using PowerShell.

PowerShell actually provides two methods for accessing Windows services.  We are going to ignore Get-Service and concentrate on Get-WmiObject -Class Win32_service.

Topics for PowerShell Get-WmiObject Win32_service

 ♣

Introduction to Get-WmiObject Win32_service

The situation is we have identified the most suitable class of Get-WmiObject (gwmi), namely Win32_service.  Next, let us check the available methods for Win32_service.

# Research methods for Win32_service
Clear-Host
Get-WmiObject -Class Win32_service |
Get-Member -MemberType method

Note 1: The first method listed is: Change.

PowerShell Script to Change "Log on as:"Get-WMIObject Win32_Service

I have chosen the little used 'Fax' service as our vehicle, our task is to script a new value for 'This account'.  As you can see in the screenshot, the default is Network Service; we will change this value to a local account called 'Guy', we also need to know the Password, which is 'P0werSh$ll'.

Research shows that in addition to changing the account to .\Guy, we also need to set 'Allow service to interact with desktop' to be $false.

$LocalSrv = Get-WmiObject Win32_service -filter "name='Fax'"
$LocalSrv.Change($null,$null,$null,$null,$null,$false,".\Guy","P0werSh$ll")

Get-WMIObject Win32_ServiceNote 2: You can change the Log On back to the default by changing the last two values to:
"Network Service",""

Note 3: This password setting works because unlike the local account, the Network Service has a blank password; StartPassword must be an empty string ("") and not NULL.

The key to understanding, and modifying what the script does is to compare our code with the values seen in the service.msc GUI.  See scripts and screenshots above.

Note 4: ReturnPath: 0 is success. 22 means 'Invalid Service Account'

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM)Review of Orion NPM v11.5 v11.5

SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of Solarwinds’ Network Performance Monitor

Researching the WMI Change Method

uint32 Change(
1 [in] string DisplayName,
2 [in] string PathName,
3 [in] uint32 ServiceType,
4 [in] uint32 ErrorControl,
5 [in] string StartMode,
6 [in] boolean DesktopInteract,
7 [in] string StartName,
8 [in] string StartPassword,

[in] string LoadOrderGroup,
[in] string LoadOrderGroupDependencies,
[in] string ServiceDependencies
);

Our Script:

$LocalSrv.Change($null,$null,$null,$null,$null,$false,".\Guy","P0werSh$ll")

Security Accounts for Windows Services

Let us investigate a property called StartName.  Results show that each Windows runs as one of three built-in security accounts: LocalSystem, LocalService and LocalNetwork. 

# Script to list the StartName values Get-WmiObject Win32_service
Clear-Host
Get-WmiObject -Class Win32_service |
Group-Object -Property StartName |
Format-Table Name, Count -auto

Note 5: You could add this pipeline to refine the command to include only "Running" services:
| Where-Object {$_.state -eq "Running"}

Note 6: Out-GridView: PowerShell v 2.0 introduces a new cmdlet to control data display.  See more on how to pipe the results into out-GridView.

Guy Recommends: Free WMI Monitor for PowerShellSolarwinds Free WMI Monitor for PowerShell

Windows Management Instrumentation (WMI) is one of the hidden treasures of Microsoft’s operating systems.  Fortunately, SolarWinds have created a Free WMI Monitor so that you can discover these gems of performance information, and thus improve your PowerShell scripts.

Take the guess work out of which WMI counters to use when scripting the operating system, Active Directory, or Exchange Server. Give this WMI monitor a try – it’s free.

Download your free copy of WMI Monitor

Grouping and Counting the Windows Services

Here is a script to discover background information on the built-in Windows service accounts.

# Script to list the StartName values Get-WmiObject Win32_service
Clear-Host
Get-WmiObject Win32_service | Where-Object {$_.state -eq "Running"} |
Group-Object-Property StartName |
Format-Table Name, Count -auto

Note 7: The above script incorporates a 'Where-Object filter.  Actually, the  -filter "state = ‘running’" is faster than | Where {$_.state -eq "Running"}.

Note 8: Many script writers prefer the alias 'Where' or '?' rather than Where-Object.  Another common alias is  ‘group’ rather than Group-Object.

# Script to list the StartName values Get-WmiObject Win32_service
Clear-Host
Get-WmiObject Win32_service -filter "state = 'running' " |"state = 'running' " |
Group-Object -Property StartName |
Format-Table Name, Count -auto

Discovering Properties with Get-Member

Here is one of my favourite techniques to research more about a PowerShell cmdlet; or in this case the Win32_service.

# PowerShell script to research Get-WmiObject Win32_service
Clear-Host
Get-WmiObject Win32_service |
Get-Member -MemberType Property |
Where-Object {$_.name -NotMatch "__"}

Note 9: If you are want to research other classes try this:
Get-WmiObject -List

See PowerShell Start Service

Summary Gwmi Win32_service Log on Account

Our mission is to set a service's 'Log On' account using PowerShell.  The default is Local Computer or Network Service, we want to change 'This account' to a local user.

If you like this page then please share it with your friends

 


See more PowerShell examples of process and service

PowerShell Home   • Get-Process   • Stop-Process   • PowerShell Start-Process   • Set-Service

Get-Service   • Start-Service   • Stop-Service   • Restart-Service   • Free WMI Monitor

PowerShell Service Account   • Get-WmiObject win32_service   • Windows PowerShell

Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.