Windows PowerShell Get-WmiObject Win32_service

Windows PowerShell Get-WmiObject Win32_service

PowerShell provides two ways of scripting Windows services.  For lists of services I employ Get-WmiObject win32_service.  However, when I want to deal with a particular service I choose Get-Service followed by the name-of-service.

Topics for PowerShell Get-WmiObject win32_service

• Our Mission
• Preliminary Check of the Properties with Get-Member
• Investigating Security Accounts for Services
• Grouping and Counting the Windows Services
• PowerShell Script to Change The "Log On" Account

 ♣

Our Mission

Our main mission is to produce a script that interrogates Windows services and generates a list of selected properties.  In particular, I want to group then count how many services operate under each of the three types of 'StartName' accounts: LocalSystem, LocalNetwork and LocalService.

I also want to draw your attention, or remind you, of two useful scripting techniques:
1)  (|) for Pipelining the output of a basic instruction into a new command
2) How to control the output with group-Object, and Format-Table.

Preliminary Check of the Properties with Get-Member

Let us start with a preliminary script which employs Get-Member to research the properties of services. From the resulting list we can compare the properties, and then decide whether to choose Get-Service or Get-WmiObject win32_service to script a particular task.

Note 1: You could filter Get-WmiObject Win32_service by appending this command:
| Where-Object {$_.name -NotMatch "__"}

Note 2: To digress into the world of WMI, Get-WmiObject has zillions more classes.  If you are curious try this: Get-WmiObject -List.

Guy Recommends: Free WMI Monitor for PowerShell

Windows Management Instrumentation (WMI) is one of the hidden treasures of Microsoft’s operating systems.  Fortunately, SolarWinds have created a Free WMI Monitor so that you can discover these gems of performance information, and thus improve your PowerShell scripts.

Take the guess work out of which WMI counters to use when scripting the operating system, Active Directory, or Exchange Server. Give this WMI monitor a try – it’s free.

Download your free copy of WMI Monitor

Investigating Security Accounts for Services

Let us investigate StartName.  This property reveals that each service relies on one of three built-in security accounts: LocalSystem, LocalService and LocalNetwork.  Background research unearths that LocalSystem is the most powerful as it accesses system security privileges, which are not available to the other two accounts.

Note 3:  Any problems, simplify the script to:
Get-WmiObject win32_service | FT Name, StartName -auto

Note 4: You could add this pipeline to refine the command to include only "Running" services:
| Where-Object {$_.state -eq "Running"}

Note 5: Out-GridView: PowerShell v 2.0 introduces a new cmdlet to control data display.  See more on how to pipe the results into out-GridView.

Grouping and Counting the Windows Services

Here is where pipelining comes into its own.  Once we get a simple command working, then we refine the output by piping the output into a new command.  I once thought that there was a limit of three such pipes; however, I have successfully tested a chain of 5.  I have to say that beyond 3 pipes and the script gets a bit complicated for my liking.

Note 6: The above script incorporates a filter.  Talking of filters, my friend ‘Mad’ Mick says that  -filter "state = ‘running’" is superior to | Where {$_.state -eq "Running"}.  Do you know, I think Mick is right, -filter is better and 40 milliseconds faster than Where-Object in this case.

Note 7: Strictly speaking, I should use Where-Object rather than plain ‘Where’.  However, PowerShell is forgiving, and providing there is no ambiguity it uses its built-in aliases for the shortened forms.  For instance you could use ‘group’ rather than Group-Object.

Note 8: Most people use gwmi as an alias for Get-WmiObject.

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM) v11.5

SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of Solarwinds’ Network Performance Monitor

PowerShell Script to Change The "Log On" Account

Scenario: Windows services are configured with a Log On account; we are going to use the little used 'Fax' service as the vehicle for this example.

The default Log On, as seen in the This Account dialog box is Network Service.  Our mission is to change this to a local account called 'Guy', with a Password of 'TestID36'.

In addition to changing the account to .\Guy, we also need to set the 'Allow service to interact with desktop' to false.

Note 9: You can change the Log On back to the default by changing the last two values to:
"Network Service",""

Note 10: This works because the password for the Network Service is blank. 

As usual, it helps your PowerShell script if you compare your code with the values in the service.msc GUI.

 See more on PowerShell Services Log on as

Guy’s GUI Tip

There are numerous PowerShell authors who have more scripting knowledge than I, but none seem to share my penchant for comparing what I see in the Windows utility with the output of a script.  In this instance I recommend launching Services.msc so that we can make comparisons between the GUI and  the results of my PowerShell services script. 

Firstly, this GUI always surprises me with the sheer number of services; moreover, each successive version of Windows spawns yet more services.  Secondly, be aware that the ‘Name’ column in the GUI corresponds to the ‘Caption’ property when you use win32_service.  Furthermore ‘Log on As’ corresponds to ‘StartName’ in the script.

Out-file

If I could digress and hark back to the verbosity of VBScript; because it took so much code to list the services, I feared that it would confuse beginners if I added another 10 lines of VBScript in order to output the list of services to a text file.  With PowerShell there is no such worry, all you need to store the results is to append these few words:
| out-file "D:\PowerShell\Scripts\services.txt"

Note 9: You may wish to change the value of $File.

See PowerShell Start Service

Summary of Scripting Services with PowerShell

My main point is that there are two methods for scripting PowerShell services.  Plain Get-Service has fewer properties than the WMI alternative.  From a practical point of view, these scripts show you how to group and count the local accounts under which, the Windows services operate. 

Tip, where possible observe the built-in GUI alongside your PowerShell script, in this case launch Services.msc and make comparisons between the GUI’s columns and PowerShell’s properties.

See more PowerShell examples of process and service

• PowerShell Home   • Get-Process   • Stop-Process   • PowerShell Start-Process   • Set-Service

• Get-Service   • Start-Service   • Stop-Service   • Restart-Service   • Free WMI Monitor

• PowerShell Service Account   • Get-WmiObject win32_service   • Windows PowerShell

Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.