Managing Windows Services with PowerShell. Part 3. Configuring services using WMI and CIM

Original author: Jeff Hicks
  • Transfer
  • Tutorial

We continue to publish translations of articles published on 4sysops.com dedicated to managing Windows services using PowerShell. In two previous posts, the issues of obtaining the status of services on the local and remote computers ( here ) and the basic points of service management (start, stop, pause, etc., here ) were considered. This post will show you how to use WMI and CIM to configure services on remote computers.

Previous articles:
Managing Windows Services with PowerShell. Part 1. Obtaining the status of services We
control Windows services using PowerShell. Part 2. Stop, start, pause


In the last article I showed a couple of examples of using Set-Serviceto configure services. However, there are some limitations, especially when we work with services on remote machines. This is partly due to the fact that cmdlets such as Get-Service and Set-Service are designed to work with a service object that is expressed through the .NET Framework - System.ServiceProcess.ServiceController. From the perspective of an administrator, in this definition of an object there is a number of useful information, for example, under which account the service is running. Fortunately, Windows Management Instrumentation (WMI) comes to our aid here.

Using WMI


We can use Get-WmiObject to retrieve an instance of a service object. I will demonstrate in PS 3.0 on Windows 8, but the same command should work on PS 2.0 as well. Find those services whose class is Win32_Service.

PS C:\> get-wmiobject win32_service | format-table



I formatted the output of the command to make it easier to read. Now let's take a look at a separate service.

PS C:\> get-wmiobject win32_service -filter "name='bits'"
ExitCode : 0
Name : BITS
ProcessId : 876
StartMode : Auto
State : Running
Status : OK


To get other properties, use the following command.

PS C:\> get-wmiobject win32_service -filter "name='bits'" | Select *


The output is shown in the screenshot.



Now you know the properties of the service, and you can create qualifying queries using the –Filter parameter .

Get the type of startup



The StartMode property indicates whether the service starts automatically or should be started manually. When you find out, you can use the following commands:

PS C:\> get-wmiobject win32_service -filter "StartMode <>'disabled'" | sort StartMode | format-table -GroupBy StartMode -Property Name,State,PathName -AutoSize


The command will display a table grouped by type of load with new key properties. Run it yourself and look at the result.

PS C:\> get-wmiobject win32_service -filter "startmode='auto' AND state<>'Running'" | Select Name,State
Name State
---- -----
MMCSS Stopped
RemoteRegistry Stopped
sppsvc Stopped
wuauserv Stopped


I request information about local services, but the same thing can be done on remote machines

PS C:\> get-wmiobject win32_service -filter "startmode='auto' AND state<>'Running'" -computername chi-dc01,chi-dc02,chi-dc03 | Select Name,State,Systemname
Name State Systemname
---- ----- ----------
sppsvc Stopped CHI-DC01
sppsvc Stopped CHI-DC02
VMTools Stopped CHI-DC02
RemoteRegistry Stopped CHI-DC03
ShellHWDetection Stopped CHI-DC03
sppsvc Stopped CHI-DC03
wuauserv Stopped CHI-DC03


We get the account under which the service is running



Also, using WMI, you can get the account under which the service is running. In WMI, this is the Startname property .

PS C:\> get-wmiobject win32_service -comp chi-ex01 | group startname
Count Name Group
----- ---- -----
95 localSystem {\\CHI-EX01\root\cimv2:Win32_Service.Name="AeLook...
36 NT AUTHORITY\LocalService {\\CHI-EX01\root\cimv2:Win32_Service.Name="ALG", ...
24 NT AUTHORITY\NetworkSe... {\\CHI-EX01\root\cimv2:Win32_Service.Name="aspnet...


And of course, you can filter by this property.



This is very convenient if you are looking for services running under a specific account, for example, a domain administrator.

PS C:\> get-wmiobject win32_service -computer $computers -filter "startname like '%administrator%'"| Select Name,startmode,state,startname,systemname
Name : BITS
startmode : Manual
state : Stopped
startname : .\Administrator
systemname : CHI-EX01
Name : PeerDistSvc
startmode : Manual
state : Stopped
startname : Administrator@GLOBOMANTICS.local
systemname : CHI-WIN8-01


With one simple command, I found those services that are running under a specific administrator account.

We use CIM



In PowerShell 3.0, you can use CIM cmdlets to perform the same queries. The benefits of CIM relate to working remotely with PowerShell.

PS C:\> get-ciminstance win32_service -comp chi-dc01




Filters work in a similar way.

PS C:\> get-ciminstance win32_service -filter "startmode='auto' AND state<>'Running'" -comp chi-ex01 | Select Name,State,Systemname
Name State Systemname
---- ----- ----------
clr_optimization_v4.0.30319_32 Stopped CHI-EX01
clr_optimization_v4.0.30319_64 Stopped CHI-EX01
MSExchangeProtectedServiceHost Stopped CHI-EX01
MSExchangeRPC Stopped CHI-EX01
MSExchangeSA Stopped CHI-EX01
MSExchangeServiceHost Stopped CHI-EX01
ShellHWDetection Stopped CHI-EX01
sppsvc Stopped CHI-EX01


As you can see in the output, there are some problems with Exchange. We will deal with them and the like in the next article.

Total


Using WMI or CIM is a good way to get service configuration reports in your environment. The Win32_Service class contains a lot of useful information. Plus, you can run long running queries with the –Asjob parameter or use alternative credentials. You can always do this with Get-Service , but it is time consuming. In the next article, we will look at how to change services using WMI and CIM.

Upd:
The post translated the article from the 4sysops.com portal
Managing Services the PowerShell way - Part 5

Previous articles: Managing
Windows Services with PowerShell. Part 1. Getting the status of services
Managing Windows Services with PowerShell. Part 2. Stop, start, pause

Also popular now: