≡ Menu

PowerShell: How to get logon account of services on remote computer

Well, I explored Win32_Service WMI class a bit more and found some more concepts which are useful to Windows Administrators. In this article, I will show you how to get the list of services which are running with a specific windows account. You can get this information from both local and remote computers with the code that I am going to provide.

CODE:

function Get-ServiceLogonAccount {
[cmdletbinding()]            

param (
$ComputerName = $env:computername,
$LogonAccount
)            

    if($logonAccount) {
        Get-WmiObject -Class Win32_Service -ComputerName $ComputerName |`          
? { $_.StartName -match $LogonAccount } | select DisplayName, StartName, State            

    } else {            

        Get-WmiObject -Class Win32_Service -ComputerName $ComputerName | `         
select DisplayName, StartName, State
    }            

}

So it is clear what the above function does. It takes two parameters, computername and logonaccount. You should provide computer name if you would like to query the services on remote computer otherwise just ignore it. By default it queries local computer. Similarly, -LogonAccount is also optional parameters and you need to pass the account name that you are looking for. For example, if you are looking for DOMAIN\Useracct1 account, just pass useracc1 as parameter value.

Below are some usage examples…

Example 1: Query logon account of all services in local computer

Example 2: Get services running with “NT Authority\LocalService” account on remote computer

Hope this helps.

 

{ 3 comments… add one }
  • Chetan Kumar Tammala February 27, 2013, 4:21 pm

    Thank much for the details, Sitaram! I had the same requirement to query the services on all servers based on the logon account and your code helped a lot!

    Thanks,
    Chetan

  • Rahul February 26, 2016, 8:45 am

    Superb bro….. this was much helpful. Wonder why i keep stumbling on your articles 🙂

Leave a Comment