Well, I explored Win32_Service WMI class a bit more and found some more concepts which are useful to Windows Administrators. In this article, I will show you how to get the list of services which are running with a specific windows account. You can get this information from both local and remote computers with the code that I am going to provide.
CODE:
function Get-ServiceLogonAccount { [cmdletbinding()] param ( $ComputerName = $env:computername, $LogonAccount ) if($logonAccount) { Get-WmiObject -Class Win32_Service -ComputerName $ComputerName |` ? { $_.StartName -match $LogonAccount } | select DisplayName, StartName, State } else { Get-WmiObject -Class Win32_Service -ComputerName $ComputerName | ` select DisplayName, StartName, State } }
So it is clear what the above function does. It takes two parameters, computername and logonaccount. You should provide computer name if you would like to query the services on remote computer otherwise just ignore it. By default it queries local computer. Similarly, -LogonAccount is also optional parameters and you need to pass the account name that you are looking for. For example, if you are looking for DOMAIN\Useracct1 account, just pass useracc1 as parameter value.
Below are some usage examples…
Example 1: Query logon account of all services in local computer
Example 2: Get services running with “NT Authority\LocalService” account on remote computer
Hope this helps.
Comments on this entry are closed.
Thank much for the details, Sitaram! I had the same requirement to query the services on all servers based on the logon account and your code helped a lot!
Thanks,
Chetan
Superb bro….. this was much helpful. Wonder why i keep stumbling on your articles 🙂
I am glad that it is helpful 🙂
Thanks.
I used it to help build our server datasheets and capture services that are might be using non-standard login accounts
This gets all services that do not log in with “LocalSystem” OR “NT Authority\LocalService” AND is “Running”
Get-ServiceLogonAccount | where {($_.StartName -ne “LocalSystem”) -and ($_.StartName -ne “NT Authority\LocalService”)} | where {$_.State -eq “Running”}
Excelente aporte “Teddy”
Can you adjust this function to include “DisplayName” in the initial filter to lessen the delay?
GREAT SCRIPT BUD!
Thanks for the feedback. I will let you know if I find any easy option.
Because this is VERY slow when enumerating 500 servers:
Get-ServiceLogonAccount -ComputerName $Server|where {($_.StartName -ne “LocalSystem”) -and ($_.StartName -ne “NT Authority\LocalService”) -and ($_.DisplayName -eq “New Relic Infrastructure Agent”)} | where {$_.State -eq “Running”} |select displayname, startname, state
Thanks! This worked!