Well, I explored Win32_Service WMI class a bit more and found some more concepts which are useful to Windows Administrators. In this article, I will show you how to get the list of services which are running with a specific windows account. You can get this information from both local and remote computers with the code that I am going to provide.
CODE:
function Get-ServiceLogonAccount { [cmdletbinding()] param ( $ComputerName = $env:computername, $LogonAccount ) if($logonAccount) { Get-WmiObject -Class Win32_Service -ComputerName $ComputerName |` ? { $_.StartName -match $LogonAccount } | select DisplayName, StartName, State } else { Get-WmiObject -Class Win32_Service -ComputerName $ComputerName | ` select DisplayName, StartName, State } }
So it is clear what the above function does. It takes two parameters, computername and logonaccount. You should provide computer name if you would like to query the services on remote computer otherwise just ignore it. By default it queries local computer. Similarly, -LogonAccount is also optional parameters and you need to pass the account name that you are looking for. For example, if you are looking for DOMAIN\Useracct1 account, just pass useracc1 as parameter value.
Below are some usage examples…
Example 1: Query logon account of all services in local computer
Example 2: Get services running with “NT Authority\LocalService” account on remote computer
Hope this helps.