≡ Menu

PowerShell: How to get logon account of services on remote computer

Well, I explored Win32_Service WMI class a bit more and found some more concepts which are useful to Windows Administrators. In this article, I will show you how to get the list of services which are running with a specific windows account. You can get this information from both local and remote computers with the code that I am going to provide.

CODE:

function Get-ServiceLogonAccount {
[cmdletbinding()]            

param (
$ComputerName = $env:computername,
$LogonAccount
)            

    if($logonAccount) {
        Get-WmiObject -Class Win32_Service -ComputerName $ComputerName |`          
? { $_.StartName -match $LogonAccount } | select DisplayName, StartName, State            

    } else {            

        Get-WmiObject -Class Win32_Service -ComputerName $ComputerName | `         
select DisplayName, StartName, State
    }            

}

So it is clear what the above function does. It takes two parameters, computername and logonaccount. You should provide computer name if you would like to query the services on remote computer otherwise just ignore it. By default it queries local computer. Similarly, -LogonAccount is also optional parameters and you need to pass the account name that you are looking for. For example, if you are looking for DOMAIN\Useracct1 account, just pass useracc1 as parameter value.

Below are some usage examples…

Example 1: Query logon account of all services in local computer

Example 2: Get services running with “NT Authority\LocalService” account on remote computer

Hope this helps.

 

Comments on this entry are closed.

  • Chetan Kumar Tammala February 27, 2013, 4:21 pm

    Thank much for the details, Sitaram! I had the same requirement to query the services on all servers based on the logon account and your code helped a lot!

    Thanks,
    Chetan

  • Rahul February 26, 2016, 8:45 am

    Superb bro….. this was much helpful. Wonder why i keep stumbling on your articles 🙂

  • Ted "Teddy" Bard October 7, 2017, 2:25 am

    Thanks.
    I used it to help build our server datasheets and capture services that are might be using non-standard login accounts
    This gets all services that do not log in with “LocalSystem” OR “NT Authority\LocalService” AND is “Running”

    Get-ServiceLogonAccount | where {($_.StartName -ne “LocalSystem”) -and ($_.StartName -ne “NT Authority\LocalService”)} | where {$_.State -eq “Running”}

    • John James Escudero December 29, 2020, 12:34 am

      Excelente aporte “Teddy”

  • Patrick Burwell August 17, 2021, 10:04 pm

    Can you adjust this function to include “DisplayName” in the initial filter to lessen the delay?
    GREAT SCRIPT BUD!

    • Wintel Rocks September 6, 2021, 9:49 pm

      Thanks for the feedback. I will let you know if I find any easy option.

  • Patrick Burwell August 17, 2021, 10:09 pm

    Because this is VERY slow when enumerating 500 servers:
    Get-ServiceLogonAccount -ComputerName $Server|where {($_.StartName -ne “LocalSystem”) -and ($_.StartName -ne “NT Authority\LocalService”) -and ($_.DisplayName -eq “New Relic Infrastructure Agent”)} | where {$_.State -eq “Running”} |select displayname, startname, state

  • Dries November 10, 2021, 4:38 pm

    Thanks! This worked!