Enumerate Windows services info from remote computers

This topic contains 2 replies, has 3 voices, and was last updated by Profile photo of Richard Siddaway Richard Siddaway 2 weeks, 3 days ago.

  • Author
  • #54777
    Profile photo of Rocky Cabral
    Rocky Cabral

    Trying to expand a WMI query to give me table of service info for all Windows boxes from a text file.

    Original script:
    $Box = read-host "Enter computer name"
    gwmi -class win32_service -ComputerName $Box | where {$_.State -eq "Running" -and $_.StartName -notlike "LocalSystem" -and $_.StartName -notlike "NT Authority*"} | ft PSComputerName,DisplayName,State,StartName -AutoSize

    Script trying to get working:

    $results = @()
    $boxes = gc D:\boxes.txt

    Foreach ($box in $boxes){
    $1 = Get-WmiObject -class win32_service -ComputerName $box | where {$_.State -eq "Running" -and $_.StartName -notlike "LocalSystem" -and $_.StartName -notlike "NT Authority*"}

    $out = New-Object PSObject

    $out | Add-Member -MemberType NoteProperty -Name ComputerName -Value $1.PSComputerName
    $out | Add-Member -MemberType NoteProperty -Name DisplayName -Value $1.DisplayName
    $out | Add-Member -MemberType NoteProperty -Name State -Value $1.State
    $out | Add-Member -MemberType NoteProperty -Name StartName -Value $1.StartName

    $results += $out
    Write-Output $results

  • #54783

    You don't actually state what the problem is; I'm guessing it's formatting. As you're using Write-Output I'm also guessing you don't actually need to create the custom object.

    $results = @()
     $boxes = Get-Content D:\boxes.txt
    Foreach ($box in $boxes){
     Get-WmiObject -class win32_service -ComputerName $box | where {$_.State -eq "Running" -and $_.StartName -notlike "LocalSystem" -and $_.StartName -notlike "NT Authority*"} | Format-Table PSComputerName,DisplayName,State,StartName -AutoSize
  • #54938
    Profile photo of Richard Siddaway
    Richard Siddaway

    You should move the filter from where-object to Get-WmiObject as in this example

    Get-CimInstance -ClassName Win32_Service -Filter "State = 'Running' And NOT StartName LIKE 'LocalSystem' AND NOT StartName LIKE 'NT Authority%'" |
    select PSComputerName, DisplayName, State, StartName

    Performing the filtering in the CIM/WMI cmdlet means it happens on the remote box. Using Where-Object means that it happens on the local box AFTER you've dragged all possible objects across the network

    Also displaying State is redundant as you specifically ask for services that are RUNNING

You must be logged in to reply to this topic.