Enumerate Windows services info from remote computers

This topic contains 2 replies, has 3 voices, and was last updated by Profile photo of Richard Siddaway Richard Siddaway 3 months, 2 weeks ago.

  • Author
    Posts
  • #54777
    Profile photo of Rocky Cabral
    Rocky Cabral
    Participant

    Trying to expand a WMI query to give me table of service info for all Windows boxes from a text file.

    Original script:
    $Box = read-host "Enter computer name"
    gwmi -class win32_service -ComputerName $Box | where {$_.State -eq "Running" -and $_.StartName -notlike "LocalSystem" -and $_.StartName -notlike "NT Authority*"} | ft PSComputerName,DisplayName,State,StartName -AutoSize

    Script trying to get working:

    $results = @()
    $boxes = gc D:\boxes.txt

    Foreach ($box in $boxes){
    $1 = Get-WmiObject -class win32_service -ComputerName $box | where {$_.State -eq "Running" -and $_.StartName -notlike "LocalSystem" -and $_.StartName -notlike "NT Authority*"}

    $out = New-Object PSObject

    $out | Add-Member -MemberType NoteProperty -Name ComputerName -Value $1.PSComputerName
    $out | Add-Member -MemberType NoteProperty -Name DisplayName -Value $1.DisplayName
    $out | Add-Member -MemberType NoteProperty -Name State -Value $1.State
    $out | Add-Member -MemberType NoteProperty -Name StartName -Value $1.StartName

    $results += $out
    }
    Write-Output $results

  • #54783
    Profile photo of Matt Bloomfield
    Matt Bloomfield
    Participant

    You don't actually state what the problem is; I'm guessing it's formatting. As you're using Write-Output I'm also guessing you don't actually need to create the custom object.

    $results = @()
     $boxes = Get-Content D:\boxes.txt
    
    Foreach ($box in $boxes){
     Get-WmiObject -class win32_service -ComputerName $box | where {$_.State -eq "Running" -and $_.StartName -notlike "LocalSystem" -and $_.StartName -notlike "NT Authority*"} | Format-Table PSComputerName,DisplayName,State,StartName -AutoSize
    
    }
    
  • #54938
    Profile photo of Richard Siddaway
    Richard Siddaway
    Moderator

    You should move the filter from where-object to Get-WmiObject as in this example

    Get-CimInstance -ClassName Win32_Service -Filter "State = 'Running' And NOT StartName LIKE 'LocalSystem' AND NOT StartName LIKE 'NT Authority%'" |
    select PSComputerName, DisplayName, State, StartName

    Performing the filtering in the CIM/WMI cmdlet means it happens on the remote box. Using Where-Object means that it happens on the local box AFTER you've dragged all possible objects across the network

    Also displaying State is redundant as you specifically ask for services that are RUNNING

You must be logged in to reply to this topic.