Enumerate Windows services info from remote computers

This topic contains 2 replies, has 3 voices, and was last updated by  Richard Siddaway 1 year, 9 months ago.

  • Author
  • #54777

    Rocky Cabral

    Trying to expand a WMI query to give me table of service info for all Windows boxes from a text file.

    Original script:
    $Box = read-host "Enter computer name"
    gwmi -class win32_service -ComputerName $Box | where {$_.State -eq "Running" -and $_.StartName -notlike "LocalSystem" -and $_.StartName -notlike "NT Authority*"} | ft PSComputerName,DisplayName,State,StartName -AutoSize

    Script trying to get working:

    $results = @()
    $boxes = gc D:\boxes.txt

    Foreach ($box in $boxes){
    $1 = Get-WmiObject -class win32_service -ComputerName $box | where {$_.State -eq "Running" -and $_.StartName -notlike "LocalSystem" -and $_.StartName -notlike "NT Authority*"}

    $out = New-Object PSObject

    $out | Add-Member -MemberType NoteProperty -Name ComputerName -Value $1.PSComputerName
    $out | Add-Member -MemberType NoteProperty -Name DisplayName -Value $1.DisplayName
    $out | Add-Member -MemberType NoteProperty -Name State -Value $1.State
    $out | Add-Member -MemberType NoteProperty -Name StartName -Value $1.StartName

    $results += $out
    Write-Output $results

  • #54783

    Matt Bloomfield

    You don't actually state what the problem is; I'm guessing it's formatting. As you're using Write-Output I'm also guessing you don't actually need to create the custom object.

    $results = @()
     $boxes = Get-Content D:\boxes.txt
    Foreach ($box in $boxes){
     Get-WmiObject -class win32_service -ComputerName $box | where {$_.State -eq "Running" -and $_.StartName -notlike "LocalSystem" -and $_.StartName -notlike "NT Authority*"} | Format-Table PSComputerName,DisplayName,State,StartName -AutoSize
  • #54938

    Richard Siddaway

    You should move the filter from where-object to Get-WmiObject as in this example

    Get-CimInstance -ClassName Win32_Service -Filter "State = 'Running' And NOT StartName LIKE 'LocalSystem' AND NOT StartName LIKE 'NT Authority%'" |
    select PSComputerName, DisplayName, State, StartName

    Performing the filtering in the CIM/WMI cmdlet means it happens on the remote box. Using Where-Object means that it happens on the local box AFTER you've dragged all possible objects across the network

    Also displaying State is redundant as you specifically ask for services that are RUNNING

You must be logged in to reply to this topic.