Author Posts

September 10, 2013 at 6:49 am

I am starting to get used to PS and I love it and look forward to regular postings and continual learning on this site!

Here is what I have:
gsv | where {$_. status -eq "Running"} – this gives me a list of running services

I know gsv | gm – will tell me what properties I can apply to the object

I want to see what username (Local,LOCAL SERVICE, NETWORK, SYSTEM, ) is running what specific services like I can see in Task Manager. Can I do this? All my command gives me is the status, name, and display name. I would like to see who is running and weather or not the service is scheduled or not?

Much Thanks!

September 10, 2013 at 6:55 am

Get-Service doesn't return that information. Use

Get-WmiObject -Class Win32_Service | Where { $_.State -eq 'Running' }

Instead. The StartName property (which wont' display by default; you'll have to select it using Select-Object for Format-) has what you want.

September 10, 2013 at 9:42 am

Wow Don let me say I got introduced to PS by watching your videos! You are great and am humbled by your response.

I run the command and dont get what I necessarily need. I feel as if I over-complicated my question.

I would like to see a list scheduled task and who scheduled them and their status. With the command you gave, I get running status and their status, which is fine, but not if it was scheduled or not and by whom. I hope that makes sense. I have tried using the help as well. Where else should I look for problems with this issue if you are unsure?

Much thanks,

Nate
Projetech Inc

September 10, 2013 at 9:47 am

Uh, I guess I'm confused.

You want SERVICES or SCHEDULED TASKS? You started with Get-Service... that's not for scheduled tasks.

What's shown in Task Manager is a list of PROCESSES... also different from either a service or a scheduled task.

If you're after scheduled tasks, Windows 8 introduced a PowerShell module to work with scheduled tasks. If you're not using Windows 8, then you have two options for working with scheduled tasks. The first is the Schtasks.exe command, which runs fine inside PowerShell. The second is to query the information via WMI, which is a bit more complex.

But you started with Get-Service, you mentioned Task Manager (processes), and now scheduled tasks... so I'm not sure which of those three you're after.

September 10, 2013 at 9:55 am

I guess I was after get-service because I thought the ID associated with them could somehow be tied to the process? I mentioned Task Manager because of the information it provides and was wondering if that could be translated into a list of running services, not processes.

One final edit: I am after a list of scheduled tasks, who scheduled them, and under what they are running (Local tasks, Network tasks, System tasks(Like in Task Manager under the username, you see Local Service, System, Network Service)).

Thanks

September 10, 2013 at 10:06 am

Well.. okay. But you're talking about different things.

A service IS NOT a scheduled task. You don't schedule services. They start automatically at boot, or can be started manually, or are completely disabled. When a service is running, it does show up in Task Manager. Get-Service will not let you make the connection to a process, though.

Get-WmiObject Win32_Service -filter "state = 'Running'" | Select Name,ProcessId

Will show you running processes and their associated process ID. You can then query Win32_Process with the given process ID to see who the process is running as.

But none of that has anything to do with scheduled tasks. Versions of Windows prior to Windows 8 do not provide PowerShell-native mechanisms for working with scheduled tasks. You would need to run Schtasks.exe to get that list. You could also run:

Get-WmiObject Win32_ScheduledJob

The object returned by that command is documented at http://msdn.microsoft.com/en-us/library/aa394399(v=vs.85).aspx. That will show you the owner. However, once a scheduled task is running, there's no "connection" between the scheduled task definition and the running process. A scheduled task will only show up in the process list (Get-Process, or Task Manager) if the scheduled task is actually RUNNING at that exact moment.

I think your best bet would be to start with

Schtasks /query

As it will show all tasks, whether they are scheduled, and whether they are running. It will NOT show who scheduled them, and it will not show what user account they run under. Unfortunately, in older versions of Windows, it's difficult to extract that information using automation. That's why newer versions of Windows are nicer – they're easier to automate. You can query Win32_ScheduledJob to get some of the information, like who set up the scheduled task in the first place. But that also won't show you what user the task runs as.

September 10, 2013 at 11:33 am

Ok I will work with this. Thanks Much Don

September 11, 2013 at 4:00 pm

Hey Nate,

This is yet another way of looking at your scheduled tasks.

$ErrorActionPreference = 'SilentlyContinue'
Set-Location $ENV:SystemRoot\System32\Tasks
Get-ChildItem | Where-Object {!$_.PSIsContainer} |
ForEach-Object {
[xml]$tasks = get-content $_.FullName
$NextRun = $tasks.task.Triggers.CalendarTrigger.StartBoundary
@{"Name"=$_.Name},
@{"Enabled"=$tasks.task.Settings.Enabled},
@{"Triggers"=$tasks.task.triggers},
@{"NextRun"=[datetime]$NextRun},
@{"Author"=$tasks.task.principals.Principal.Author}
} | FT -AutoSize

September 12, 2013 at 5:44 am

Hi Vern,

Thanks for the reply. I run the command and get the two scheduled tasks running in the directory, however, tasks embedded within folders remain unnoticed. Is there a way to pull all the tasks within that directory? The sub directory is omitted with the command you gave me.

Much thanks,

Nate

September 12, 2013 at 3:49 pm

Yes there is the reason I didn't include them is there are a lot objects.

Change line #3 to look like this Get-ChildItem . -Recurse | Where-Object {!$_.PSIsContainer} |

You are adding the dot or period and the recurse parameter to line 3. One thing I forgot to mention when I posted it was you need to be elevated as Administrator to see the scheduled jobs.

-VERN

September 13, 2013 at 4:49 am

Thank you very much Vern. Everything works fine except the Author and Trigger object. The Author remains blank no matter what I try. With the Trigger, all I see is Trigger in both columns. Is this what I should expect?

September 15, 2013 at 9:23 am

Yea Nate,

Sorry about that the trigger child object is too random I changed it below. For the author I managed to fix that part.

Change line 11 to @{"Author"=$tasks.Task.RegistrationInfo.Author} Or here is the whole script corrected now. . .

$ErrorActionPreference = 'SilentlyContinue'
Set-Location $ENV:SystemRoot\System32\Tasks
Get-ChildItem -Recurse | Where-Object {!$_.PSIsContainer} |
ForEach-Object {
[xml]$tasks = get-content $_.FullName
$NextRun = $tasks.task.Triggers.CalendarTrigger.StartBoundary
@{"Name"=$_.Name},
@{"Enabled"=$tasks.task.Settings.Enabled},
@{"Triggers"=$tasks.Task.Triggers.ChildNodes },
@{"NextRun"=[datetime]$NextRun},
@{"Author"=$tasks.Task.RegistrationInfo.Author}
} | FT -AutoSize -Wrap

-VERN

September 17, 2013 at 11:03 am

Vern you are awesome! Thank you so much. Now I will play around with the switches and have a good time.

Thanks much,

Nate

September 17, 2013 at 5:29 pm

My pleasure Nate you helped me improve the script so thank you!