Sort running services

This topic contains 13 replies, has 3 voices, and was last updated by Profile photo of Vern Anderson Vern Anderson 3 years, 7 months ago.

  • Author
    Posts
  • #10026
    Profile photo of Nate Fair
    Nate Fair
    Participant

    I am starting to get used to PS and I love it and look forward to regular postings and continual learning on this site!

    Here is what I have:
    gsv | where {$_. status -eq "Running"} – this gives me a list of running services

    I know gsv | gm – will tell me what properties I can apply to the object

    I want to see what username (Local,LOCAL SERVICE, NETWORK, SYSTEM, ) is running what specific services like I can see in Task Manager. Can I do this? All my command gives me is the status, name, and display name. I would like to see who is running and weather or not the service is scheduled or not?

    Much Thanks!

  • #10027
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Get-Service doesn't return that information. Use

    Get-WmiObject -Class Win32_Service | Where { $_.State -eq 'Running' }

    Instead. The StartName property (which wont' display by default; you'll have to select it using Select-Object for Format-) has what you want.

  • #10034
    Profile photo of Nate Fair
    Nate Fair
    Participant

    Wow Don let me say I got introduced to PS by watching your videos! You are great and am humbled by your response.

    I run the command and dont get what I necessarily need. I feel as if I over-complicated my question.

    I would like to see a list scheduled task and who scheduled them and their status. With the command you gave, I get running status and their status, which is fine, but not if it was scheduled or not and by whom. I hope that makes sense. I have tried using the help as well. Where else should I look for problems with this issue if you are unsure?

    Much thanks,

    Nate
    Projetech Inc

  • #10035
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Uh, I guess I'm confused.

    You want SERVICES or SCHEDULED TASKS? You started with Get-Service... that's not for scheduled tasks.

    What's shown in Task Manager is a list of PROCESSES... also different from either a service or a scheduled task.

    If you're after scheduled tasks, Windows 8 introduced a PowerShell module to work with scheduled tasks. If you're not using Windows 8, then you have two options for working with scheduled tasks. The first is the Schtasks.exe command, which runs fine inside PowerShell. The second is to query the information via WMI, which is a bit more complex.

    But you started with Get-Service, you mentioned Task Manager (processes), and now scheduled tasks... so I'm not sure which of those three you're after.

  • #10036
    Profile photo of Nate Fair
    Nate Fair
    Participant

    I guess I was after get-service because I thought the ID associated with them could somehow be tied to the process? I mentioned Task Manager because of the information it provides and was wondering if that could be translated into a list of running services, not processes.

    One final edit: I am after a list of scheduled tasks, who scheduled them, and under what they are running (Local tasks, Network tasks, System tasks(Like in Task Manager under the username, you see Local Service, System, Network Service)).

    Thanks

  • #10037
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Well.. okay. But you're talking about different things.

    A service IS NOT a scheduled task. You don't schedule services. They start automatically at boot, or can be started manually, or are completely disabled. When a service is running, it does show up in Task Manager. Get-Service will not let you make the connection to a process, though.

    Get-WmiObject Win32_Service -filter "state = 'Running'" | Select Name,ProcessId

    Will show you running processes and their associated process ID. You can then query Win32_Process with the given process ID to see who the process is running as.

    But none of that has anything to do with scheduled tasks. Versions of Windows prior to Windows 8 do not provide PowerShell-native mechanisms for working with scheduled tasks. You would need to run Schtasks.exe to get that list. You could also run:

    Get-WmiObject Win32_ScheduledJob

    The object returned by that command is documented at http://msdn.microsoft.com/en-us/library/aa394399(v=vs.85).aspx. That will show you the owner. However, once a scheduled task is running, there's no "connection" between the scheduled task definition and the running process. A scheduled task will only show up in the process list (Get-Process, or Task Manager) if the scheduled task is actually RUNNING at that exact moment.

    I think your best bet would be to start with

    Schtasks /query

    As it will show all tasks, whether they are scheduled, and whether they are running. It will NOT show who scheduled them, and it will not show what user account they run under. Unfortunately, in older versions of Windows, it's difficult to extract that information using automation. That's why newer versions of Windows are nicer – they're easier to automate. You can query Win32_ScheduledJob to get some of the information, like who set up the scheduled task in the first place. But that also won't show you what user the task runs as.

  • #10039
    Profile photo of Nate Fair
    Nate Fair
    Participant

    Ok I will work with this. Thanks Much Don

  • #10058
    Profile photo of Vern Anderson
    Vern Anderson
    Participant

    Hey Nate,

    This is yet another way of looking at your scheduled tasks.

    $ErrorActionPreference = 'SilentlyContinue'
    Set-Location $ENV:SystemRoot\System32\Tasks
    Get-ChildItem | Where-Object {!$_.PSIsContainer} |
    ForEach-Object {
    [xml]$tasks = get-content $_.FullName
    $NextRun = $tasks.task.Triggers.CalendarTrigger.StartBoundary
    @{"Name"=$_.Name},
    @{"Enabled"=$tasks.task.Settings.Enabled},
    @{"Triggers"=$tasks.task.triggers},
    @{"NextRun"=[datetime]$NextRun},
    @{"Author"=$tasks.task.principals.Principal.Author}
    } | FT -AutoSize

  • #10075
    Profile photo of Nate Fair
    Nate Fair
    Participant

    Hi Vern,

    Thanks for the reply. I run the command and get the two scheduled tasks running in the directory, however, tasks embedded within folders remain unnoticed. Is there a way to pull all the tasks within that directory? The sub directory is omitted with the command you gave me.

    Much thanks,

    Nate

  • #10098
    Profile photo of Vern Anderson
    Vern Anderson
    Participant

    Yes there is the reason I didn't include them is there are a lot objects.

    Change line #3 to look like this Get-ChildItem . -Recurse | Where-Object {!$_.PSIsContainer} |

    You are adding the dot or period and the recurse parameter to line 3. One thing I forgot to mention when I posted it was you need to be elevated as Administrator to see the scheduled jobs.

    -VERN

  • #10109
    Profile photo of Nate Fair
    Nate Fair
    Participant

    Thank you very much Vern. Everything works fine except the Author and Trigger object. The Author remains blank no matter what I try. With the Trigger, all I see is Trigger in both columns. Is this what I should expect?

  • #10153
    Profile photo of Vern Anderson
    Vern Anderson
    Participant

    Yea Nate,

    Sorry about that the trigger child object is too random I changed it below. For the author I managed to fix that part.

    Change line 11 to @{"Author"=$tasks.Task.RegistrationInfo.Author} Or here is the whole script corrected now. . .

    $ErrorActionPreference = 'SilentlyContinue'
    Set-Location $ENV:SystemRoot\System32\Tasks
    Get-ChildItem -Recurse | Where-Object {!$_.PSIsContainer} |
    ForEach-Object {
    [xml]$tasks = get-content $_.FullName
    $NextRun = $tasks.task.Triggers.CalendarTrigger.StartBoundary
    @{"Name"=$_.Name},
    @{"Enabled"=$tasks.task.Settings.Enabled},
    @{"Triggers"=$tasks.Task.Triggers.ChildNodes },
    @{"NextRun"=[datetime]$NextRun},
    @{"Author"=$tasks.Task.RegistrationInfo.Author}
    } | FT -AutoSize -Wrap

    -VERN

  • #10192
    Profile photo of Nate Fair
    Nate Fair
    Participant

    Vern you are awesome! Thank you so much. Now I will play around with the switches and have a good time.

    Thanks much,

    Nate

  • #10194
    Profile photo of Vern Anderson
    Vern Anderson
    Participant

    My pleasure Nate you helped me improve the script so thank you!

You must be logged in to reply to this topic.