Services

Local Services

The Microsoft.PowerShell.Management module contains serveral cmdlets for interacting with services.

Get-Help *-Service | ft -AutoSize

Name            Category Module                          Synopsis
----            -------- ------                          --------
Resume-Service  Cmdlet   Microsoft.PowerShell.Management Resume-Service...
Restart-Service Cmdlet   Microsoft.PowerShell.Management Restart-Servic...
Set-Service     Cmdlet   Microsoft.PowerShell.Management Set-Service...
Get-Service     Cmdlet   Microsoft.PowerShell.Management Get-Service...
Suspend-Service Cmdlet   Microsoft.PowerShell.Management Suspend-Servic...
Start-Service   Cmdlet   Microsoft.PowerShell.Management Start-Service...
Stop-Service    Cmdlet   Microsoft.PowerShell.Management Stop-Service...
New-Service     Cmdlet   Microsoft.PowerShell.Management New-Service...

Services can have a Status of: Running, Stopped, or Paused and can be set up to start manually (user interaction), automatically (system startup), or on a delay after system boot.

# Checking services' status
Get-Service | ft DisplayName,Status

DisplayName                                             Status
-----------                                             ------
Agent Activation Runtime_27727e65                       Stopped
ACC Service                                             Stopped
Adobe Acrobat Update Service                            Stopped
OpenVPN Agent agent_ovpnconnect                         Stopped
AllJoyn Router Service                                  Stopped
Application Layer Gateway Service                       Stopped
Application Identity                                    Stopped
Application Information                                 Running

# Counting the number of services
Get-Service | ft DisplayName,Status -AutoSize | Measure-Object -line

Lines Words Characters Property
----- ----- ---------- --------
  332

# Filtering the services of interest
Get-Service | where DisplayName -like '*Defender*' | ft DisplayName,ServiceName,Status


DisplayName                                             ServiceName  Status
-----------                                             -----------  ------
Windows Defender Firewall                               mpssvc      Running
Microsoft Defender Antivirus Network Inspection Service WdNisSvc    Stopped
Microsoft Defender Antivirus Service                    WinDefend   Running

# Starting a service
Start-Service WdNisSvc
# Stopping a service
Stop-Service WdNisSvc
# Checking the service's statup type
Get-Service WdNisSvc | Select-Object -Property DisplayName,Name,StartType
DisplayName                                             Name     StartType
-----------                                             ----     ---------
Microsoft Defender Antivirus Network Inspection Service WdNisSvc    Manual
# Changing the service's startup type
Set-Service -Name WdNisSvc -StartType Disabled

Remote Services

The -ComputerName parameter allows us to specify remote hosts.

# Querying running services on a remote host
Get-Service -ComputerName ACADEMY-ICL-DC | Where-Object {$_.Status -eq "Running"}
# Querying the specified service on multiple hosts
Invoke-Command -ComputerName <hosts> -ScriptBlock {<command>}
Invoke-Command -ComputerName ACADEMY-ICL-DC,LOCALHOST -ScriptBlock {Get-Service -Name 'windefend'}

PreviousFinding & Filtering NextRegistry

Last updated 1 year ago