Forum Discussion

MarkKrautler's avatar
MarkKrautler
Copper Contributor
Oct 04, 2023

Powershell to export list of all services not running as SYSTEM account on all domain computers

I need to see if there are any services running as service accounts and wanted to query all our domain computers to get the service name, what state is it in (Running/Disabled/Stopped), the server it is running on and what account is running the service. I am not sure the best way to proceed so I pieced together some Powershell code from the web but it's not working when I try to use the $Servers variable to search the OU (line 2) & store that info so the code can run on all the machines. I'm not great with PowerShell & don't know if it needs a FOR EACH or not? It DOES work when I comment line 2 out & uncomment the line that specifies individual computers (line 3), but there are 2000+ machines I need to query. How can I have the script search my entire domain & get the ServiceName, ServiceDisplayName, StartName, State & servername it is running on, then export that to a CSV? I've tried Googling, but unfortuantely nothing I have tried works, any help is greatly appreciated, thank you in advance!

 

 

 

# Get a list of all computers in the domain (you may need to customize this query)
$Servers = Get-ADComputer -Filter * -SearchBase "OU=Citrix,OU=HCAA,DC=PACs,DC=local"
# $Servers = ("cxap01", "msql01", "hwbr01")
$ServiceName =  @{ Name = 'ServiceName'; Expression = {$_.Name}}
$ServiceDisplayname = @{ Name = 'Service DisplayName';  Expression = {$_.Caption}}

Invoke-Command $Servers.servername -ScriptBlock {
        Get-CimInstance -Class Win32_Service -filter "StartName != 'LocalSystem' AND NOT StartName LIKE 'NT Authority%' " } | 
            Select-Object SystemName, $ServiceName, $ServiceDisplayname, StartMode, StartName, State | format-table -autosize

 

 

 

 

Service Bus
Windows Server

4 Replies

  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor
    Oct 04, 2023

    Hi MarkKrautler,

    to export a list of all services not running as the SYSTEM account on all domain computers you can try to use this PowerShell Skript:

     

     

    # Get a list of all computers in the domain (you may need to customize this query)
$Computers = Get-ADComputer -Filter * -SearchBase "OU=Citrix,OU=HCAA,DC=PACs,DC=local"

# Create a new CSV file
$CSVFile = "c:\temp\services_not_running_as_system.csv"
New-Item -ItemType File -Path $CSVFile

# Add the header row to the CSV file
Add-Content -Path $CSVFile -Value "SystemName,ServiceName,ServiceDisplayName,StartMode,StartName,State"

# Iterate through each computer and get a list of all services not running as the SYSTEM account
foreach ($Computer in $Computers) {
    Invoke-Command -ComputerName $Computer -ScriptBlock {
        Get-Service -Filter "StartName != 'LocalSystem' AND NOT StartName LIKE 'NT Authority%' "
    } | Select-Object SystemName, Name, DisplayName, StartMode, StartName, State | Export-Csv -Path $CSVFile -Append -NoTypeInformation
}

     

    To use the script, simply save it as a PowerShell script file (.ps1) and run it. The script should create a CSV file called services_not_running_as_system.csv in the c:\temp directory.

    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic
    (LinkedIn)

    • MarkKrautler's avatar
      MarkKrautler
      Copper Contributor
      Oct 04, 2023
      When I run that script I get the following results saying the computer names are not valid & to use a -ConnectionUri parameter? I'm not sure what that means, TBH.

      PS C:\Temp\MKrautler> # Get a list of all computers in the domain (you may need to customize this query)
      $Computers = Get-ADComputer -Filter * -SearchBase "DC=PARCS,DC=local"

      # Create a new CSV file
      $CSVFile = "c:\Temp\PARCS-services_not_running_as_system.csv"
      New-Item -ItemType File -Path $CSVFile

      # Add the header row to the CSV file
      Add-Content -Path $CSVFile -Value "SystemName,ServiceName,ServiceDisplayName,StartMode,StartName,State"

      # Iterate through each computer and get a list of all services not running as the SYSTEM account
      foreach ($Computer in $Computers) {
      Invoke-Command -ComputerName $Computer -ScriptBlock {
      Get-Service -Filter "StartName != 'LocalSystem' AND NOT StartName LIKE 'NT Authority%' "
      } | Select-Object SystemName, Name, DisplayName, StartMode, StartName, State | Export-Csv -Path $CSVFile -Append -NoTypeInformation
      }


      Directory: C:\Temp


      Mode LastWriteTime Length Name
      ---- ------------- ------ ----
      -a---- 10/4/2023 3:50 PM 0 PARCS-services_not_running_as_system.csv
      Invoke-Command : One or more computer names are not valid. If you are trying to pass a URI, use the -ConnectionUri parameter, or pass URI objects instead of strings.
      At line:13 char:5
      + Invoke-Command -ComputerName $Computer -ScriptBlock {
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : InvalidArgument: (System.String[]:String[]) [Invoke-Command], ArgumentException
      + FullyQualifiedErrorId : PSSessionInvalidComputerName,Microsoft.PowerShell.Commands.InvokeCommandCommand

      Invoke-Command : One or more computer names are not valid. If you are trying to pass a URI, use the -ConnectionUri parameter, or pass URI objects instead of strings.
      At line:13 char:5
      + Invoke-Command -ComputerName $Computer -ScriptBlock {
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : InvalidArgument: (System.String[]:String[]) [Invoke-Command], ArgumentException
      + FullyQualifiedErrorId : PSSessionInvalidComputerName,Microsoft.PowerShell.Commands.InvokeCommandCommand

      Invoke-Command : One or more computer names are not valid. If you are trying to pass a URI, use the -ConnectionUri parameter, or pass URI objects instead of strings.
      At line:13 char:5
      + Invoke-Command -ComputerName $Computer -ScriptBlock {
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : InvalidArgument: (System.String[]:String[]) [Invoke-Command], ArgumentException
      + FullyQualifiedErrorId : PSSessionInvalidComputerName,Microsoft.PowerShell.Commands.InvokeCommandCommand

      Invoke-Command : One or more computer names are not valid. If you are trying to pass a URI, use the -ConnectionUri parameter, or pass URI objects instead of strings.
      At line:13 char:5
      + Invoke-Command -ComputerName $Computer -ScriptBlock {
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : InvalidArgument: (System.String[]:String[]) [Invoke-Command], ArgumentException
      + FullyQualifiedErrorId : PSSessionInvalidComputerName,Microsoft.PowerShell.Commands.InvokeCommandCommand

      Invoke-Command : One or more computer names are not valid. If you are trying to pass a URI, use the -ConnectionUri parameter, or pass URI objects instead of strings.
      At line:13 char:5
      + Invoke-Command -ComputerName $Computer -ScriptBlock {
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : InvalidArgument: (System.String[]:String[]) [Invoke-Command], ArgumentException
      + FullyQualifiedErrorId : PSSessionInvalidComputerName,Microsoft.PowerShell.Commands.InvokeCommandCommand
      • LainRobertson's avatar
        LainRobertson
        Silver Contributor
        Oct 05, 2023

        MarkKrautler 

         

        Change line 13 from:

         

         Invoke-Command -ComputerName $Computer -ScriptBlock {

         

        To:

         

         Invoke-Command -ComputerName ($Computer.Name) -ScriptBlock {

         

        Cheers,

        Lain

Resources