Forum Discussion
Powershell to export list of all services not running as SYSTEM account on all domain computers
I need to see if there are any services running as service accounts and wanted to query all our domain computers to get the service name, what state is it in (Running/Disabled/Stopped), the server it...
Change line 13 from:
Invoke-Command -ComputerName $Computer -ScriptBlock {
To:
Invoke-Command -ComputerName ($Computer.Name) -ScriptBlock {
Cheers,
Lain
'Get-Service' doesn't contain the service user, you need to use 'Get-CIMInstance -Class Win32_Service'
https://www.commandline.ninja/use-powershell-to-find-windows-svcs-configured-to-run-as-another-user/
Try this modified version of LeonPavesic's script
# Get a list of all computers in the domain (you may need to customize this query)
$Computers = Get-ADComputer -Filter * -SearchBase "OU=Citrix,OU=HCAA,DC=PACs,DC=local"
# Create a new CSV file
$CSVFile = "c:\temp\services_not_running_as_system.csv"
New-Item -ItemType File -Path $CSVFile
# Add the header row to the CSV file
Add-Content -Path $CSVFile -Value "SystemName,Name,DisplayName,StartMode,StartName,State"
# Iterate through each computer and get a list of all services not running as the SYSTEM account
foreach ($Computer in $Computers) {
try {
Invoke-Command -ComputerName ($Computer.name) -ScriptBlock {
Get-CIMInstance -Class Win32_Service | where-object StartName -notlike 'LocalSystem' | where-object StartName -notlike 'NT Authority%'
} | Select-Object SystemName, Name, DisplayName, StartMode, StartName, State | Export-Csv -Path $CSVFile -Append -NoTypeInformation
} catch {
Write-Host "Error connecting to $($Computer.name)" -ForegroundColor Red
}
}
-Ole