Find services used by specific service account

PowerShell Help
1

by sabeltiger81 at 2013-03-07 01:38:47

I’m trying to find every service running or not, where the account used is mydomain\srv-SQL

My problem is, that I have tried varous filters with and without joker signs. I need some help here to only get services used by this one account how can I achieve this with powershell

The file i’m importing has all the servers I want to search through.

So fare I have this Import-Csv C:\PS1\Running_services\servers.csv | ForEach-Object{Get-WmiObject -Class Win32_Service -ComputerName $.ComputerName | select Systemname,name,Startname}
by DexterPOSH at 2013-03-07 02:16:02
Hi ,

I am just curious as to why not filter using the -filter parameter for Get-WmiObject to get only the services running under the particular account.
Something like below
Get-WmiObject win32_service -Filter "startname LIKE '%srv-SQL'" | select name,startname

Just give it a try and let us know if that works for you. If it does change your code accordingly.

Hope this helps
by sabeltiger81 at 2013-03-07 03:23:44
Because when I use the -filter parameter I get the RPC is not availble error from PowerShell. This do not happen if I just run the script without filter parameter.
by DexterPOSH at 2013-03-07 04:49:06
Okey,

I haven’t encountered any such cases but then you can always use where-object to filter the required objects.
But as a good practice…try filtering on the right of the pipeline.
Import-Csv C:\PS1\Running_services\servers.csv | ForEach-Object{Get-WmiObject -Class Win32_Service -ComputerName $.ComputerName | where {$_.startname -eq "mydomain\srv-SQL"}|select Systemname,name,Startname}

hope this helps
by sabeltiger81 at 2013-03-07 06:02:40
tried that two, and with errors still. But one of my colleagues have actually solved the issue. I will provide the answer sometime tomorrow.
by MasterOfTheHat at 2013-03-12 07:52:19
That’s really strange… When I run the following command, it works like a champ:
Get-WmiObject -ComputerName server01 -ClassName win32_service -filter "StartName like 'RP_svcacct%'"

What specific error are you getting? Can you post it here?