I want to get the path of the executable (e.g. C:\Windows\System\example.exe) from all the running services. I do NOT wanna have any additional config parameter in there. Those paths I wish to add to a variable $services. A foreach loop should finally call Get-ACL to check the permissions of the service executable.
So what I tried is this:
$services=Get-WmiObject win32_service |
select @{Expression={(($_.PathName.replace('"',''))) -replace'(^.*\.exe).*','"$1"'}} | Out-String | Format-List
I admit the string replacement could probably be optimized. But this is the best I came up with. Why are the paths still in " "? Because some executable paths have white spaces in it. I wish to avoid issues with the path parameter of Get-ACL later.
This leads to $services being declared like this:
PS > $services
(($_.PathName.replace('"',''))) -replace'(^.*\.exe).*','"$1"'
-------------------------------------------------------------
"C:\Windows\system32\svchost.exe"
"C:\Windows\System32\alg.exe"
"C:\Windows\system32\svchost.exe"
"C:\Windows\system32\svchost.exe"
"C:\Windows\system32\svchost.exe"
"C:\Windows\System32\svchost.exe"
"C:\Windows\system32\AppVClient.exe"
Here is my foreach loop and the error it throws:
PS > Foreach($s in $services){Get-ACL -Path $s }
Get-ACL : Cannot find path 'Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData' because it does not exist.
At line:1 char:26
+ Foreach($s in $services){Get-ACL -Path $s }
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-Acl], ItemNotFoundException
+ FullyQualifiedErrorId : GetAcl_PathNotFound_Exception,Microsoft.PowerShell.Commands.GetAclCommand
I did try to run it with -ErrorAction SilentlyContinue as I first believed it was only the heading of $services that causes this issue. But if I do so, there is no output at all.
I did check what happens when I call Get-ACL -Path "C:\Windows\system32\svchost.exe"
manually.
And that works:
Directory: C:\Windows\system32
Path Owner Access
---- ----- ------
svchost.exe NT SERVICE\TrustedInstaller NT AUTHORITY\SYSTEM Allow ReadAndExecute, Synchronize...
The output is not complete. But a | format-list
at the end would fix that.
Can anyone give me some advice on how to get this path handled correctly? I am out of ideas.