Quick Tip: Discovering service start accounts
Published June 28, 2011Do you know which accounts are used to start the services running on your machines? if you need this information try:
Get-WmiObject -Class Win32_Service | select Name, DisplayName, StartName
For a remote machine this becomes
Get-WmiObject -Class Win32_Service -ComputerName Win7 | select Name, DisplayName, StartName
And for testing which services are started by a specific account use:
Get-WmiObject -Class Win32_Service -ComputerName Win7 | where {$_.StartName -eq 'NT Authority\LocalService'} | select Name, DisplayName, StartName
I wanted to use a WMI filter instead of Where-Object but it didn’t want to work
2 Responses to Quick Tip: Discovering service start accounts
Leave a Reply
You must be logged in to post a comment.
Try adding double slash in the filter.
Get-WmiObject -Class Win32_Service -Filter {Startname = ‘NT Authority\\LocalService’}
It probably needed to be escaped.
Doh
Thanks for reminding me.
Thats what happens when you write a post late in the evening 🙂