Do you know which accounts are used to start the services running on your machines? if you need this information try:
Get-WmiObject -Class Win32_Service | select Name, DisplayName, StartName
For a remote machine this becomes
Get-WmiObject -Class Win32_Service -ComputerName Win7 | select Name, DisplayName, StartName
And for testing which services are started by a specific account use:
Get-WmiObject -Class Win32_Service -ComputerName Win7 | where {$_.StartName -eq ‘NT Authority\LocalService’} | select Name, DisplayName, StartName
I wanted to use a WMI filter instead of Where-Object but it didn’t want to work
By: Chad Miller on June 28, 2011 at 7:33 pm
Try adding double slash in the filter.
Get-WmiObject -Class Win32_Service -Filter {Startname = ‘NT Authority\\LocalService’}
It probably needed to be escaped.
By: RichardSiddaway on June 29, 2011 at 12:46 pm
Doh
Thanks for reminding me.
Thats what happens when you write a post late in the evening 🙂