Get all non-default Windows services

Getting a list of all services isn’t that hard. This can be achieved with Get-Service or with Get-WmiObject win32_service. It seems that Get-Service doesn’t leave me with enough properties to query and/or filter out, and this time the Get-WmiObject queries work quick enough; thus I’ll use this for my code.

I wanted a list of all non-default Windows services in Windows 2012… This I will use in a script that will automatically write documentation for the application servers which I manage.

I couldn’t find somethins like this, so decided to share my work and how I got to the result once I completed it.

It seems that if I filter out most MS services where its caption doesn’t contain ‘Windows’ or it’s path contains the text ‘Windows’

#Get all services where its caption or its pathname doesn't contain Windows
Get-WmiObject win32_service | where { $_.Caption -notmatch "Windows" -and $_.PathName -notmatch "Windows" }

It seems the Microsoft Policy Platform service and the Local Session Manager services don’t have ‘Windows’ mentioned, so I will filter these out by path/name
The Windows 2012 R2 server I query also contains Microsoft Office and System Center Endpoint Security, thus I need to filter these out as well

#Adding exclusion for "policyhost.exe" removes Microsoft Policy Platform service
Get-WmiObject win32_service | where { $_.Caption -notmatch "Windows" -and $_.PathName -notmatch "Windows" -and $_.PathName -notmatch "policyhost.exe" }

#Adding exclusion for service name "LSM" removes the Local Session Manager service
Get-WmiObject win32_service | where { $_.Caption -notmatch "Windows" -and $_.PathName -notmatch "Windows" -and $_.PathName -notmatch "policyhost.exe" -and $_.Name -ne "LSM" }

#Adding exclusion for "OSE.EXE" removes the Office Source Engine Service
Get-WmiObject win32_service | where { $_.Caption -notmatch "Windows" -and $_.PathName -notmatch "Windows" -and $_.PathName -notmatch "policyhost.exe" -and $_.Name -ne "LSM" -and $_.PathName -notmatch "OSE.EXE" }

#Adding exclusion for "OSPPSVC.EXE" removes the Office Software Protection Platform Service
Get-WmiObject win32_service | where { $_.Caption -notmatch "Windows" -and $_.PathName -notmatch "Windows" -and $_.PathName -notmatch "policyhost.exe" -and $_.Name -ne "LSM" -and $_.PathName -notmatch "OSE.EXE" -and $_.PathName -notmatch "OSPPSVC.EXE" }

#Adding exclusion for "Microsoft Security Client" removes Microsoft Security Client (SCEP)
#This leaves us with all non-default services on a Windows 2012 R2 server!
Get-WmiObject win32_service | where { $_.Caption -notmatch "Windows" -and $_.PathName -notmatch "Windows" -and $_.PathName -notmatch "policyhost.exe" -and $_.Name -ne "LSM" -and $_.PathName -notmatch "OSE.EXE" -and $_.PathName -notmatch "OSPPSVC.EXE" -and $_.PathName -notmatch "Microsoft Security Client" }

Conclusion

This returns all non-default services which I need for my automatic documentation (parts of this script will be posted on this blog, in posts like this one). Now I can put them in an object and query their specific items. I listed several properties in the example script below; using $NonDefaultServices | gm will give you all usable properties of your NonDefaultServices object.

$NonDefaultServices = Get-wmiobject win32_service | where { $_.Caption -notmatch "Windows" -and $_.PathName -notmatch "Windows" -and

$_.PathName -notmatch "policyhost.exe" -and $_.Name -ne "LSM" -and $_.PathName -notmatch "OSE.EXE" -and $_.PathName -notmatch
"OSPPSVC.EXE" -and $_.PathName -notmatch "Microsoft Security Client" }

$NonDefaultServices.DisplayName # Service Display Name (full name)
$NonDefaultServices.PathName # Service Executable
$NonDefaultServices.StartMode # Service Startup mode
$NonDefaultServices.StartName # Service RunAs Account
$NonDefaultServices.State # Service State (running/stopped etc)
$NonDefaultServices.Status # Service Status
$NonDefaultServices.Started # Service Started status
$NonDefaultServices.Description # Service Description

Advertisements

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: