I was recently was required to obtain a list of services and scheduled tasks which were running under a particular user account. I was able to run the Get-WmiObject cmdlet in a loop on a number of servers specified in a variable and capture the SystemName, DisplayName and StartName where the StartName matched my filter, as below:
if (-not (Get-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue))
{
Add-PSSnapin Quest.ActiveRoles.ADManagement
}
$Servers = Get-QADComputer | Select-Object Name
foreach ($Server in $Servers)
{
Get-WmiObject win32_service -ComputerName $Server | Where-Object {$_.StartName -like “*Service*”} | Select-Object SystemName, DisplayName, StartName
}
In order to get the list of servers to which I was to query I was loading the Quest Active Role AD Management snap-in, in this case no filter was being applied as I wanted to retrieve all computer accounts. The service(s) and scheduled task(s) to which I wanted to obtain information contained ‘Services’ in their StartName.
However, whilst looking at how to obtain this information for scheduled tasks I discovered a great script by Jan Egil Ring (@JanEgilRing) over on the TechNet library (http://gallery.technet.microsoft.com/Getting-information-about-438b5b1c).
The powershell function allows you to return information for all services and scheduled tasks where you specify a specific run as account. In my instance I still wanted to capture my list of computers by using the above method, so I invoked the function as follows to find all services and scheduled tasks running as the account ‘Service’:
if (-not (Get-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue))
{
Add-PSSnapin Quest.ActiveRoles.ADManagement
}
Get-QADComputer | Select-Object @{l=’computername’;e={$_.Name}} | Get-RunAsAccount -RunAsUser Service
The above scripts can act as a great way of managing your service and scheduled task information, which can be useful for purposes such as auditing.
Deans Blog 