PowerShell: Check for user accounts running Windows Services

Recently I worked with a client to validate that if a user account were to be disabled that it wasn’t going to break any of their currently running applications. You can be bit by an accidental miss-configuration where an end-users account is running a Windows Service or possibly at a lower level in a specific application such as SQL Server jobs. Luckily with the Power of PowerShell we can conquered the Windows Services! It is also possible to create a SQL Query, or even PowerShell scripts to query SQL, but we will not be covering that in this article.

Checking Windows Services:

The biggest concern I had was the Windows Services, it is easy enough for a junior admin to install SQL and specify their own account as the Service Account. THIS IS BAD! However with some simple PowerShell we can perform a visual inspection, or with some minor adjustments we could look for a service running with a specific user.

In the above example we are using a parenthetical command along with the Get-CimInstance Cmdlet. The command┬áthat is executed first is the Get-ADComputer, this will required the ActiveDirectory module is available on your computer system. It uses the filter parameter to look for any computer that is running Windows Server (any version). It then passes those values to the Get-CimInstance which performs an initial WQL Query, which doesn’t allow and statements. Therefore we have to pipe it’s returned values to a where statement which will continue filtering for us. At the very end it provides me the service name, the user account running it, and the computer this service is on.

I was able to run this against the clients environment and within a few minutes we new that it was safe to disable the account.

Be Sociable, Share!
  1. Is there a way to pipe the results to a text file for editing?

    Thanks.

  2. Considerations When an IT Employee Leaves | Matt Blogs IT - pingback on September 29, 2014 at 9:02 am

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">

Trackbacks and Pingbacks: