When a computer starts, all the autostart services also start. On occasion, one of these services might fail to start along with the computer. When a service fails during system startup, the computer takes action based on the value of the service error control code.
most services are installed using the Normal error control code. A few of the exceptions, which are installed using the Ignore error code, include:
For the services installed using the Ignore error code, no notification is given to the user that the service has failed. If you prefer on-screen notification that a service could not start, you can use WMI to change the error control code. Error control codes apply only to computer startup; error control codes are not used if you stop and then attempt to restart a service after the computer is running.
On occasion, you might need to change the account under which a given service runs. For example, you might run a service under an administrative account. Because this can create a security vulnerability, you might switch the service to an account with fewer privileges. Alternatively, you might have services running under an account that is about to be deleted, or you might want to ensure that, on all your servers, certain services run under certain accounts. You can use the Change method of the Win32_Service class to configure services to run under a specified user account. When selecting an account, keep in mind the following:
When you assign an account to a service, the SCM requires the correct password for that account before it makes the assignment. If you supply an incorrect password, the SCM rejects the account. If you configure a service account using the LocalSystem, LocalService, or NetworkService account, you do not need to supply an account password because these accounts do not have passwords.
The SCM stores the account password in the services database. After the password is assigned, however, the SCM does not ensure that the password stored in the services database and the password assigned to the user account in Active Directory continue to match. Consequently, a situation similar to the following could occur:
If you run services under regular user accounts, you need to update those service passwords each time the user account password changes. This can be particularly time-consuming if you are not sure which services are running under that account or which computers have services running under that account. Fortunately, you can use WMI to check the service accounts on all your computers and, if necessary, change the service account password.
The Win32_LoadOrderGroup parameter represents a group of system services that define execution dependencies. The services must be initiated in the order specified by the Load Order Group because the services depend on each other. These dependent services require the presence of the antecedent services to function correctly.
To change a service from a network service to a local system the StartName and StartPassword parameters should have the following values:
To change a service from a local system service to a network the StartName and StartPassword parameters should have the following values:
The following VBScript changes the service account for services from running under a specified user account to LocalSystem.
The following VBScript changes the service account password for all scripts running under Netsvc
Example
Do not run below example code just to see what happens next. Many methods seriously affect your system. Always make sure you actually understand what the method and the code do.
param
(
[Parameter(Mandatory)]
[bool]
$DesktopInteract,
[Parameter(Mandatory)]
[String]
$DisplayName,
[Parameter(Mandatory)]
[byte]
$ErrorControl,
[Parameter(Mandatory)]
[String]
$LoadOrderGroup,
[Parameter(Mandatory)]
[String]
$LoadOrderGroupDependencies,
[Parameter(Mandatory)]
[String]
$PathName,
[Parameter(Mandatory)]
[String]
$ServiceDependencies,
[Parameter(Mandatory)]
[byte]
$ServiceType,
[Parameter(Mandatory)]
[String]
$StartMode,
[Parameter(Mandatory)]
[String]
$StartName,
[Parameter(Mandatory)]
[String]
$StartPassword
)
$query = 'Select * From Win32_Service where Name="Spooler"'
Invoke-CimMethod -Query $query -MethodName Change -Arguments $PSBoundParameters |
Add-Member -MemberType ScriptProperty -Name ReturnValueFriendly -Passthru -Value {
switch ([int]$this.ReturnValue)
{
0 {'Success'}
1 {'Not Supported'}
2 {'Access Denied'}
3 {'Dependent Services Running'}
4 {'Invalid Service Control'}
5 {'Service Cannot Accept Control'}
6 {'Service Not Active'}
7 {'Service Request Timeout'}
8 {'Unknown Failure'}
9 {'Path Not Found'}
10 {'Service Already Running'}
11 {'Service Database Locked'}
12 {'Service Dependency Deleted'}
13 {'Service Dependency Failure'}
14 {'Service Disabled'}
15 {'Service Logon Failed'}
16 {'Service Marked For Deletion'}
17 {'Service No Thread'}
18 {'Status Circular Dependency'}
19 {'Status Duplicate Name'}
20 {'Status Invalid Name'}
21 {'Status Invalid Parameter'}
22 {'Status Invalid Service Account'}
23 {'Status Service Exists'}
24 {'Service Already Paused'}
default {"Unknown Error $_"}
}
}
To run this method on one or more remote systems, use New-CimSession
:
param
(
[Parameter(Mandatory)]
[bool]
$DesktopInteract,
[Parameter(Mandatory)]
[String]
$DisplayName,
[Parameter(Mandatory)]
[byte]
$ErrorControl,
[Parameter(Mandatory)]
[String]
$LoadOrderGroup,
[Parameter(Mandatory)]
[String]
$LoadOrderGroupDependencies,
[Parameter(Mandatory)]
[String]
$PathName,
[Parameter(Mandatory)]
[String]
$ServiceDependencies,
[Parameter(Mandatory)]
[byte]
$ServiceType,
[Parameter(Mandatory)]
[String]
$StartMode,
[Parameter(Mandatory)]
[String]
$StartName,
[Parameter(Mandatory)]
[String]
$StartPassword,
[String[]]
$ComputerName,
[PSCredential]
$Credential
)
$session = New-CimSession -ComputerName $ComputerName -Credential $Credential
$query = 'Select * From Win32_Service where Name="Spooler"'
Invoke-CimMethod -Query $query -MethodName Change -Arguments $PSBoundParameters -CimSession $session |
Add-Member -MemberType ScriptProperty -Name ReturnValueFriendly -Passthru -Value {
switch ([int]$this.ReturnValue)
{
0 {'Success'}
1 {'Not Supported'}
2 {'Access Denied'}
3 {'Dependent Services Running'}
4 {'Invalid Service Control'}
5 {'Service Cannot Accept Control'}
6 {'Service Not Active'}
7 {'Service Request Timeout'}
8 {'Unknown Failure'}
9 {'Path Not Found'}
10 {'Service Already Running'}
11 {'Service Database Locked'}
12 {'Service Dependency Deleted'}
13 {'Service Dependency Failure'}
14 {'Service Disabled'}
15 {'Service Logon Failed'}
16 {'Service Marked For Deletion'}
17 {'Service No Thread'}
18 {'Status Circular Dependency'}
19 {'Status Duplicate Name'}
20 {'Status Invalid Name'}
21 {'Status Invalid Parameter'}
22 {'Status Invalid Service Account'}
23 {'Status Service Exists'}
24 {'Service Already Paused'}
default {"Unknown Error $_"}
}
}
Remove-CimSession -CimSession $session
Learn more about
Invoke-CimMethod
and invoking WMI methods.
Syntax
uint32 Change(
[in] string DisplayName,
[in] string PathName,
[in] uint32 ServiceType,
[in] uint32 ErrorControl,
[in] string StartMode,
[in] boolean DesktopInteract,
[in] string StartName,
[in] string StartPassword,
[in] string LoadOrderGroup,
[in] string LoadOrderGroupDependencies[],
[in] string ServiceDependencies[]
);
Parameters
Name | Type | Description |
---|---|---|
DesktopInteract | Boolean | |
DisplayName | String | |
ErrorControl | UInt8 | |
LoadOrderGroup | String | |
LoadOrderGroupDependencies | String | |
PathName | String | |
ServiceDependencies | String | |
ServiceType | UInt8 | |
StartMode | String | |
StartName | String | |
StartPassword | String |
Return Value
Returns a value of type UInt32. Return values:
$returnValues = @{
0 = 'Success'
1 = 'Not Supported'
2 = 'Access Denied'
3 = 'Dependent Services Running'
4 = 'Invalid Service Control'
5 = 'Service Cannot Accept Control'
6 = 'Service Not Active'
7 = 'Service Request Timeout'
8 = 'Unknown Failure'
9 = 'Path Not Found'
10 = 'Service Already Running'
11 = 'Service Database Locked'
12 = 'Service Dependency Deleted'
13 = 'Service Dependency Failure'
14 = 'Service Disabled'
15 = 'Service Logon Failed'
16 = 'Service Marked For Deletion'
17 = 'Service No Thread'
18 = 'Status Circular Dependency'
19 = 'Status Duplicate Name'
20 = 'Status Invalid Name'
21 = 'Status Invalid Parameter'
22 = 'Status Invalid Service Account'
23 = 'Status Service Exists'
24 = 'Service Already Paused'
}
See Also
Additional methods implemented by Win32_Service:
ChangeStartMode()
ChangeStartMode() modifies the start mode of a service.
Create()
Delete()
Delete() deletes an existing service.
GetSecurityDescriptor()
GetSecurityDescriptor() returns the security descriptor that controls access to the service.
InterrogateService()
InterrogateService() requests that a service update its state to the service manager.
PauseService()
PauseService() attempts to place a service in the paused state.
ResumeService()
ResumeService() attempts to place a service in the resumed state.
SetSecurityDescriptor()
SetSecurityDescriptor() writes an updated version of the security descriptor that controls access to the service.
StartService()
StartService() attempts to place a service into the startup state.
StopService()
StopService() places a service in the stopped state.
UserControlService()
UserControlService() attempts to send a user-defined control code to a service.
Requirements
To use Win32_Service, the following requirements apply:
PowerShell
Get-CimInstance
was introduced with PowerShell Version 3.0, which in turn was introduced on clients with Windows 8 and on servers with Windows Server 2012.
If necessary, update Windows PowerShell to Windows PowerShell 5.1, or install PowerShell 7 side-by-side.
Operating System
Win32_Service was introduced on clients with Windows Vista and on servers with Windows Server 2008.
Namespace
Win32_Service lives in the Namespace Root/CIMV2. This is the default namespace. There is no need to use the -Namespace parameter in Get-CimInstance
.
Implementation
Win32_Service is implemented in CIMWin32.dll and defined in CIMWin32.mof. Both files are located in the folder C:\Windows\system32\wbem
:
explorer $env:windir\system32\wbem
notepad $env:windir\system32\wbem\CIMWin32.mof