How will I save my credentials every loop in Powershell - windows

Is there a way in saving my credentials so it will not keep asking every loop? Like, isolating it outside the foreach loop. I tried removing -credentials and add it outside but it gives me an error of unauthorized access. I can't seem to figure it out. Sorry if this question seem to be stupid, I'm new to Powershell.
Import-Module ActiveDirectory
$ServerList = Get-Content "C:\servers.txt"
foreach($ServerName in $ServerList){
"$ServerName"
"=========="
Get-WmiObject -Class Win32_UserAccount -Computer $ServerName -Filter "LocalAccount='True'" -credential CORPORATE\usmenm03adm| Select Name
" "
}


You can define the credential outside the loop.
I edited your script like below
Import-Module ActiveDirectory
$ServerList = Get-Content "C:\servers.txt"
$cred=Get-Credential
foreach($ServerName in $ServerList){
"$ServerName"
"=========="
Get-WmiObject -Class Win32_UserAccount -Computer $ServerName -Filter "LocalAccount='True'" -credential $cred | Select Name
" "
}


Yes, read the credentials once with Get-Credential and store in a variable:
Import-Module ActiveDirectory
$ServerList = Get-Content "C:\servers.txt"
$MyCredential = Get-Credential -UserName "CORPORATE\usmenm03adm" -Message "Enter WMI credentials"
foreach ($ServerName in $ServerList) {
"$ServerName"
"=========="
Get-WmiObject -Class Win32_UserAccount -Computer $ServerName -Filter "LocalAccount='True'" -Credential $MyCredential | Select-Object Name
" "
}

Related

How to find, stop and disable a Windows service using Powershell

I am trying to find a service, stop it and then disable it remotely using Powershell. It can find and stop but cannot disable. For disabling, I have to run the Set-Service command separately. Can it be done in one line?
The following code-snippet will stop the Print Spooler service, but will not disable it:
$ip = "10.10.10.10"
$svc_name = "Spooler"
get-service -ComputerName $ip | Where-Object {$_.Name -eq $svc_name} | Stop-Service | Set-Service -StartupType Disabled
The following code-snippet will stop and disable the Print Spooler service:
$ip = "10.10.10.10"
$svc_name = "Spooler"
get-service -ComputerName $ip | Where-Object {$_.Name -eq $svc_name} | Stop-Service
Set-Service $svc_name -StartupType Disabled
Powershell version is 5.1.14393.2969.
Edit:
The following line will also find and disable. So, it looks like I can give two instructions with pipeline.
get-service -ComputerName $ip | Where-Object {$_.Name -eq $svc_name} | Set-Service -StartupType Disabled

You need to use Set-Service to set the startup type, as outlined in your question:
Set-Service -StartupType Disabled $svc_name
If you want to do it in "one line", you can use the -PassThru argument on Stop-Service to return the service object which can then be sent down the pipeline (you also don't need a Where-Object clause, Get-Service can filter on service name as well):
Get-Service -ComputerName $ip $svc_name | Stop-Service -PassThru | Set-Service -StartupType Disabled
You had this close in your original question, but it didn't work because you didn't use the-PassThru parameter on Stop-Service. As a note, many cmdlets that don't return an object by default do include a -PassThru parameter to return an object that can further processed if necessary, this isn't limited to Stop-Service by any means.

Bender's answer works in PowerShell 5.1, but the -ComputerName parameter was removed from the Get-Service cmdlet in PowerShell 6+. If you're trying to do this in pwsh.exe (i.e. PowerShell 6+), you can use code like the following:
[string[]] $servers = #('server1', 'server2, 'server3')
[scriptblock] $disableServiceScriptBlock = {
[string] $serviceName = 'SERVICE NAME TO DISABLE GOES HERE'
Stop-Service -Name $serviceName
Set-Service -Name $serviceName -StartupType Disabled
}
Invoke-Command -ComputerName $servers -ScriptBlock $disableServiceScriptBlock
Here's a longer code snippet with better error reporting so you know what server an error occurred on:
[string[]] $servers = #('server1', 'server2, 'server3')
[scriptblock] $disableServiceScriptBlock = {
[string] $serviceName = 'SERVICE NAME TO DISABLE GOES HERE'
Stop-Service -Name $serviceName -ErrorVariable stopError -ErrorAction SilentlyContinue
Set-Service -Name $serviceName -StartupType Disabled -ErrorVariable disableError -ErrorAction SilentlyContinue
# If an error occurred, report which server it occurred on with the error message.
[string] $computerName = $Env:ComputerName
if ($stopError)
{
Write-Error "$computerName : Stop Error: $stopError"
}
if ($disableError)
{
Write-Error "$computerName : Disable Error: $disableError"
}
}
Invoke-Command -ComputerName $servers -ScriptBlock $disableServiceScriptBlock

***Stopping both Windows Firewall and Windows Defender Firewall***
$date = get-date -uformat "%m%d%y-%H"
$day = Get-Date -Format yyyyMMdd
$dayold = Get-Date -Format "%M%d%y"
$today = (Get-Date -Format yyyyMMdd)+"-"+(get-date -uformat %H)
$ErrorActionPreference = "SilentlyContinue"
$ServerList = (Get-adcomputer -SearchBase "OU=site,OU=servers,DC=subdomain,DC=domain,DC=root" -filter {name -like "*cont*ext*"} -SearchScope Subtree -Properties Name) |select name
$ServerList=$ServerList.name
(Test-Connection -ComputerName $env:LOGONSERVER.Remove(0,2) -Count 1 -quiet)|Out-Null
foreach ($server in $ServerList){
if(Test-Connection -ComputerName $server -Count 1 -quiet){
$result = (get-service -ComputerName $server -name MpsSvc |select *)
if($result.Status -eq "Running")
{
get-service -ComputerName $server -name MpsSvc |stop-service -Force
get-service -ComputerName $server -name MpsSvc |set-service -ComputerName $server -StartupType Disabled
}
elseif($result.StartType -ne "Disabled"){
set-service -ComputerName $server -name MpsSvc -StartupType "Disabled"
}
$result = (get-service -ComputerName $server -name MpsSvc |select *)
$server+": "+"The "+$result.DisplayName+" is "+$result.Status+" and "+$result.StartType
}
}

PowerShell_copy-item_ToSession/FromSession

I want to copy a file from the remote server to local, and my code is
Make sure the xxx.xxx.x.xxx's connection
>
Read-Host "Enter Password" -AsSecureString | ConvertFrom-SecureString | Out-File"C:\Users\chrishchang\Desktop\powershell/remote-password.txt"
$user = get-content C:\Users\chrishchang\Desktop\powershell/remote-user.txt
$pass = get-content C:\Users\chrishchang\Desktop\powershell/remote-password.txt |
ConvertTo-securestring
&myCred = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$pass
$session = new-pssession -computername name -credential $myCred
Invoke-Command -ComputerName xxx.xxx.x.xxx -ScriptBlock { ipconfig /all } -credential $myCred
create the new file
>
$command={New-Item c:\scripts\new_file.txt -type file -force -value "This is text added to the file"}
Invoke-Command -session $session -scriptblock $command
copy the file from xxx.xxx.x.xxx to local
>
$command={Copy-Item -FromSession $session -Path "c:\scripts\new_file.txt" -Destination "C:\Users\chrishchang\desktop\"}
Invoke-Command -session $session -scriptblock $command
The error result..
enter image description here
Please give me some suggestion, I have suffered from it for a long time.

The last step (3) should be:
Copy-Item -FromSession $session -Path "c:\scripts\new_file.txt" -Destination "C:\Users\chrishchang\desktop"
Don't use Invoke-Command as the Copy-Item already uses the session.

How to get all remote computer's usernames via Powershell?

Is there any way to get list of all local user accounts on a remote computer via Powershell?

You can get this with a WMI-query.
function Get-LocalUser ($Computername = $env:COMPUTERNAME) {
Get-WmiObject -Query "Select * from Win32_UserAccount Where LocalAccount = 'True'" -ComputerName $ComputerName |
Select-Object -ExpandProperty Name
}
Get-LocalUser -ComputerName "TestPC1"

Modifying local accounts with powershell

I'm trying to set the properties of a local account on a bunch of servers to "password never expires". This is the best I could figure out. I keep getting:
Get-WmiObject : Invalid parameter
At C:\Users\xxxxxx\AppData\Local\Temp\4f06fa1c-61da-4c65-ac0b-a4167d83d51c.ps1:4 char:14
+ Get-WmiObject <<<< -class Win32_UserAccount -Filter "name = 'localaccount'" - ComputerName $server | Set-WmiInstance -Argument #{PasswordExpires = 0}
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
--------- Here's what I am trying ------------
$servers = Get-Item c:\list.txt
foreach ($server in $servers)
{
Get-WmiObject -class Win32_UserAccount -Filter "name = 'localaccount'" -ComputerName $server | Set-WmiInstance -Argument #{PasswordExpires = 0}
}
Thank you!

Your mistake is in this line:
$servers = Get-Item c:\list.txt
The Get-Item cmdlet returns a FileInfo object, not the content of the file. For reading the content into a variable you need the Get-Content cmdlet.
This should work:
Get-Content 'c:\list.txt' | % {
gwmi Win32_UserAccount -Computer $_ -Filter "name='localaccount'" |
Set-WmiInstance -Argument #{PasswordExpires = $false}
}
You could also do the property change like this (source):
Get-Content 'c:\list.txt' | % {
$account = gwmi Win32_UserAccount -Computer $_ -Filter "name='localaccount'"
$account.PasswordExpires = $false
$account.Put()
}

Powershell script to change service account

Does anyone have a Powershell script to change the credentials used by a Windows service?

Bit easier - use WMI.
$service = gwmi win32_service -computer [computername] -filter "name='whatever'"
$service.change($null,$null,$null,$null,$null,$null,$null,"P#ssw0rd")
Change the service name appropriately in the filter; set the remote computer name appropriately.

I wrote a function for PowerShell that changes the username, password, and restarts a service on a remote computer (you can use localhost if you want to change the local server). I've used this for monthly service account password resets on hundreds of servers.
You can find a copy of the original at http://www.send4help.net/change-remote-windows-service-credentials-password-powershel-495
It also waits until the service is fully stopped to try to start it again, unlike one of the other answers.
Function Set-ServiceAcctCreds([string]$strCompName,[string]$strServiceName,[string]$newAcct,[string]$newPass){
$filter = 'Name=' + "'" + $strServiceName + "'" + ''
$service = Get-WMIObject -ComputerName $strCompName -namespace "root\cimv2" -class Win32_Service -Filter $filter
$service.Change($null,$null,$null,$null,$null,$null,$newAcct,$newPass)
$service.StopService()
while ($service.Started){
sleep 2
$service = Get-WMIObject -ComputerName $strCompName -namespace "root\cimv2" -class Win32_Service -Filter $filter
}
$service.StartService()
}

The PowerShell 6 version of Set-Service now has the -Credential parameter.
Here is an example:
$creds = Get-Credential
Set-Service -DisplayName "Remote Registry" -Credential $creds
At this point, it is only available via download via GitHub.
Enjoy!

I created a text file "changeserviceaccount.ps1" containing the following script:
$account="domain\user"
$password="passsword"
$service="name='servicename'"
$svc=gwmi win32_service -filter $service
$svc.StopService()
$svc.change($null,$null,$null,$null,$null,$null,$account,$password,$null,$null,$null)
$svc.StartService()
I used this as part of by post-build command line during the development of a windows service:
Visual Studio: Project properties\Build Events
Pre-build event command line:
"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\installutil.exe" myservice.exe /u
Post-build event command line:
"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\installutil.exe" myservice.exe
powershell -command - < c:\psscripts\changeserviceaccount.ps1

A slight variation on the other scripts here, is below. This one will set credentials for any/all services running under a given login account. It will only attempt to restart the service if it was already running, so that we don't accidentally start a service that was stopped for a reason. The script has to be run from and elevated shell (if the script starts telling you about ReturnValue = 2, you're probably running it un-elevated). Some usage examples are:
all services running as the currently logged in user, on the local host:
.\set-servicecredentials.ps1 -password p#ssw0rd
all services running as user: somedomain\someuser on host somehost.somedomain:
.\set-servicecredentials.ps1 somehost.somedomain somedomain\someuser p#ssw0rd
Set-ServiceCredentials.ps1:
param (
[alias('computer', 'c')]
[string] $computerName = $env:COMPUTERNAME,
[alias('username', 'u')]
[string] $serviceUsername = "$env:USERDOMAIN\$env:USERNAME",
[alias('password', 'p')]
[parameter(mandatory=$true)]
[string] $servicePassword
)
Invoke-Command -ComputerName $computerName -Script {
param(
[string] $computerName,
[string] $serviceUsername,
[string] $servicePassword
)
Get-WmiObject -ComputerName $computerName -Namespace root\cimv2 -Class Win32_Service | Where-Object { $_.StartName -eq $serviceUsername } | ForEach-Object {
Write-Host ("Setting credentials for service: {0} (username: {1}), on host: {2}." -f $_.Name, $serviceUsername, $computerName)
$change = $_.Change($null, $null, $null, $null, $null, $null, $serviceUsername, $servicePassword).ReturnValue
if ($change -eq 0) {
Write-Host ("Service Change() request accepted.")
if ($_.Started) {
$serviceName = $_.Name
Write-Host ("Restarting service: {0}, on host: {1}, to implement credential change." -f $serviceName, $computerName)
$stop = ($_.StopService()).ReturnValue
if ($stop -eq 0) {
Write-Host -NoNewline ("StopService() request accepted. Awaiting 'stopped' status.")
while ((Get-WmiObject -ComputerName $computerName -Namespace root\cimv2 -Class Win32_Service -Filter "Name='$serviceName'").Started) {
Start-Sleep -s 2
Write-Host -NoNewline "."
}
Write-Host "."
$start = $_.StartService().ReturnValue
if ($start -eq 0) {
Write-Host ("StartService() request accepted.")
} else {
Write-Host ("Failed to start service. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa393660(v=vs.85).aspx" -f $start) -ForegroundColor "red"
}
} else {
Write-Host ("Failed to stop service. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa393673(v=vs.85).aspx" -f $stop) -ForegroundColor "red"
}
}
} else {
Write-Host ("Failed to change service credentials. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa384901(v=vs.85).aspx" -f $change) -ForegroundColor "red"
}
}
} -Credential "$env:USERDOMAIN\$env:USERNAME" -ArgumentList $computerName, $serviceUsername, $servicePassword

Considering that whithin this class:
$class=[WMICLASS]'\\.\root\Microsoft\SqlServer\ComputerManagement:SqlService'
there's a method named setserviceaccount(), may be this script will do what you want:
# Copyright Buck Woody, 2007
# All scripts provided AS-IS. No functionality is guaranteed in any way.
# Change Service Account name and password using PowerShell and WMI
$class = Get-WmiObject -computername "SQLVM03-QF59YPW" -namespace
root\Microsoft\SqlServer\ComputerManagement -class SqlService
#This remmed out part shows the services - I'll just go after number 6 (SQL
#Server Agent in my case):
# foreach ($classname in $class) {write-host $classname.DisplayName}
# $class[6].DisplayName
stop-service -displayName $class[6].DisplayName
# Note: I recommend you make these parameters, so that you don't store
# passwords. At your own risk here!
$class[6].SetServiceAccount("account", "password")
start-service -displayName $class[6].DisplayName

Just making #alastairs's comment more visible: the 6th parameter must be $false instead of $null when you use domain accounts:
$service = Get-WMIObject -class Win32_Service -filter "name='serviceName'"
$service.change($null, $null, $null, $null, $null, $false, "DOMAIN\account", "mypassword")
Without that it was working for 4/5 of the services I tried to change, but some refused to be changed (error 21).

$svc = Get-WmiObject win32_service -filter "name='serviceName'"
the position of username and password can change so try this line to find the right place$svc.GetMethodParameters("change")
$svc.change($null,$null,$null,$null,$null,$null,$null,$null,$null,"admin-username","admin-password")

What I cannot find in the default PS stack, I find it implemented in Carbon:
http://get-carbon.org/help/Install-Service.html
http://get-carbon.org/help/Carbon_Service.html (Carbon 2.0 only)

The given answers do the job.
Although, there is another important detail; in order to change the credentials and run the service successfully, you first have to grant that user account permissions to 'Log on as a Service'.
To grant that privilege to a user, use the Powershell script provided here by just providing the username of the account and then run the other commands to update the credentials for a service as mentioned in the other answers, i.e.,
$svc=gwmi win32_service -filter 'Service Name'
$svc.change($null,$null,$null,$null,$null,$null,'.\username','password',$null,$null,$null)

Sc config example. First allowing modify access to a certain target folder, then using the locked down "local service" account. I would use set-service -credential, if I had PS 6 or above everywhere.
icacls c:\users\myuser\appdata\roaming\fahclient /grant "local service:(OI)(CI)(M)"
sc config "FAHClient" obj="NT AUTHORITY\LocalService"

Resources