Summary<\/b>: Microsoft Scripting Guy, Ed Wilson, talks about using WMI to find out how services start.<\/p>\n
![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\")
Hey, Scripting Guy! I was looking at the processes on my workstation, and I see lots of things running. I suspect many of these are actually services. But I am wondering how I can use Windows PowerShell to find services that start automatically. For example, the great cmdlet Get-Service<\/b> does not display this information. Any thoughts?<\/p>\n
—TL<\/p>\n
![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\")
Hello TL,<\/p>\n
Microsoft Scripting Guy, Ed Wilson, is here. Yes, I have some thoughts. My main thought is that tomorrow begins the weekend in Charlotte, North Carolina. I am wondering, “What I will do?” I know I will spend some time working on my book, and maybe spend some time in the gym. I am also thinking that I also want to re-read the Dupin stories by Poe. As you may know, Poe is widely credited with writing the first detective mysteries. So it is always a great idea to go back to the beginnings…<\/p>\n
Speaking of going back to the beginnings…<\/p>\n
You are absolutely right. The Get-Service<\/b> cmdlet, although easy to use and providing a great deal of information, does not display a service start mode. Here is a quick peak at that:<\/p>\n
To obtain service start mode information, we need to go old school and use the Win32_Serivce WMI class. This class has been around for a long time and it continues to work wonderfully well. It is well documented on MSDN: Win32_Service class<\/a>. By using the Get-CimInstance<\/b> cmdlet, all I need to do is query it. Here is the command:<\/p>\n Get-CimInstance Win32_Service <\/p>\n The command and its associated output are shown here:<\/p>\n Because the Get-CimInstance<\/b> cmdlet displays the StartMode<\/b> by default in the output, technically I am done with your request. However, you probably want to sort these. That is easy to do. I pipe the output to Sort-Object<\/b> and specify StartMode<\/b>. Here is the command:<\/p>\n Get-CimInstance Win32_Service |<\/p>\n Sort-Object StartMode<\/p>\n The following output shows that, by default, it starts with Auto (but I could change that by specifying Descending<\/b>:<\/p>\n I may decide that I simply want numbers. I can get this type of overview by piping to Group-Object<\/b>. Here is the command:<\/p>\n Get-CimInstance Win32_Service |<\/p>\n Sort-Object StartMode |<\/p>\n Group-Object StartMode -NoElement<\/p>\n The output is really nice. It is shown here:<\/p>\n By the way…if you decide to begin monkeying around with service start modes, you have a couple of things you can do. One, you can write a script and use the ChangeStartMode<\/b> method. If you do this, at least you will have documentation for what you did, and you can run another script to change things back if it doesn’t work out. The ChangeStartMode<\/b> method is also documented on MSDN: ChangeStartMode method of the Win32_Service class<\/a>.<\/p>\n Another good thing to do is to use the CheckPoint-Computer<\/b> cmdlet before you begin messing around with services. This way, if you need to restore, you can use the Restore-Computer<\/b> cmdlet to fall back. If you do these things immediately before and after changes, there is a good chance that no major lasting issues will arise.<\/p>\n TL, that is all there is to using WMI to find out how services start. WMI Week will continue tomorrow when I will talk about more way cool stuff.<\/p>\n I invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.<\/p>\n Ed Wilson, Microsoft Scripting Guy<\/b><\/p>\n","protected":false},"excerpt":{"rendered":" Summary: Microsoft Scripting Guy, Ed Wilson, talks about using WMI to find out how services start. Hey, Scripting Guy! I was looking at the processes on my workstation, and I see lots of things running. I suspect many of these are actually services. But I am wondering how I can use Windows PowerShell to find […]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[385,31,3,4,39,45,6],"class_list":["post-697","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-cim","tag-operating-system","tag-scripting-guy","tag-scripting-techniques","tag-services","tag-windows-powershell","tag-wmi"],"acf":[],"blog_post_summary":" Summary: Microsoft Scripting Guy, Ed Wilson, talks about using WMI to find out how services start. Hey, Scripting Guy! I was looking at the processes on my workstation, and I see lots of things running. I suspect many of these are actually services. But I am wondering how I can use Windows PowerShell to find […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=697"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/697\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=697"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=697"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"Image](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/hsg-9-12-14-01.png\" "\\"Image")
<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n