Ändern Sie das Kennwort des Kontos, das für die Ausführung eines Dienstes verwendet wird

Question

Ich aktualisiere einen Windows-Dienst so, dass er unter einem bestimmten Benutzer ausgeführt wird, anstelle des lokalen Benutzers, der PowerShell verwendet.

Wenn ich es manuell aktualisiere funktioniert es, aber ich bin nicht in der Lage, das Passwort mit meinem Skript zu aktualisieren.

Function RunWindowsServiceUnderSpecificUser{ 
Param(
[Parameter(Mandatory=$true)] 
[string] $ServiceName, 
[Parameter(Mandatory=$true)] 
[string] $UserName, 
[Parameter(Mandatory=$true)] 
[string] $Password) 

$Service = Get-WmiObject -Class Win32_service -Filter "name='$ServiceName'" 
$NoDesktopInteract = $false 

[string]$DomainUser=(gwmi win32_userAccount -Filter "Name='$UserName'").Caption 
if ($Service.Started){ 
Get-Service $Service.Name | Stop-Service -Force 
while ($Service.Started){ 
Write-Output "Waiting for $ServiceName to stop..." 
sleep 2 
$Service = Get-WmiObject -Class Win32_service -Filter"name='$ServiceName'"}} 
Write-Output "$ServiceName stopped." 
Write-Output "Changing $ServiceName logon account to $DomainUser." 
$result = $Service.Change($null,$null,$null,$null,$null,$NoDesktopInteract,$DomainUser,$Password,$null,$null,$null) | Select -ExpandProperty ReturnValue 
Write-Output "Changed with return value: $result" 
$service.Change($Null,$Null,$Null,$Null,$Null,$Null,$Null,$Password) 
& sc.exe config $ServiceName obj= $DomainUser password= $Password 

Write-Output "Starting $ServiceName... " 
$result = $Service.StartService() | Select -ExpandProperty ReturnValue 
Write-Output "done with return value: $result."} 

Answer 1

Ich habe dies nicht erstellt, aber ich benutze es ein- oder zweimal am Tag. Ich bin mir nicht sicher, wie sicher Sie sein möchten, aber ich bin sicher, dass jemand den Get-Credentials-Teil herausfinden könnte. Ich mag dieses Skript wegen der erstaunlichen Fehlerbehandlung sehr.

Wir haben drei Parameter. Das Besondere an diesem Skript ist die $global:ServiceName, weil es den Platzhalter verwenden wird. Wenn ich das tue, habe ich 100+ Services das gleiche genannt, aber ich möchte nur die mit den XX-XX darin ändern. Es wird alle Dienste ändern, die für Firma XX-XX erstellt werden.

$Global:SAuseraccount='DOMAIN\ACCOUNT' #'DOMAIN\ACCOUNT' 
$Global:SAuserpassword='yplmQ7gmdZ' #Password' 
$global:ServiceName='SERVICE' 

#$Global:Credential = Get-Credential -UserName $Global:SAuseraccount -Message "Provide Service Account Password" 
#$Global:Credential.Username 
#$Global:Credential.Password 

function Test-Admin { 
    $currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent()) 
    $currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator) 
} 
if ((Test-Admin) -eq $false) { 
    if ($elevated) 
    { 
     # tried to elevate, did not work, aborting 
    } 
    else { 
     Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition)) 
} 

exit 
} 
function PowerShell-PrintErrorCodes ($strReturnCode){ 
#This function will print the right value. The error code list was extracted using the MSDN documentation for the change method as December 2014 
Switch ($strReturnCode) 
    { 
    0{ write-host " 0 The request was accepted." -foregroundcolor "white" -BackgroundColor "Red" } 
    1{ write-host " 1 The request is not supported." -foregroundcolor "white" -BackgroundColor "Red" } 
    2{ write-host " 2 The user did not have the necessary access."-foregroundcolor "white" -BackgroundColor "Red"} 
    3{ write-host " 3 The service cannot be stopped because other services that are running are dependent on it." -foregroundcolor "white" -BackgroundColor "Red"} 
    4{ write-host " 4 he requested control code is not valid, or it is unacceptable to the service." -foregroundcolor "white" -BackgroundColor "Red"} 
    5{ write-host " 5 The requested control code cannot be sent to the service because the state of the service (Win32_BaseService State property) is equal to 0, 1, or 2." -foregroundcolor "white" -BackgroundColor "Red"} 
    6{ write-host " 6 The service has not been started." -foregroundcolor "white" -BackgroundColor "Red"} 
    7{ write-host " 7 The service did not respond to the start request in a timely fashion." -foregroundcolor "white" -BackgroundColor "Red"} 
    8{ write-host " 8 Unknown failure when starting the service."-foregroundcolor "white" -BackgroundColor "Red" } 
    9{ write-host " 9 The directory path to the service executable file was not found." -foregroundcolor "white" -BackgroundColor "Red"} 
    10{ write-host " 10 The service is already running."-foregroundcolor "white" -BackgroundColor "Red" } 
    11{ write-host " 11 The database to add a new service is locked."-foregroundcolor "white" -BackgroundColor "Red" } 
    12{ write-host " 12 A dependency this service relies on has been removed from the system."-foregroundcolor "white" -BackgroundColor "Red" } 
    13{ write-host " 13 The service failed to find the service needed from a dependent service."-foregroundcolor "white" -BackgroundColor "Red" } 
    14{ write-host " 14 The service has been disabled from the system."-foregroundcolor "white" -BackgroundColor "Red" } 
    15{ write-host " 15 The service does not have the correct authentication to run on the system."-foregroundcolor "white" -BackgroundColor "Red" } 
    16{ write-host " 16 This service is being removed from the system."-foregroundcolor "white" -BackgroundColor "Red" } 
    17{ write-host " 17 The service has no execution thread." -foregroundcolor "white" -BackgroundColor "Red"} 
    18{ write-host " 18 The service has circular dependencies when it starts."-foregroundcolor "white" -BackgroundColor "Red" } 
    19{ write-host " 19 A service is running under the same name."-foregroundcolor "white" -BackgroundColor "Red" } 
    20{ write-host " 20 The service name has invalid characters."-foregroundcolor "white" -BackgroundColor "Red" } 
    21{ write-host " 21 Invalid parameters have been passed to the service."-foregroundcolor "white" -BackgroundColor "Red" } 
    22{ write-host " 22 The account under which this service runs is either invalid or lacks the permissions to run the service."-foregroundcolor "white" -BackgroundColor "Red" } 
    23{ write-host " 23 The service exists in the database of services available from the system."-foregroundcolor "white" -BackgroundColor "Red" } 
    24{ write-host " 24 The service is currently paused in the system."-foregroundcolor "white" -BackgroundColor "Red" } 
    } 
} 
Function ServiceAccount { 
$svcD=gwmi win32_service -filter "name like '%$global:ServiceName%'" 
$svcD | ForEach-Object { 

write-host "Service to change user and pasword: " $_.name -foregroundcolor "green" 

write-host "----------------------------------------------------------------" 


     if ($_.state -eq 'Running') 
     { 

      write-host " Attempting to Stop de service..." 
      $Value = $_.StopService() 
      if ($Value.ReturnValue -eq '0') 

       { 
       $Change = 1  
       $Starts = 1  
       write-host " Service stopped" -foregroundcolor "white" -BackgroundColor "darkgreen" 
       } 
       Else 
       { 
        write-host " The stop action returned the following error: " -foregroundcolor "white" -BackgroundColor "Red" 
        PowerShell-PrintErrorCodes ($Value.ReturnValue) 
        $Change = 0 
        $Starts = 0 
       } 
     } 
     Else 
     { 
     write-host " As the service is not running before, is not going to be started after the change." -foregroundcolor "green" 
     $Starts = 0 
     $Change = 1 

     } 

      if ($Change -eq 1) 
      { 
      write-host " Attemtping to change the service..." 
       #this is the method that will do the user and pasword change 
       $Value = $_.change($null,$null,$null,$null,$null,$null,$Global:SAuseraccount,$Global:SAuserpassword,$null,$null,$null) 
       if ($Value.ReturnValue -eq '0') 
       { 
        write-host " Pasword and user changed" -foregroundcolor "white" -BackgroundColor "darkgreen" 
        if ($Starts -eq 1) 
         { 
          write-host " Attemtping to start the service, waiting 5 seconds..." 
          [System.Threading.Thread]::Sleep(5*1000) 
          $Value = $_.StartService() 
          if ($Value.ReturnValue -eq '0') 
           { 
            write-host " Service started sucsesfully" -foregroundcolor "white" -BackgroundColor "darkgreen" 
           } 
          Else 
           { 
           write-host " Error while starting the service: " -foregroundcolor "red" 
           PowerShell-PrintErrorCodes ($Value.ReturnValue) 
           } 
         }               
        } 
       Else 
       { 
       write-host " The change action returned the following error: " -foregroundcolor "red" 
        PowerShell-PrintErrorCodes ($Value.ReturnValue) 
       } 
       }      

    write-host "----------------------------------------------------------------"  
} 

write-host "PROCESS COMPLETED" -foregroundcolor "green" 

} 
Test-Admin 
ServiceAccount