有没有人有一个Powershell脚本来更改Windows服务使用的凭据?
比较容易 – 使用WMI。
$service = gwmi win32_service -computer [computername] -filter "name='whatever'" $service.change($null,$null,$null,$null,$null,$null,$null,"P@ssw0rd")
在过滤器中适当地更改服务名称; 正确设置远程计算机名称。
我为PowerShell编写了一个函数,用于更改用户名,密码并重新启动远程计算机上的服务(如果要更改本地服务器,则可以使用localhost)。 我用这个月数服务帐户密码重置在数百台服务器上。
它也等待,直到服务完全停止,试图再次启动它,不像其他答案之一。
Function Set-ServiceAcctCreds([string]$strCompName,[string]$strServiceName,[string]$newAcct,[string]$newPass){ $filter = 'Name=' + "'" + $strServiceName + "'" + '' $service = Get-WMIObject -ComputerName $strCompName -namespace "root\cimv2" -class Win32_Service -Filter $filter $service.Change($null,$null,$null,$null,$null,$null,$newAcct,$newPass) $service.StopService() while ($service.Started){ sleep 2 $service = Get-WMIObject -ComputerName $strCompName -namespace "root\cimv2" -class Win32_Service -Filter $filter } $service.StartService() }
我创建了一个包含以下脚本的文本文件“changeserviceaccount.ps1”:
$account="domain\user" $password="passsword" $service="name='servicename'" $svc=gwmi win32_service -filter $service $svc.StopService() $svc.change($null,$null,$null,$null,$null,$null,$account,$password,$null,$null,$null) $svc.StartService()
我在开发windows服务的时候使用了这个作为后期构建命令行的一部分:
Visual Studio:项目属性\生成事件
预生成事件命令行:
"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\installutil.exe" myservice.exe /u
生成后事件命令行:
"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\installutil.exe" myservice.exe powershell -command - < c:\psscripts\changeserviceaccount.ps1
其他脚本略有不同,如下所示。 这将为给定的登录帐户下运行的任何/所有服务设置凭据。 它只会尝试重新启动服务,如果它已经运行,以便我们不会意外启动一个服务,因为某种原因停止。 脚本必须从shell运行(如果脚本开始告诉你ReturnValue = 2
,你可能会运行它)。 一些使用示例是:
在本地主机上以当前登录用户身份运行的所有服务:
.\set-servicecredentials.ps1 -password p@ssw0rd
以用户身份运行的所有服务: somehost.somedomain
主机上的somehost.somedomain
somedomain\someuser
somehost.somedomain
:
.\set-servicecredentials.ps1 somehost.somedomain somedomain\someuser p@ssw0rd
SET-ServiceCredentials.ps1:
param ( [alias('computer', 'c')] [string] $computerName = $env:COMPUTERNAME, [alias('username', 'u')] [string] $serviceUsername = "$env:USERDOMAIN\$env:USERNAME", [alias('password', 'p')] [parameter(mandatory=$true)] [string] $servicePassword ) Invoke-Command -ComputerName $computerName -Script { param( [string] $computerName, [string] $serviceUsername, [string] $servicePassword ) Get-WmiObject -ComputerName $computerName -Namespace root\cimv2 -Class Win32_Service | Where-Object { $_.StartName -eq $serviceUsername } | ForEach-Object { Write-Host ("Setting credentials for service: {0} (username: {1}), on host: {2}." -f $_.Name, $serviceUsername, $computerName) $change = $_.Change($null, $null, $null, $null, $null, $null, $serviceUsername, $servicePassword).ReturnValue if ($change -eq 0) { Write-Host ("Service Change() request accepted.") if ($_.Started) { $serviceName = $_.Name Write-Host ("Restarting service: {0}, on host: {1}, to implement credential change." -f $serviceName, $computerName) $stop = ($_.StopService()).ReturnValue if ($stop -eq 0) { Write-Host -NoNewline ("StopService() request accepted. Awaiting 'stopped' status.") while ((Get-WmiObject -ComputerName $computerName -Namespace root\cimv2 -Class Win32_Service -Filter "Name='$serviceName'").Started) { Start-Sleep -s 2 Write-Host -NoNewline "." } Write-Host "." $start = $_.StartService().ReturnValue if ($start -eq 0) { Write-Host ("StartService() request accepted.") } else { Write-Host ("Failed to start service. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa393660(v=vs.85).aspx" -f $start) -ForegroundColor "red" } } else { Write-Host ("Failed to stop service. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa393673(v=vs.85).aspx" -f $stop) -ForegroundColor "red" } } } else { Write-Host ("Failed to change service credentials. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa384901(v=vs.85).aspx" -f $change) -ForegroundColor "red" } } } -Credential "$env:USERDOMAIN\$env:USERNAME" -ArgumentList $computerName, $serviceUsername, $servicePassword
考虑到这个班级:
$class=[WMICLASS]'\\.\root\Microsoft\Sqlserver\ComputerManagement:SqlService'
有一个名为setserviceaccount()
的方法,可能是这个脚本会做你想要的:
# Copyright Buck Woody, 2007 # All scripts provided AS-IS. No functionality is guaranteed in any way. # Change Service Account name and password using PowerShell and WMI $class = Get-WmiObject -computername "SQLVM03-QF59YPW" -namespace root\Microsoft\Sqlserver\ComputerManagement -class SqlService #This remmed out part shows the services - I'll just go after number 6 (SQL #server Agent in my case): # foreach ($classname in $class) {write-host $classname.DisplayName} # $class[6].DisplayName stop-service -displayName $class[6].DisplayName # Note: I recommend you make these parameters, so that you don't store # passwords. At your own risk here! $class[6].SetServiceAccount("account", "password") start-service -displayName $class[6].DisplayName
我在默认的PS堆栈中找不到,我发现它在Carbon
实现:
http://get-carbon.org/help/Install-Service.html
http://get-carbon.org/help/Carbon_Service.html (仅限Carbon 2.0)