Powershell脚本来更改服务帐户

有没有人有一个Powershell脚本来更改Windows服务使用的凭据?

比较容易 – 使用WMI。

 $service = gwmi win32_service -computer [computername] -filter "name='whatever'" $service.change($null,$null,$null,$null,$null,$null,$null,"P@ssw0rd") 

在过滤器中适当地更改服务名称; 正确设置远程计算机名称。

我为PowerShell编写了一个函数,用于更改用户名,密码并重新启动远程计算机上的服务(如果要更改本地服务器,则可以使用localhost)。 我用这个月数服务帐户密码重置在数百台服务器上。

您可以在http://www.send4help.net/change-remote-windows-service-credentials-password-powershel-495找到原件的副本。

它也等待,直到服务完全停止,试图再次启动它,不像其他答案之一。

 Function Set-ServiceAcctCreds([string]$strCompName,[string]$strServiceName,[string]$newAcct,[string]$newPass){ $filter = 'Name=' + "'" + $strServiceName + "'" + '' $service = Get-WMIObject -ComputerName $strCompName -namespace "root\cimv2" -class Win32_Service -Filter $filter $service.Change($null,$null,$null,$null,$null,$null,$newAcct,$newPass) $service.StopService() while ($service.Started){ sleep 2 $service = Get-WMIObject -ComputerName $strCompName -namespace "root\cimv2" -class Win32_Service -Filter $filter } $service.StartService() } 

我创建了一个包含以下脚本的文本文件“changeserviceaccount.ps1”:

 $account="domain\user" $password="passsword" $service="name='servicename'" $svc=gwmi win32_service -filter $service $svc.StopService() $svc.change($null,$null,$null,$null,$null,$null,$account,$password,$null,$null,$null) $svc.StartService() 

我在开发windows服务的时候使用了这个作为后期构建命令行的一部分:

Visual Studio:项目属性\生成事件

预生成事件命令行:

 "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\installutil.exe" myservice.exe /u 

生成后事件命令行:

 "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\installutil.exe" myservice.exe powershell -command - < c:\psscripts\changeserviceaccount.ps1 

其他脚本略有不同,如下所示。 这将为给定的登录帐户下运行的任何/所有服务设置凭据。 它只会尝试重新启动服务,如果它已经运行,以便我们不会意外启动一个服务,因为某种原因停止。 脚本必须从shell运行(如果脚本开始告诉你ReturnValue = 2 ,你可能会运行它)。 一些使用示例是:

  • 在本地主机上以当前登录用户身份运行的所有服务:

    .\set-servicecredentials.ps1 -password p@ssw0rd

  • 以用户身份运行的所有服务: somehost.somedomain主机上的somehost.somedomain somedomain\someuser somehost.somedomain

    .\set-servicecredentials.ps1 somehost.somedomain somedomain\someuser p@ssw0rd

SET-ServiceCredentials.ps1:

 param ( [alias('computer', 'c')] [string] $computerName = $env:COMPUTERNAME, [alias('username', 'u')] [string] $serviceUsername = "$env:USERDOMAIN\$env:USERNAME", [alias('password', 'p')] [parameter(mandatory=$true)] [string] $servicePassword ) Invoke-Command -ComputerName $computerName -Script { param( [string] $computerName, [string] $serviceUsername, [string] $servicePassword ) Get-WmiObject -ComputerName $computerName -Namespace root\cimv2 -Class Win32_Service | Where-Object { $_.StartName -eq $serviceUsername } | ForEach-Object { Write-Host ("Setting credentials for service: {0} (username: {1}), on host: {2}." -f $_.Name, $serviceUsername, $computerName) $change = $_.Change($null, $null, $null, $null, $null, $null, $serviceUsername, $servicePassword).ReturnValue if ($change -eq 0) { Write-Host ("Service Change() request accepted.") if ($_.Started) { $serviceName = $_.Name Write-Host ("Restarting service: {0}, on host: {1}, to implement credential change." -f $serviceName, $computerName) $stop = ($_.StopService()).ReturnValue if ($stop -eq 0) { Write-Host -NoNewline ("StopService() request accepted. Awaiting 'stopped' status.") while ((Get-WmiObject -ComputerName $computerName -Namespace root\cimv2 -Class Win32_Service -Filter "Name='$serviceName'").Started) { Start-Sleep -s 2 Write-Host -NoNewline "." } Write-Host "." $start = $_.StartService().ReturnValue if ($start -eq 0) { Write-Host ("StartService() request accepted.") } else { Write-Host ("Failed to start service. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa393660(v=vs.85).aspx" -f $start) -ForegroundColor "red" } } else { Write-Host ("Failed to stop service. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa393673(v=vs.85).aspx" -f $stop) -ForegroundColor "red" } } } else { Write-Host ("Failed to change service credentials. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa384901(v=vs.85).aspx" -f $change) -ForegroundColor "red" } } } -Credential "$env:USERDOMAIN\$env:USERNAME" -ArgumentList $computerName, $serviceUsername, $servicePassword 

考虑到这个班级:

 $class=[WMICLASS]'\\.\root\Microsoft\Sqlserver\ComputerManagement:SqlService' 

有一个名为setserviceaccount()的方法,可能是这个脚本会做你想要的:

 # Copyright Buck Woody, 2007 # All scripts provided AS-IS. No functionality is guaranteed in any way. # Change Service Account name and password using PowerShell and WMI $class = Get-WmiObject -computername "SQLVM03-QF59YPW" -namespace root\Microsoft\Sqlserver\ComputerManagement -class SqlService #This remmed out part shows the services - I'll just go after number 6 (SQL #server Agent in my case): # foreach ($classname in $class) {write-host $classname.DisplayName} # $class[6].DisplayName stop-service -displayName $class[6].DisplayName # Note: I recommend you make these parameters, so that you don't store # passwords. At your own risk here! $class[6].SetServiceAccount("account", "password") start-service -displayName $class[6].DisplayName 

我在默认的PS堆栈中找不到,我发现它在Carbon实现:

http://get-carbon.org/help/Install-Service.html

http://get-carbon.org/help/Carbon_Service.html (仅限Carbon 2.0)