用于更改服务帐户的Powershell脚本

Jes*_*ert 34 windows powershell

有没有人有Powershell脚本来更改Windows服务使用的凭据?

Don*_*nes 42

更容易 - 使用WMI.

$service = gwmi win32_service -computer [computername] -filter "name='whatever'"
$service.change($null,$null,$null,$null,$null,$null,$null,"P@ssw0rd")
Run Code Online (Sandbox Code Playgroud)

在过滤器中适当更改服务名称; 适当地设置远程计算机名称.

  • 只是关于这个答案的说明.如果要更新用户帐户,则需要更新密码前面的值.即$ service.change($ null,$ null,$ null,$ null,$ null,$ null,".\ MyAccount","P @ ssw0rd").您似乎总是需要在帐户名称前加上域名或".\",否则它将无效.有关其他参数的更多信息,请参阅此处:http://msdn.microsoft.com/en-us/library/windows/desktop/aa384901(v = vs.85).aspx (24认同)
  • 请注意,如果您根据@ Rohland上面的注释指定本地系统以外的帐户,则还必须为参数6("DesktopInteract")指定$ false.只能为本地系统帐户授予与桌面交互的权限. (5认同)
  • 这种方法我遇到了很多麻烦......很多各种各样的失败.我最终发现调用sc更可靠:`&sc.exe config"$ servicename"obj ="[$ domain\$ username]"password ="[$ password]"` - reference:http:/ /stackoverflow.com/questions/308298/ (2认同)

Chr*_*s N 34

我为PowerShell编写了一个更改用户名,密码并在远程计算机上重新启动服务的函数(如果要更改本地服务器,可以使用localhost).我已经将它用于数百台服务器上的每月服务帐户密码重置.

您可以在http://www.send4help.net/change-remote-windows-service-credentials-password-powershel-495找到原件的副本.

它还等待服务完全停止以尝试再次启动它,这与其他答案不同.

Function Set-ServiceAcctCreds([string]$strCompName,[string]$strServiceName,[string]$newAcct,[string]$newPass){
  $filter = 'Name=' + "'" + $strServiceName + "'" + ''
  $service = Get-WMIObject -ComputerName $strCompName -namespace "root\cimv2" -class Win32_Service -Filter $filter
  $service.Change($null,$null,$null,$null,$null,$null,$newAcct,$newPass)
  $service.StopService()
  while ($service.Started){
    sleep 2
    $service = Get-WMIObject -ComputerName $strCompName -namespace "root\cimv2" -class Win32_Service -Filter $filter
  }
  $service.StartService()
}
Run Code Online (Sandbox Code Playgroud)


And*_*dyM 12

我创建了一个包含以下脚本的文本文件"changeserviceaccount.ps1":

$account="domain\user"
$password="passsword"
$service="name='servicename'"

$svc=gwmi win32_service -filter $service
$svc.StopService()
$svc.change($null,$null,$null,$null,$null,$null,$account,$password,$null,$null,$null)
$svc.StartService()
Run Code Online (Sandbox Code Playgroud)

我在开发Windows服务期间使用它作为post-build命令行的一部分:

Visual Studio:项目属性\构建事件

预构建事件命令行:

"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\installutil.exe" myservice.exe /u
Run Code Online (Sandbox Code Playgroud)

构建后事件命令行:

"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\installutil.exe" myservice.exe
powershell -command - < c:\psscripts\changeserviceaccount.ps1
Run Code Online (Sandbox Code Playgroud)


Loc*_*ith 10

现在的 PowerShell 6 版本Set-Service具有该-Credential参数。

下面是一个例子:

$creds = Get-Credential
Set-Service -DisplayName "Remote Registry" -Credential $creds
Run Code Online (Sandbox Code Playgroud)

此时,它只能通过GitHub下载。

享受!


gre*_*ade 5

这里的其他脚本略有不同,如下所示.这个将为在给定登录帐户下运行的任何/所有服务设置凭据.如果服务已经运行,它将只尝试重新启动服务,这样我们就不会意外启动因某种原因而停止的服务.该脚本必须从shell运行并升级shell(如果脚本开始告诉您ReturnValue = 2,您可能未升级运行它).一些用法示例是:

  • 在本地主机上以当前登录用户身份运行的所有服务:

    .\set-servicecredentials.ps1 -password p@ssw0rd

  • 以用户身份运行的所有服务:somedomain\someuser在主机上somehost.somedomain:

    .\set-servicecredentials.ps1 somehost.somedomain somedomain\someuser p@ssw0rd

SET-ServiceCredentials.ps1:

param (
  [alias('computer', 'c')]
  [string] $computerName = $env:COMPUTERNAME,

  [alias('username', 'u')]
  [string] $serviceUsername = "$env:USERDOMAIN\$env:USERNAME",

  [alias('password', 'p')]
  [parameter(mandatory=$true)]
  [string] $servicePassword
)
Invoke-Command -ComputerName $computerName -Script {
  param(
    [string] $computerName,
    [string] $serviceUsername,
    [string] $servicePassword
  )
  Get-WmiObject -ComputerName $computerName -Namespace root\cimv2 -Class Win32_Service | Where-Object { $_.StartName -eq $serviceUsername } | ForEach-Object {
    Write-Host ("Setting credentials for service: {0} (username: {1}), on host: {2}." -f $_.Name, $serviceUsername, $computerName)
    $change = $_.Change($null, $null, $null, $null, $null, $null, $serviceUsername, $servicePassword).ReturnValue
    if ($change -eq 0) {
      Write-Host ("Service Change() request accepted.")
      if ($_.Started) {
        $serviceName = $_.Name
        Write-Host ("Restarting service: {0}, on host: {1}, to implement credential change." -f $serviceName, $computerName)
        $stop = ($_.StopService()).ReturnValue
        if ($stop -eq 0) {
          Write-Host -NoNewline ("StopService() request accepted. Awaiting 'stopped' status.")
          while ((Get-WmiObject -ComputerName $computerName -Namespace root\cimv2 -Class Win32_Service -Filter "Name='$serviceName'").Started) {
            Start-Sleep -s 2
            Write-Host -NoNewline "."
          }
          Write-Host "."
          $start = $_.StartService().ReturnValue
          if ($start -eq 0) {
            Write-Host ("StartService() request accepted.")
          } else {
            Write-Host ("Failed to start service. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa393660(v=vs.85).aspx" -f $start) -ForegroundColor "red"
          }
        } else {
          Write-Host ("Failed to stop service. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa393673(v=vs.85).aspx" -f $stop) -ForegroundColor "red"
        }
      }
    } else {
      Write-Host ("Failed to change service credentials. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa384901(v=vs.85).aspx" -f $change) -ForegroundColor "red"
    }
  }
} -Credential "$env:USERDOMAIN\$env:USERNAME" -ArgumentList $computerName, $serviceUsername, $servicePassword
Run Code Online (Sandbox Code Playgroud)


Sil*_*lex 5

只是让@alastairs的评论更加明显:当您使用域帐户时,第6个参数必须$false$null

$service = Get-WMIObject -class Win32_Service -filter "name='serviceName'"
$service.change($null, $null, $null, $null, $null, $false, "DOMAIN\account", "mypassword")
Run Code Online (Sandbox Code Playgroud)

如果没有它,我尝试更改的服务中有 4/5 可以正常工作,但有些服务拒绝更改(错误 21)。