更改服务帐户的PowerShell脚本

更简单一点-使用WMI。

$service = gwmi win32_service -computer [computername] -filter "name='whatever'"
$service.change($null,$null,$null,$null,$null,$null,$null,"P@ssw0rd")

在筛选器中适当地更改服务名称;适当地设置远程计算机名称。

我为PowerShell编写了一个函数,用于更改用户名、密码,并重新启动远程计算机上的服务(如果要更改本地服务器,可以使用localhost)。我在数百台服务器上使用它来重置每月的服务帐户密码。

您可以在以下网址找到原件的副本: http://www.send4help.net/change-remote-windows-service-credentials-password-powershel-495

它也会等到服务完全停止后再尝试重新启动,这与其他答案不同。

Function Set-ServiceAcctCreds([string]$strCompName,[string]$strServiceName,[string]$newAcct,[string]$newPass){
  $filter = 'Name=' + "'" + $strServiceName + "'" + ''
  $service = Get-WMIObject -ComputerName $strCompName -namespace "root\cimv2" -class Win32_Service -Filter $filter
  $service.Change($null,$null,$null,$null,$null,$null,$newAcct,$newPass)
  $service.StopService()
  while ($service.Started){
    sleep 2
    $service = Get-WMIObject -ComputerName $strCompName -namespace "root\cimv2" -class Win32_Service -Filter $filter
  }
  $service.StartService()
}

我创建了一个文本文件“changeserviceaccount.ps1”,其中包含以下脚本:

$account="domain\user"
$password="passsword"
$service="name='servicename'"

$svc=gwmi win32_service -filter $service
$svc.StopService()
$svc.change($null,$null,$null,$null,$null,$null,$account,$password,$null,$null,$null)
$svc.StartService()

在开发Windows服务的过程中,我将此作为by-build命令行的一部分使用:

Visual Studio:项目属性\生成事件

预生成事件命令行:

"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\installutil.exe" myservice.exe /u

生成后事件命令行:

"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\installutil.exe" myservice.exe
powershell -command - < c:\psscripts\changeserviceaccount.ps1

下面是其他脚本的细微变化。这将为在给定登录帐户下运行的任何/所有服务设置凭据。它只会在服务已经运行的情况下尝试重新启动服务,这样我们就不会意外地启动由于某种原因而停止的服务。脚本必须从shell运行并提升shell(如果脚本开始告诉您 ReturnValue = 2 ,你可能在不提升的状态下运行它)。一些用法示例包括:

• 在本地主机上以当前登录用户身份运行的所有服务:

  .\set-servicecredentials.ps1 -password p@ssw0rd

• 所有以用户身份运行的服务: somedomain\someuser 主机上 somehost.somedomain :

  .\set-servicecredentials.ps1 somehost.somedomain somedomain\someuser p@ssw0rd

set-servicecredentials.ps1:

param (
  [alias('computer', 'c')]
  [string] $computerName = $env:COMPUTERNAME,

  [alias('username', 'u')]
  [string] $serviceUsername = "$env:USERDOMAIN\$env:USERNAME",

  [alias('password', 'p')]
  [parameter(mandatory=$true)]
  [string] $servicePassword
)
Invoke-Command -ComputerName $computerName -Script {
  param(
    [string] $computerName,
    [string] $serviceUsername,
    [string] $servicePassword
  )
  Get-WmiObject -ComputerName $computerName -Namespace root\cimv2 -Class Win32_Service | Where-Object { $_.StartName -eq $serviceUsername } | ForEach-Object {
    Write-Host ("Setting credentials for service: {0} (username: {1}), on host: {2}." -f $_.Name, $serviceUsername, $computerName)
    $change = $_.Change($null, $null, $null, $null, $null, $null, $serviceUsername, $servicePassword).ReturnValue
    if ($change -eq 0) {
      Write-Host ("Service Change() request accepted.")
      if ($_.Started) {
        $serviceName = $_.Name
        Write-Host ("Restarting service: {0}, on host: {1}, to implement credential change." -f $serviceName, $computerName)
        $stop = ($_.StopService()).ReturnValue
        if ($stop -eq 0) {
          Write-Host -NoNewline ("StopService() request accepted. Awaiting 'stopped' status.")
          while ((Get-WmiObject -ComputerName $computerName -Namespace root\cimv2 -Class Win32_Service -Filter "Name='$serviceName'").Started) {
            Start-Sleep -s 2
            Write-Host -NoNewline "."
          }
          Write-Host "."
          $start = $_.StartService().ReturnValue
          if ($start -eq 0) {
            Write-Host ("StartService() request accepted.")
          } else {
            Write-Host ("Failed to start service. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa393660(v=vs.85).aspx" -f $start) -ForegroundColor "red"
          }
        } else {
          Write-Host ("Failed to stop service. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa393673(v=vs.85).aspx" -f $stop) -ForegroundColor "red"
        }
      }
    } else {
      Write-Host ("Failed to change service credentials. ReturnValue was '{0}'. See: http://msdn.microsoft.com/en-us/library/aa384901(v=vs.85).aspx" -f $change) -ForegroundColor "red"
    }
  }
} -Credential "$env:USERDOMAIN\$env:USERNAME" -ArgumentList $computerName, $serviceUsername, $servicePassword

考虑到这门课:

$class=[WMICLASS]'\\.\root\Microsoft\SqlServer\ComputerManagement:SqlService'

有一个方法叫 setserviceaccount() 可能是这样 script 做你想做的:

# Copyright Buck Woody, 2007
# All scripts provided AS-IS. No functionality is guaranteed in any way.
# Change Service Account name and password using PowerShell and WMI
$class = Get-WmiObject -computername "SQLVM03-QF59YPW" -namespace
root\Microsoft\SqlServer\ComputerManagement -class SqlService

#This remmed out part shows the services - I'll just go after number 6 (SQL
#Server Agent in my case):
# foreach ($classname in $class) {write-host $classname.DisplayName}
# $class[6].DisplayName
stop-service -displayName $class[6].DisplayName

# Note: I recommend you make these parameters, so that you don't store
# passwords. At your own risk here!
$class[6].SetServiceAccount("account", "password")
start-service -displayName $class[6].DisplayName

在默认PS堆栈中找不到的,我发现它是在 Carbon :

http://get-carbon.org/help/Install-Service.html

http://get-carbon.org/help/Carbon_Service.html (仅限碳2.0)

PowerShell 6版本 Set-Service 现在有 -Credential 参数。

下面是一个例子:

$creds = Get-Credentials
Set-Service -DisplayName "Remote Registry" -Credentials $creds

此时,只能通过以下方式下载: GitHub .

享受!

给定的答案可以完成这项工作。

不过,还有另一个重要的细节;为了更改凭据并成功运行服务,首先必须 授予该用户帐户“作为服务登录”的权限 .

要将该权限授予用户,请使用提供的PowerShell脚本 here 只需提供帐户的用户名,然后运行其他命令更新服务的凭据,如其他答案中所述,即,

$svc=gwmi win32_service -filter 'Service Name'

$svc.change($null,$null,$null,$null,$null,$null,'.\username','password',$null,$null,$null)