We have a program that installs itself as a service windows, runs for about 5 minutes and then uninstalls.
Sometimes (due to bugs) it fails to uninstall and the service processes are left hanging.
I'm trying to write a powershell script that will remove all processes running more than an hour. Now I cant find anything that could tell me how long the service is running (when it was installed).
Is there a way to find out when service was installed or how long it is running?
Thank you,
Vitaly
You can use Get-Process to see when the service process was started, like so:
Get-Process | select name, starttime
This will get the processid based on the service name:
$myservice = "Spooler"
$starttime = Get-Process -id ((Get-WmiObject win32_service -Filter "name=`'$myService`'").ProcessID) | select StartTime
$timerunning = (get-date).Subtract($starttime.StartTime)
Related
I see some questions about this topic, but I cannot get it working
Get-Service -Name Spooler -ComputerName (Get-Content c:\tmp\scripts\Servers\iservers.txt) |
Stop-Service -PassThru | Set-Service -StartupType Disabled -whatif
The code executes for each server on the txt file, and stops de service, but not disable the service.
Any help to get it work and/or Troubleshooting???
Regards.
How to approach this kind of problem
In automation, we work up to complexity, meaning you should start simply and then add on more features until you see where it breaks.
Right now, you're trying to do a bunch of operations in one single line:
Load a list of computers and
Reach out to the computers and Stop a service and
Also while doing this, set the service to not automatically start.
There are a lot of problems you can run into, like "what happens if these PCs aren't enabled for remoting", or "what if you need a different account to handle stopping or disabling a service".
When you're trying to figure it all out in one-line, you're in for a bad and frustrating time.
How to fix it
Start simply. Start with one computer that's nearby and definitely turned on.
Begin with reading a service. Can you even get this operation to run?
Get-Service -ComputerName SomePC123 Spooler
Status Name DisplayName
------ ---- -----------
Running spooler Print Spooler
If you run into an error, then first figure out how to be able to remote into that one PC and see if the Print Spooler is running. Then, you will know what steps to deploy to all of your machines to prepare them for remoting.
Then, once you can check if a service is running, you can add on the next step, try to stop the service.
So your code would start to look like this:
$computers = get-content .\someTextFile.txt
forEach($computer in $computers){
$service = Get-Service -ComputerName $computer Spooler
"status of spooler on $computer is $($service.Status), with start type of $($service.StartType)"
#todo, set start type to Disabled...
}
Eventually, you will have migrated each step out of the one-liner and you'll know where and why any given command is failing. This is the way.
My code currently is:
$Workstationlist=get-adcomputer -filter * -searchbase 'OU=Workstations, DC=example, DC=com' -SearchScope 2 | foreach {$_.Name}
foreach($workstation in $Workstationlist){
get-service -ComputerName $workstation -name wauaserv
}
It seems to pulling service statuses from the array that is being parsed by the foreach method, but after a few values are returned it will spit this error message in between which seems to point at the location I saved the script
Running wuauserv Windows Update
Stopped wuauserv Windows Update
Running wuauserv Windows Update
Stopped wuauserv Windows Update
get-service : Cannot find any service with service name 'wuauserv'. At
\locationIsavedthescript
The idea is that I will stop the wauaserv service on all workstations in the domain, I was then going to add lines to delete everything from the \windowsdistrobution\ folder. And then restart the service. This effectively kills any downloading pending install update. I can drop $workstation into a ls snippet easy enough but pulling services doesn't seem to work quite as clean. Not sure why it is point the get-service to the location that I saved the script.
Any ideas and explanations as to how to accomplish what I'm shooting for a bit more cleanly or at least hide the erroneous output since the command IS running against the array.
I hope this made sense to someone out there.
I am trying to find a way to find out who has ran an application (for example SQL) on a server, just to get some idea.
I tried Get-Process but this doesn't give me historic information, I want to get historical information
Get-Process -IncludeUserName *
what I want the return resule is "name of application", "user who ran it" and the last datetime it was ran by that user'
As for ...
I am trying to find a way to find out who has ran an application (for
example SQL) on a server, just to get some idea.
What you are asking for here is software metering.
SQL is a service that is always running once it is installed, so, no individual user is ever going to be running it. So, that is a bad example. MS Word for example would be a better example.
Yet there is nothing native in PowerShell that does this, software metering, but of course PowerShell can look at event logs. Yet if your auditing is not setup correctly then it's moot. This is better for a software metering tool, and there are several out there. So, why try and reinvent the wheel.
As for ...
I tried Get-Process but this doesn't give me historic information, I
want to get historical information
That is not what a process is nor what Get-Process is for. It, Get-Process only checks for and lists whatever process is currently running, regardless of what/who launched it.
As for...
what I want the return resule is "name of application", "user who ran
it" and the last datetime it was ran by that user'
As long as the process is running, you can get this, with that cmdlet.
However, what are you trying to accomplish by this?
Again, there are purpose built tools to meter software use.
https://learn.microsoft.com/en-us/sccm/apps/deploy-use/monitor-app-usage-with-software-metering
If you must go down this reinvent the wheel road, using scripting, then you need a task watcher on the target machines, which watches for the WinWord process to appear.
Get-Process -IncludeUserName |
Where ProcessName -EQ 'Winword'
... you then write those results to a file or database or your own event log each time you see that process.
Use PowerShell to Create and to Use a New Event Log
New-EventLog -LogName ScriptingGuys -Source scripts
When the command runs, no output appears to the Windows PowerShell console. To ensure the command actually created a new event log, I use
the Get-EventLog cmdlet with the –List parameter. Here is the command
and the associated output.
Write-EventLog -LogName ScriptingGuys -Source scripts -Message “Dude, it works … COOL!” -EventId 0 -EntryType information
Or just to a file
Get-Process -IncludeUserName |
Where ProcessName -EQ 'Winword' |
Select-Object -Property Name, StartTime, Username |
Export-Csv -Path 'F:\Temp\AppLaunchLog.csv' -Append
Import-Csv -Path 'F:\Temp\AppLaunchLog.csv'
# Results
Name StartTime UserName
---- --------- --------
WINWORD 5/23/2019 9:02:53 PM WS01\LabUser001
All,
I am using windows 7 os
I would like to know the idle time for each application or process running in my machine.
Ex: I opened one process like notepad.exe but I am not working on it from last 5 minutes, I need to get the idle time as 5 minutes for the process.
like that at one time I would like to know the idle time of all process running in my machine.
I tried the below code but I am not getting the any data for IdleTime
$processname = Get-Process | Select-Object -Property ProcessName, IdleTime,ID,WS
Please help me
There seems to be no property named Idletime.
You can check that out by doing:
Get-Process | Get-Member -force
Perhaps parsing the WMI Win32_Process could help you achieve your goal?
Try this:
$kerneltime = Get-WmiObject Win32_Process -Filter "Name='System idle process'" | Select KernelModeTime
$timeSpan = (new-object System.TimeSpan $kerneltime.KernelModeTime)
I have a PC on remote connected by network, but it occasionally crashes or is restarted by remote users. After the restart, some services and applications have to be in running status. So I would like to find out the reboot as soon as possible. I think PS may be a good choice with some scripts so that I could make remote call to get the last reboot timestamp information.
Is there any way to get a remote Windows XP last reboot timestamp by using PowerShell 2.0(its remoting feature)?
You can do this via WMI:
$wmi = Get-WmiObject -Class Win32_OperatingSystem -Computer "RemoteMachine"
$wmi.ConvertToDateTime($wmi.LastBootUpTime)
For a remote computer:
$wmi = Get-WmiObject -Class Win32_OperatingSystem -Computer RemoteComputerName
$wmi.ConvertToDateTime($wmi.LastBootUpTime)
The uptime of the computer in seconds is available in the "System Up Time" performance counter. Though that's probably overkill.
Obviously, for services the easiest thing is to just set their start mode to "Automatic" but if you have other things that need to be running, the easiest way to do that is via the Windows task scheduler: you can set up a schedule that runs when the computer starts up.
FYI, if you are on the PowerShell Community Extensions 2.0 Beta, you can use Get-Uptime e.g.:
PS> Get-Uptime
Uptime LastBootUpTime
------ --------------
00:44:01.4401754 3/21/2010 12:07:17 AM