Skip to main content

Recover Service information from the registry with PowerShell

For those of you who attended my presentation last week at the 2014 North American PowerShell Summit, you know that I am hard at work implementing your recommendations for my Help Desk software powered by PowerShell.  Below is a small sampling of some of the code from one of your recommendations.  The help file has the details.  Below is a screen shot from the demonstration.
image
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
<#
.SYNOPSIS
Recover information from the registry on the services of a client.

.DESCRIPTION
The Services subkeys contain entries for standard and optional Windows 2000
services, such as device drivers, file system drivers, and Win32 service
drivers. Although the values of the entries differ for each service, most
Services subkeys have the same subkeys and entries.

.EXAMPLE
Get-CurrentControlSetServices

Returns information about the service for this client from the registry.

.EXAMPLE
Get-CurrentControlSetServices | Sort-Object -Property Group, Tag

Returns information about the service for this client from the registry.
In this case, sorted first by group and then the order that they will be started in.

.NOTES
Properties:
Name
The Name of the service

Type
Identifies the type of service represented by the subkey

ServiceTypeDescription
Identifies the type of service represented by the subkey

Group
Specifies the name of the service group to which the service belongs. If this entry does not appear in the registry, the service does not belong to a service group. As a result, it will be loaded after all services in service groups are loaded.

StartMeaning
Specifies how the service is loaded or started. If the service is a Win32 service, the value of this entry must be 2, 3, or 4. This entry is not used for network adapters.

ErrorControlSeverity
Specifies how to proceed if the driver for the service or device fails to load or initialize properly. By default, the value of this entry for all Windows 2000 services and drivers is 1.\

ErrorControlMessage
Specifies how to proceed if the driver for the service or device fails to load or initialize properly. By default, the value of this entry for all Windows 2000 services and drivers is 1.

ImagePath
Specifies the location of the executable file for the driver or service. This entry is not used for network adapters.

StartLoader
Identifies what is used to start the device driver

Tag
Specifies the tag number for the service.

Each service in a service group is assigned a tag, which is a numeric value that is unique within a service group. Services in the service group are loaded in the order that their tag appears in the GroupOrderList subkey for the service group.

ErrorControl
Specifies how to proceed if the driver for the service or device fails to load or initialize properly. By default, the value of this entry for all Windows 2000 services and drivers is 1.

StartType
Describes how the service will be loaded.

#>
Function Get-CurrentControlSetServices
{
    [CmdletBinding()]
    Param()
    Function New-CurrentControlSetServices-Object
    {
        $Obj = New-Object -TypeName PSObject -Property @{
        Name = $null
        ErrorControl = $null
        Group = $null
        Start = $null
        ImagePath = $null
        Tag = $null
        Type = $null
        ErrorControlMessage = $null
        ErrorControlSeverity = $null
        StartType = $null
        StartMeaning = $null
        StartLoader = $null
        ServiceTypeDescription = $null}
        Write-Output $Obj
    }
    # Reference: http://support.microsoft.com/kb/103000
    $Data = Get-ChildItem -path HKLM:\System\CurrentControlSet\Services
   
    $DataAry = @()
    ForEach ($D in $Data)
    {
        # Populate the data into the final object.
        $Obj = New-CurrentControlSetServices-Object
       
        $Obj.Name = ($D.Name).Remove(0,($D.Name).LastIndexOf("\")+1)
        Try {$Obj.ErrorControl = $D.GetValue("ErrorControl")}
        Catch {}
        Try {$Obj.Group = $D.GetValue("Group")}
        Catch {}
        Try {$Obj.Start = $D.GetValue("Start")}
        Catch {}
        Try {$Obj.ImagePath = $D.GetValue("ImagePath")}
        Catch {}
        Try {$Obj.Tag = $D.GetValue("Tag")}
        Catch {}
        Try {$Obj.Type = $D.GetValue("Type")}
        Catch {}

        # Add ErrorControl Messages.
        Switch ($Obj.ErrorControl)
        {
            0 {
                $Obj.ErrorControlSeverity = "Ignore"
                $Obj.ErrorControlMessage = "If the driver fails to load or initialize, start up proceeds. No warning is displayed."
              }
            1 {
                $Obj.ErrorControlSeverity = "Normal"
                $Obj.ErrorControlMessage = "If the driver fails to load or initialize, startup should proceed, but display a warning."
              }
            2 {
                $Obj.ErrorControlSeverity = "Severe"
                $Obj.ErrorControlMessage = "If the startup is not using the LastKnownGood control set, switch to LastKnownGood. If the startup attempt is using LastKnownGood, continue on in case of error."

              }
            3 {
                $Obj.ErrorControlSeverity = "Critical"
                $Obj.ErrorControlMessage = "Fail the attempted system startup. If the startup is not using the LastKnownGood control set, switch to LastKnownGood. If the startup attempt is using LastKnownGood, run a bug-check routine."
              }
        } # End: Switch ($Obj.ErrorControl)

        # Add the Start Type information
        Switch ($Obj.Start)
        {
            0 {
                $Obj.StartType = "Boot"
                $Obj.StartLoader = "Kernel"
                $Obj.StartMeaning = "Represents a part of the driver stack for the boot (startup) volume and must therefore be loaded by the Boot Loader."
              }
            1 {
                $Obj.StartType = "System"
                $Obj.StartLoader = "I/O SubSystem"
                $Obj.StartMeaning = "Represents a driver to be loaded at Kernel initialization."
              }
            2 {
                $Obj.StartType = "Auto load"
                $Obj.StartLoader = "Service Control Manager"
                $Obj.StartMeaning = "To be loaded or started automatically for all startups, regardless of service type."
              }
            3 {
                $Obj.StartType = "Load on demand"
                $Obj.StartLoader = "Service Control Manager"
                $Obj.StartMeaning = "Available, regardless of type, but will not be started until the user starts it (for example, by using the Devices icon in Control Panel)."
              }
            4 {
                $Obj.StartType = "Disabled"
                $Obj.StartLoader = "Service Control Manager"
                $Obj.StartMeaning = "NOT TO BE STARTED UNDER ANY CONDITIONS"
              }
               
        } # END: Switch ($Obj.StartType)


        # Add the Service Type Information
        Switch ($Obj.Type)
        {
            1 {
                $Obj.ServiceTypeDescription = "A Kernel device driver."
              }
            2 {
                $Obj.ServiceTypeDescription = "File system driver, which is also a Kernel device driver."
              }
            4 {
                $Obj.ServiceTypeDescription = "A set of arguments for an adapter."
              }
            8 {
                $Obj.ServiceTypeDescription = "A file system driver service, such as a file system recognizer."
              }
            10 {
                $Obj.ServiceTypeDescription = "A Win32 program that can be started by the Service Controller and that obeys the service control protocol. This type of Win32 service runs in a process by itself."
              }
            16 {
                $Obj.ServiceTypeDescription = "A Win32 program that runs in a process by itself. This type of Win32 service can be started by the service controller."
              }
            20 {
                $Obj.ServiceTypeDescription = "A Win32 service that can share a process with other Win32 services."
              }
            32 {
                $Obj.ServiceTypeDescription = "A Win32 program that shares a process. This type of Win32 service can be started by the service controller."
              }
            272 {
                $Obj.ServiceTypeDescription = "A Win32 program that runs in a process by itself (like Type16) and that can interact with users."
              }
            288 {
                $Obj.ServiceTypeDescription = "A Win32 program that shares a process and that can interact with users."
              }

        } # END: Switch ($Obj.Type)


        # Add each instance of a service to the output array.
        $DataAry += $Obj
    }

    # Return the output array
    Write-Output $DataAry
}

Comments

Popular posts from this blog

How to list all the AD LDS instances on a server

AD LDS allows you to provide directory services to applications that are free of the confines of Active Directory.  To list all the AD LDS instances on a server, follow this procedure: Log into the server in question Open a command prompt. Type dsdbutil and press Enter Type List Instances and press Enter . You will receive a list of the instance name, both the LDAP and SSL port numbers, the location of the database, and its status.

How to run GPResult on a remote client with PowerShell

In the past, to run the GPResult command, you would need to either physically visit this client, have the user do it, or use and RDP connection.  In all cases, this will disrupt the user.  First, you need PowerShell remoting enabled on the target machine.  You can do this via Group Policy . Open PowerShell and type this command. Invoke-Command –ScriptBlock {GPResult /r} –ComputerName <ComputerName> Replace <ComputerName> with the name of the target.  Remember, the target needs to be online and accessible to you.

Error icon when creating a GPO Preference drive map

You may not have an error at all.  Take a look at the drive mapping below. The red triangle is what threw us off.  It is not an error.  It is simply a color representation of the Replace option of the Action field in the properties of the drive mappings. Create action This give you a green triangle. The Create action creates a new mapped drive for users. Replace Action The Replace action gives you a red triangle.  This action will delete and recreate mapped drives for users. The net result of the Replace action is to overwrite all existing settings associated with the mapped drive. If the drive mapping does not exist, then the Replace action creates a new drive mapping. Update Action The Update action will have a yellow triangle. Update will modify settings of an existing mapped drive for users. This action differs from Replace in that it only updates settings defined within the preference item. All other settings remain as configured on the ma...