Today, I need to find the registered services of some running processes & its installed path. Here we can use some third-party tools, such as Process Explorer, Process Hacker and find each process’s associated service. But, I want to use the built-in options, so WMI with Powershell is the way to go. I also checked the windows task manager and it only listed the service & it’s associated service name, not the process name. So, I need to do some scripting to get it through. It’s the sample output.
Empower yourself with the ability to perform administrative tasks on multiple servers remotely, even while users are logged in or away. PowerShell remoting, available since PowerShell version 2 and above, opens up a world of possibilities for system administrators.
If you’re using Windows 7, 2008R2, or newer, PowerShell remoting is already at your fingertips. However, for legacy environments like Server 2003 and Windows XP, a few additional steps are required. You’ll need to install the Server 2003 Service Pack 2 and the Windows Management Framework.
Things to do on the destination computer
This is the computer on which you want to execute the remote commands. On this machine, run PowerShell as an administrator and execute the command.
Set-ExecutionPolicy RemoteSigned
Then, initialize WinRM with the following command:
winrm quickconfig -quiet
On the source computer, you’ll also need to start the WinRM service temporarily to configure settings. Remember to add the destination computers to the trusted hosts list for communication. This ensures a secure connection between local and remote systems. Other words, in trustedhosts list, you can define the destination computers by IP addresses separated by commas or using wildcard as follows. (Note: if you use the HTTPs, you need to generate the certificate and add to each computer, so it would be more efficient to enroll the certificate via GPO in domain environment. I’ll write the other article for this scenario)
Things to do on Source Computer
This is the computer that will initiate the connection. In the elevated PowerShell session of source computer, type:
You can execute remote scripts on multiple computers, you can put the computers names as IPs or hostnames in text file. Here is the one I show as example.
Tired of spending hours manually querying DNS records? A few days ago, I had to query over 100 DNS records to determine if both forward and reverse records were working properly. Making the nslookup over 100 records is a time-consuming and daunting task for a system administrator. Therefore, I decided to write a powershell script to automate the job.
You will need to put the hostnames in hostnames.txt file in the same directory as the script file and run the script.
While third-party tools like VMware Standalone Converter and Starwind V-2-V exist for converting VDI to VMDK or VHD, leveraging VirtualBox’s native capabilities offers a speedy alternative. You can follow our step-by-step guide, applicable to both Windows and Linux environments, and optimize your virtualization workflow effortlessly. Go to virtualbox install directory in windows command prompt and type the following command.
VBoxManage.exe clonehd c:\DiskVirtualold-disk.vdi c:\DiskVirtualnew-disk.vmdk –format vmdk –type normal –variant standard
Now, you can attach the converted vdisk to the VM of your choice.
In windows system administration, understanding how to stop windows services which is not responding or hanged is a crucial skill. Whether you’re troubleshooting a misbehaving process or aiming to optimize system resources, knowing the ins and outs of service management can significantly impact your computing experience.
In this example, let’s forcefully stop the windows time service by killing the associated process.
First, query the service PID via NT service controller.
sc queryex <servicename> eg. sc queryex w32time Note: you can find the service name from services.msc in Run box. Here w32time for Windows Time Service.
2) Note the PID of the service. Here our process ID is 904
You might sometimes encounter grayed-out services, particularly in scenarios like antivirus programs where certain services are intentionally safeguarded against tampering for security purposes, can pose challenges in managing your system effectively. However, there are strategies you can employ to navigate this hurdle and regain control over these services.
Option 1 – Startup Config
1) type “msconfig” in Run box 2) in the service tab, uncheck the service 3) reboot the computer
Option 2 – Registry Modification
The second method involves accessing the Windows Registry, the central repository of system settings, and making targeted modifications to alter the startup type of the grayed-out services. 1) Go to HKLMSYSTEMCurrentControlSetServices 2) Double-Click the Start SubKey 3) Change the DWORD value to 0 to 4 according to your startup option. 2 for Automatic & 4 for Disabled.
Below are Start values and description according to the technet article.
Value
Description
0
Boot (loaded by kernel loader). Components of the driver stack for the boot (startup) volume must be loaded by the kernel loader.
1
System (loaded by I/O subsystem). Specifies that the driver is loaded at kernel initialization.
2
Automatic (loaded by Service Control Manager). Specifies that the service is loaded or started automatically.
3
Manual. Specifies that the service does not start until the user starts it manually, such as by using Device Manager.
4
Disabled. Specifies that the service should not be started.
