Reputation: 66
Get service name inside service
I want to get service name inside service. The rough idea is to get process id and compare the process id with services enumerated by WMI, ServiceCotroller or EnumServicesStatusEx() API.
The problem is that the service is running under a domain account (it isn't local administrator). When I want to enumerate the services inside the running service, the running service itself is missing from enumeration!
If I move the service account to local administrator, the running service is found. So it isn't code issue. (If code issue, the behavior should be same: service not found.)
If I extract the logic to a console application (or by powershell) and run application or powershell under service account, the service is found, too. So it isn't permission issue. (If permission issue, the behavior should be same: service not found.)
The service CANNOT be enumerated when the service account IS NOT administrator and INSIDE service. It is very wire issue.
I check documentation for EnumServicesStatusEx from MSDN and find local administrator has extra SC_MANAGER_LOCK than local authenticated user. Is it the reason? But I CANNOT link the lock with service enumeration.
Or somebody please indicate a way to query service name inside the service.
Thanks.
BTW, It is on Windows 2008 R2.
I found a related question: How to get name of windows service from inside the service itself. the 1st answer is not acceptable for me. I want to provide a common library and has no control to installer. the 2nd answer is same idea with me. I guess it should be same with my result.
Upvotes: 3
Views: 961
Answers (2)
Reputation: 66
It is a permission issue.
Run psservice from Sysinternals like:
psservice.exe security InstrumentationTestService
and I got the following result:
PsService v2.24 - Service information and configuration utility
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
SERVICE_NAME: InstrumentationTestService
DISPLAY_NAME: InstrumentationTestService
ACCOUNT: LocalSystem
SECURITY:
[ALLOW] NT AUTHORITY\SYSTEM
Query status
Query Config
Interrogate
Enumerate Dependents
Pause/Resume
Start
Stop
User-Defined Control
Read Permissions
[ALLOW] BUILTIN\Administrators
All
[ALLOW] NT AUTHORITY\INTERACTIVE
Query status
Query Config
Interrogate
Enumerate Dependents
User-Defined Control
Read Permissions
[ALLOW] NT AUTHORITY\SERVICE
Query status
Query Config
Interrogate
Enumerate Dependents
User-Defined Control
Read Permissions
It indicates that my service account has no permission to Query the service status.
If I use service account to run powershell/WMI/ServiceController, the service account will turn into a INTERACTIVE user. So it has the permission to query service status.
The solution is to grant the service account Query status permission.
Upvotes: 1
Reputation: 72640
This is not a pure PowerShell answer, but you've got a good tool as far as EXEs,DLLs and SERVICEs are concerned it's TASKLIST.EXE.
Have a look to /FI and /FO. In the following sample I get information for the search service.
tasklist /FI "SERVICES eq WSearch" /FO "CSV"
To integrate it with PowerShell youcan use :
tasklist /FI "SERVICES eq WSearch" /FO "CSV" | ConvertFrom-Csv
Upvotes: 0
Related Questions
- How to pull physical path of a Windows Service using Get-Service command
- How to list all the services running with a service account in a server using Powershell
- filter Get-Service by username
- Show Service permissions programmatically
- Powershell Get-Service to show all services executed with specific service account name
- How do i get the name of a service from the proccess id?
- Get List of Windows Services with Service Account
- How to get name of windows service from inside the service itself
- How can I get the name of my Windows Service at runtime?
- How can I get the ServiceName in a Windows Service written in C#?