Change password of account that is used to run a service

Question

I am updating a windows service to run under a specific user instead of Local User using PowerShell.

If I update it manually it is working, but I am not able to update the password with my script.

Function RunWindowsServiceUnderSpecificUser{
Param(
[Parameter(Mandatory=$true)]
[string] $ServiceName,
[Parameter(Mandatory=$true)]
[string] $UserName,
[Parameter(Mandatory=$true)]
[string] $Password)

$Service = Get-WmiObject -Class Win32_service -Filter "name='$ServiceName'"
$NoDesktopInteract = $false

[string]$DomainUser=(gwmi win32_userAccount -Filter "Name='$UserName'").Caption
if ($Service.Started){
Get-Service $Service.Name | Stop-Service -Force
while ($Service.Started){
Write-Output "Waiting for $ServiceName to stop..."
sleep 2
$Service = Get-WmiObject -Class Win32_service -Filter"name='$ServiceName'"}}
Write-Output "$ServiceName stopped."
Write-Output "Changing $ServiceName logon account to $DomainUser."
$result = $Service.Change($null,$null,$null,$null,$null,$NoDesktopInteract,$DomainUser,$Password,$null,$null,$null) | Select -ExpandProperty ReturnValue
Write-Output "Changed with return value: $result"
$service.Change($Null,$Null,$Null,$Null,$Null,$Null,$Null,$Password)
& sc.exe config $ServiceName obj= $DomainUser password= $Password

Write-Output "Starting $ServiceName... "
$result = $Service.StartService() | Select -ExpandProperty ReturnValue
Write-Output "done with return value: $result."}

Answer 1

I didn't create this, but I use it once or twice a day. I am not sure how secure you want to be, but I am sure someone could figure out the Get-Credentials part. I really like this script because of the amazing error handling.

We have three parameters. Special thing about this script is the $global:ServiceName, because it will use the wildcard. When I do this I have 100+ Services named the same thing, but I only want to change the ones with the XX-XX in it. It will change all services that are created for company XX-XX.

$Global:SAuseraccount='DOMAIN\ACCOUNT' #'DOMAIN\ACCOUNT'
$Global:SAuserpassword='yplmQ7gmdZ' #Password'
$global:ServiceName='SERVICE'

#$Global:Credential = Get-Credential -UserName $Global:SAuseraccount -Message "Provide Service Account Password"
#$Global:Credential.Username
#$Global:Credential.Password

 function Test-Admin {
  $currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
  $currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
}
if ((Test-Admin) -eq $false)  {
    if ($elevated) 
    {
        # tried to elevate, did not work, aborting
    } 
    else {
        Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
}

exit
}
function PowerShell-PrintErrorCodes ($strReturnCode){
#This function will print the right value. The error code list was extracted using the MSDN documentation for the change method as December 2014
Switch ($strReturnCode) 
    {
    0{ write-host  "    0 The request was accepted." -foregroundcolor "white" -BackgroundColor "Red" } 
    1{ write-host  "    1 The request is not supported." -foregroundcolor "white" -BackgroundColor "Red" } 
    2{ write-host  "    2 The user did not have the necessary access."-foregroundcolor "white" -BackgroundColor "Red"} 
    3{ write-host  "    3 The service cannot be stopped because other services that are running are dependent on it." -foregroundcolor "white" -BackgroundColor "Red"} 
    4{ write-host  "    4 he requested control code is not valid, or it is unacceptable to the service." -foregroundcolor "white" -BackgroundColor "Red"} 
    5{ write-host  "    5 The requested control code cannot be sent to the service because the state of the service (Win32_BaseService State property) is equal to 0, 1, or 2." -foregroundcolor "white" -BackgroundColor "Red"} 
    6{ write-host  "    6 The service has not been started." -foregroundcolor "white" -BackgroundColor "Red"} 
    7{ write-host  "    7 The service did not respond to the start request in a timely fashion." -foregroundcolor "white" -BackgroundColor "Red"} 
    8{ write-host  "    8 Unknown failure when starting the service."-foregroundcolor "white" -BackgroundColor "Red" } 
    9{ write-host  "    9 The directory path to the service executable file was not found." -foregroundcolor "white" -BackgroundColor "Red"} 
    10{ write-host  "    10 The service is already running."-foregroundcolor "white" -BackgroundColor "Red" } 
    11{ write-host  "    11 The database to add a new service is locked."-foregroundcolor "white" -BackgroundColor "Red" } 
    12{ write-host  "    12 A dependency this service relies on has been removed from the system."-foregroundcolor "white" -BackgroundColor "Red" } 
    13{ write-host  "    13 The service failed to find the service needed from a dependent service."-foregroundcolor "white" -BackgroundColor "Red" } 
    14{ write-host  "    14 The service has been disabled from the system."-foregroundcolor "white" -BackgroundColor "Red" } 
    15{ write-host  "    15 The service does not have the correct authentication to run on the system."-foregroundcolor "white" -BackgroundColor "Red" } 
    16{ write-host  "    16 This service is being removed from the system."-foregroundcolor "white" -BackgroundColor "Red" }
    17{ write-host  "    17 The service has no execution thread." -foregroundcolor "white" -BackgroundColor "Red"} 
    18{ write-host  "    18 The service has circular dependencies when it starts."-foregroundcolor "white" -BackgroundColor "Red" } 
    19{ write-host  "    19 A service is running under the same name."-foregroundcolor "white" -BackgroundColor "Red" } 
    20{ write-host  "    20 The service name has invalid characters."-foregroundcolor "white" -BackgroundColor "Red" } 
    21{ write-host  "    21 Invalid parameters have been passed to the service."-foregroundcolor "white" -BackgroundColor "Red" } 
    22{ write-host  "    22 The account under which this service runs is either invalid or lacks the permissions to run the service."-foregroundcolor "white" -BackgroundColor "Red" } 
    23{ write-host  "    23 The service exists in the database of services available from the system."-foregroundcolor "white" -BackgroundColor "Red" } 
    24{ write-host  "    24 The service is currently paused in the system."-foregroundcolor "white" -BackgroundColor "Red" } 
    }
}
Function ServiceAccount {
$svcD=gwmi win32_service  -filter "name like '%$global:ServiceName%'" 
$svcD | ForEach-Object {

write-host "Service to change user and pasword: "   $_.name -foregroundcolor "green"

write-host "----------------------------------------------------------------"  


       if ($_.state -eq 'Running')
       {

           write-host "    Attempting to Stop de service..."
           $Value = $_.StopService()
            if ($Value.ReturnValue -eq '0') 

               {
                $Change = 1       
                $Starts = 1      
                write-host "    Service stopped" -foregroundcolor "white" -BackgroundColor "darkgreen"
                }
               Else 
               {
                    write-host "    The stop action returned the following error: " -foregroundcolor "white" -BackgroundColor "Red"
                    PowerShell-PrintErrorCodes ($Value.ReturnValue)
                     $Change = 0
                     $Starts = 0
                }
       }
       Else
       {
         write-host "    As the service is not running before, is not going to be started after the change." -foregroundcolor "green"
         $Starts = 0
         $Change = 1

       }

           if ($Change -eq 1 ) 
           {
             write-host "    Attemtping to change the service..."
               #this is the method that will do the user and pasword change
               $Value = $_.change($null,$null,$null,$null,$null,$null,$Global:SAuseraccount,$Global:SAuserpassword,$null,$null,$null) 
               if ($Value.ReturnValue -eq '0') 
                {
                   write-host "    Pasword and user changed" -foregroundcolor "white" -BackgroundColor "darkgreen"
                   if ($Starts -eq 1) 
                        {
                            write-host "    Attemtping to start the service, waiting 5 seconds..."
                            [System.Threading.Thread]::Sleep(5*1000)
                            $Value =  $_.StartService()
                            if ($Value.ReturnValue -eq '0') 
                                {
                                    write-host "    Service started sucsesfully" -foregroundcolor "white" -BackgroundColor "darkgreen"
                                }
                             Else
                                {
                                write-host "    Error while starting the service: " -foregroundcolor "red" 
                                 PowerShell-PrintErrorCodes ($Value.ReturnValue)
                                }
                        }                                                           
                    }
                Else 
                 {
                 write-host "    The change action returned the following error: "  -foregroundcolor "red" 
                  PowerShell-PrintErrorCodes ($Value.ReturnValue)
                 }
                }                      

   write-host "----------------------------------------------------------------"    
}

write-host "PROCESS COMPLETED"  -foregroundcolor "green"

}
Test-Admin
ServiceAccount