Homepage 5 How-to Articles 5 Ways To Get a List of Windows Services on Domain Computers

Ways To Get a List of Windows Services on Domain Computers

Manage remote endpoints, deploy software and patches with Action1 cloud RMM solution.

Sign up and use free on up to 50 endpoints with no functionality limits or expiration.

November 2, 2018

Services are applications that run in the background during system boot or when certain events occur and provide the basic functionality of the OS. As a rule, computer services do not have a graphical interface, so their work is not noticeable to the user for the most part. Therefore, there is often a problem to find out a list of Windows services on remote domain computer.

Just about 80 various services are installed in the system with a standard Windows installation. And despite the fact that not all of them are launched automatically, the number of workers by default still seems too high, considering that a significant part of the total number of vulnerabilities ever discovered in this OS falls on system services. In addition, at home, many default services simply do not need to. For these and other reasons related to the optimization of the computer, it is recommended that you disable all services that you do not use.

Windows services running on your endpoints without real need can potentially expose them for cyber attacks, introduce performance issues or cause other administrative headaches. Creating an inventory of running services across the entire network is the the first step in decreasing your attack surface or optimizing system performance. This guide explains how to do query a list of Windows services in bulk and filter results (such as as started/stopped, service name, description etc).


1. Execute WMI Query in ROOT\CIMV2 Namespace:

Launch WMI Explorer or any other tool which can run WMI queries.
Run WMI query: SELECT * FROM Win32_Service

2. Open WMIC Command-line Interface:

Press WIN+R
Type “wmic”, press Enter
In wmic command line tool type: /node:RemoteComputerName service

3. Run This Simple Windows Powershell Script:

Thru WMI object: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName

4. Use Following Code to Select Specific Columns:

Execute: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, PSComputerName

5. Sort the Results Using the Line Below:

Invoke command: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, PSComputerName | Sort-Object DisplayName

6. The Next Code Helps to Filter Results:

Use it: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, PSComputerName | Where-Object -FilterScript {$_.DisplayName -like “Microsoft*”}

7. Save Results to CSV File:

Run: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, PSComputerName | Export-CSV “c:\file.csv” -Append -NoTypeInformation

8. The Next Step Is to Query Multiple Computers:

Computers from a text file: Get-Content -Path c:\computers.txt | ForEach-Object {Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer $_}
Computers from AD domain: Get-ADComputer -Filter {OperatingSystem -Like ‘Windows 10*’} | ForEach-Object {Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer $_.Name}

Related Articles

How To Delete User Profiles Remotely with PowerShell

When a user logs onto the computer for the first time (not via the network to access shared folders or printers), Windows creates a user profile. Among its contents are the NTUSER.DAT file (user profile settings), user-specific folders (My Documents, Desktop, etc.),...

How to Uninstall Programs With Standard Windows Tools

UThis tutorial for new users details where to add and remove Windows 10 programs, the quickest way to get to this Control Panel component, and more information on how to properly uninstall Windows 10 programs and applications from your computer. In fact, when compared...

How to Shutdown Computers via Powershell Remotely

It is logical that most people will always use graphic windows and a mouse to complete work on the computer, this is correct since it is simpler and faster, but there are a number of cases when you, as an advanced user or a system administrator, are simply obliged to...

About Action1 RMM

Action1 RMM is a cloud-based IT solution for remote monitoring and management, patching, and remote support.

Start your free two-week trial of Action1, or use RMM tools for free forever on 50 endpoints with no functionality limitations!


Submit a Comment

Your email address will not be published.

cloud patch management solutions action1

RMM Solution for MSPs

Centralize endpoint management and boost efficiency of IT service delivery.

automated server patch management action compliance

Patch Management

Identify and deploy missing OS and third-party software updates.

cloud software deployment tools windows

Software Deployment

Distribute software and updates across managed endpoints.

software distribution tools software inventory action1

IT Asset Inventory

Keep a detailed inventory and manage hardware and software assets.

web client remote desktop

Remote Desktop

Support users via seamless remote desktop connection.

web based rdp client

Unattended Access

Provide administrative support and manage remote devices.

automated patch management action1

Endpoint Management

Run PowerShell, custom scripts, reboot computers and restart services.

API integrations action1


Integrate Action1 RMM to your IT ecosystem.

computer inventory tool for compliance

Reports and Alerts

Conduct endpoint security audits with comprehensive reporting.