HOWTO: Get a List of Windows Services on Domain Computers


Services are applications that run in the background during system boot or when certain events occur and provide the basic functionality of the OS. As a rule, computer services do not have a graphical interface, so their work is not noticeable to the user for the most part. Therefore, there is often a problem to find out a list of Windows services on remote domain computer.

Just about 80 various services are installed in the system with a standard Windows installation. And despite the fact that not all of them are launched automatically, the number of workers by default still seems too high, considering that a significant part of the total number of vulnerabilities ever discovered in this OS falls on system services. In addition, at home, many default services simply do not need to. For these and other reasons related to the optimization of the computer, it is recommended that you disable all services that you do not use.

Windows services running on your endpoints without real need can potentially expose them for cyber attacks, introduce performance issues or cause other administrative headaches. Creating an inventory of running services across the entire network is the the first step in decreasing your attack surface or optimizing system performance. This guide explains how to do query a list of Windows services in bulk and filter results (such as as started/stopped, service name, description etc).



Manually:

1. Execute WMI Query in ROOT\CIMV2 Namespace:

   - Launch WMI Explorer or any other tool which can run WMI queries.
   - Run WMI query: SELECT * FROM Win32_Service

2. Open WMIC Command-line Interface:

   - Press WIN+R
   - Type "wmic", press Enter
   - In wmic command line tool type: /node:RemoteComputerName service

3. Run This Simple Windows Powershell Script:

   - thru WMI object: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName

4. Use Following Code to Select Specific Columns:

   - execute: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, PSComputerName

5. Sort the Results Using the Line Below:

   - invoke command: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, PSComputerName | Sort-Object DisplayName

6. The Next Code Helps to Filter Results:

   - use it: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, PSComputerName | Where-Object -FilterScript {$_.DisplayName -like "Microsoft*"}

7. Save Results to CSV File:

   - run: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, PSComputerName | Export-CSV "c:\file.csv" -Append -NoTypeInformation

8. The Next Step Is to Query Multiple Computers:

   - computers from a text file: Get-Content -Path c:\computers.txt | ForEach-Object {Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer $_}
   - computers from AD domain: Get-ADComputer -Filter {OperatingSystem -Like “Windows 10*”} | ForEach-Object {Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer $_.Name}

With Action1 Endpoint Security Platform:

Step 1 - Sign-up for Free:

 

Step 2 - Type Your Question in Plain English:

How to get a list of Windows services on domain. Use computers script to list installed software on multiple computers, write windows services list in CSV. - search query

Step 3 - Set Filters, If Necessary:

How to get a list of Windows services on domain. Use computers script to list installed software on multiple computers, write windows services list in CSV. - set filters

Step 4 - See Results from All Endpoints in Seconds:

Endpoint NameDisplay NameStartedStart Mode
mac.widgets.localRemote Desktop ServicesTrueManual
fred.widgets.localWindows Defender FirewallFalseManual
ray.widgets.localWindows UpdateTrueAutomatic

Do not have time to write scripts? Check out Action1 Endpoint Security Platform. Ask questions in plain English such as "list of installed software" or "all running processes".
Get answers instantly from live systems or subscribe to real-time alerts:


Other Relevant HOWTOs: