Powershell Remote Stop and Disable Service

0
votes

SO Braintrust. I'm not a Powershell person, but I'm working on it. Trying to address yet another zero-day, I'm trying to build a reuseable script to remotely stop and disable the affected service. It is based on a script I got from a Microsoft MVP at (ultimately): http://portal.sivarajan.com/2010/07/stopstart-or-enabledisable-service_26.html

The prompt for the service name was added by me as well as the output information (Write-host & Add-Content lines), so I could get a results summation (the output part's not working fully, but it's the least of my concerns at the moment.).

$output = "c:\scripts\results.csv"
Add-content -path $output "======================"
Add-content -path $output "StopAndDisableService Output Start"
cls
$Cred = Get-Credential
$service = Read-Host -Prompt 'Enter Service Name" '
Import-CSV C:\Scripts\computers.csv | % 
{ 
   $computer = $_.ComputerName
   Write-Host "Working on $computer"
   Add-content -path $output "$computer"
   $result = (Get-WmiObject win32_service -computername $computer -filter "name='$service'" -Credential $cred).stopservice()
   Add-content -path $output "    Stop - $result"
   $result = (Get-WmiObject win32_service -computername $computer -filter "name='$service'" -Credential $cred).ChangeStartMode("Disabled")
   Add-content -path $output "    Disable - $result"
} 
Add-content -path $output "======================"
Add-content -path $output "StopAndDisableService Output End"

when I run it, I get an error on the computer name

Get-WmiObject : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. At C:\Scripts\StopAndDisableService.ps1:12 char:54 + ... result = (Get-WmiObject win32_service -computername $computer -filter ... + ~~~~~~~~~ + CategoryInfo : InvalidData: (:) [Get-WmiObject], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.GetWmiObjectCommand Get-WmiObject : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again. At C:\Scripts\StopAndDisableService.ps1:14 char:54 + ... result = (Get-WmiObject win32_service -computername $computer -filter ... + ~~~~~~~~~ + CategoryInfo : InvalidData: (:) [Get-WmiObject], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.GetWmiObjectCommand

Computer.csv contains one computer name per line, no punctuation, no FQDN, just the computer name

1
powershellget-wmiobject
does the CSV have a header line? if yes, then what is that header line? - Lee_Dailey
no, there are no headers, just one computername per line - Gavin142
@Gavin142 Add -Header ComputerName to the Import-Csv statement then - Mathias R. Jessen
ok, changed the line to ""Import-CSV C:\Scripts\computers.csv -Header ComputerName| % { "" and it is working down the list now... only errors are on offline machines... still processing. will analyze the output and edit this as appropriate once it's complete. Thank you @Mathias - Gavin142
After spot checking four pc's, it seems to work now... all excepting the results output file... was hoping to record the output and possibly the errors from each command as it cycled through - Gavin142

1 Answers

0
votes

Special thanks to @Mathias R. Jessen for his help on this. Final working code. you will have to analyze the screen output to catch any errors and see which machines it did not catch due to being offline @ time of running (some output file items have been commented out since they don't work as intended)

$output = "c:\scripts\results.csv"

Add-content -path $output "======================"
Add-content -path $output "StopAndDisableService Output Start"
cls
$Cred = Get-Credential
$service = Read-Host -Prompt 'Enter Service Name" '
Import-CSV C:\Scripts\computers.csv -Header ComputerName | % { 
$computer = $_.ComputerName
Write-Host "Working on $computer"
Add-content -path $output "$computer"
$result = (Get-WmiObject win32_service -computername $computer -filter "name='$service'" -Credential $cred).stopservice()
#Add-content -path $output "    Stop - $result"
$result = (Get-WmiObject win32_service -computername $computer -filter "name='$service'" -Credential $cred).ChangeStartMode("Disabled")
#Add-content -path $output "    Disable - $result"
}
Add-content -path $output "======================"
Add-content -path $output "StopAndDisableService Output End"

Analyzing results on the screen output, any results with

  • Just the machine name - means it's processed without error on that machine (success)
  • RPC server is unavailable means machine is offline
  • Cannot call a method on Null-Valued expression on line 12 or line 14 means that service doesn't exist on that machine

The results.csv output file will contain list of names of the machines this script was run against