「ネットワークサービス」アカウント用にPowershellでWindowsサービスを作成する方法は?
Powershellを使用してWindowsサービスを作成したい。特定のユーザー向けに作成するのは簡単です。 here から適応したこの関数を使用しました。
function ReinstallService1 ($serviceName, $binaryPath, $login, $pass)
{
Write-Host "installing service"
# creating credentials which can be used to run my windows service
$secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($login, $secpasswd)
# creating widnows service using all provided parameters
New-Service -name $serviceName -binaryPathName $binaryPath -displayName $serviceName -startupType Automatic -credential $mycreds
Write-Host "installation completed"
}
私の質問は:「ネットワークサービス」アカウントの作成方法は?
New-Service行を変更し、資格情報パラメーターを削除すると、 "Local System"アカウント。ほぼミス。
New-Service -name $serviceName -binaryPathName $binaryPath -displayName $serviceName -startupType Automatic
私はたくさんグーグルで調べましたが、サービスアカウントを示す方法はありませんでした。ユーザー "NETWORK SSERVICE"にCredentialパラメーターを使用しようとすると、どのパスワードを入力するかわからず、パスワードを発明するかどうか(念のため)コマンドレットはそれを無視します)動作しません。エラーは次のとおりです。
New-Service:次のエラーのため、サービス 'XXXX(XXXX)'を作成できません:アカウント名が無効か存在しないか、指定されたアカウント名のパスワードが無効です
アカウントの正しい名前はNT AUTHORITY\NETWORK SERVICE。
これは、特にAniketにとって、全員の利益のための再インストールサービスの最終バージョンです。
function ReinstallService ($serviceName, $binaryPath, $description, $login, $password, $startUpType)
{
Write-Host "Trying to create service: $serviceName"
#Check Parameters
if ((Test-Path $binaryPath)-eq $false)
{
Write-Host "BinaryPath to service not found: $binaryPath"
Write-Host "Service was NOT installed."
return
}
if (("Automatic", "Manual", "Disabled") -notcontains $startUpType)
{
Write-Host "Value for startUpType parameter should be (Automatic or Manual or Disabled) and it was $startUpType"
Write-Host "Service was NOT installed."
return
}
# Verify if the service already exists, and if yes remove it first
if (Get-Service $serviceName -ErrorAction SilentlyContinue)
{
# using WMI to remove Windows service because PowerShell does not have CmdLet for this
$serviceToRemove = Get-WmiObject -Class Win32_Service -Filter "name='$serviceName'"
$serviceToRemove.delete()
Write-Host "Service removed: $serviceName"
}
# if password is empty, create a dummy one to allow have credentias for system accounts:
#NT AUTHORITY\LOCAL SERVICE
#NT AUTHORITY\NETWORK SERVICE
if ($password -eq "")
{
$secpassword = (new-object System.Security.SecureString)
}
else
{
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
}
$mycreds = New-Object System.Management.Automation.PSCredential ($login, $secpasswd)
# Creating Windows Service using all provided parameters
Write-Host "Installing service: $serviceName"
New-Service -name $serviceName -binaryPathName $binaryPath -Description $description -displayName $serviceName -startupType $startUpType -credential $mycreds
Write-Host "Installation completed: $serviceName"
# Trying to start new service
Write-Host "Trying to start new service: $serviceName"
$serviceToStart = Get-WmiObject -Class Win32_Service -Filter "name='$serviceName'"
$serviceToStart.startservice()
Write-Host "Service started: $serviceName"
#SmokeTest
Write-Host "Waiting 5 seconds to give time service to start..."
Start-Sleep -s 5
$SmokeTestService = Get-Service -Name $serviceName
if ($SmokeTestService.Status -ne "Running")
{
Write-Host "Smoke test: FAILED. (SERVICE FAILED TO START)"
Throw "Smoke test: FAILED. (SERVICE FAILED TO START)"
}
else
{
Write-Host "Smoke test: OK."
}
}
次のように簡単にネットワークサービスの信用を得ることができます。
$login = "NT AUTHORITY\NETWORK SERVICE"
#### #just set a dummy psw since it's just used to get credentials
$psw = "dummy"
$scuritypsw = ConvertTo-SecureString $psw -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential($login, $scuritypsw)
#### #then you can use the cred to new a windows service
$serviceName = "Test"
$binaryPath = "C:\Test\Test.exe"
New-Service -name $serviceName -binaryPathName $binaryPath -displayName $serviceName -startupType Automatic -credential $mycreds