Jump to content
Sign in to follow this  
support

Reset Windows Service Password (by Click Studios)

Recommended Posts

Script Name

Reset Windows Service

 

Description

Update the password for a Window Service, and restart the Service

 

System Requirements

  • PowerShell 2.0 or above
  • PowerShell Remoting enabled
  • Firewall to allow access

 

Successfully Tested Against

  • Windows Server 2008 & R2
  • Windows Server 2012 & R2
  • Windows 7 Desktop
  • Windows 8 & 8.1 Desktop

 

Failed Testing Against

  • None reported 

 
PowerShell Script

<#
.SYNOPSIS
Connect to a Windows host using the supplied Privileged Account Credentials, and change the password for a Windows Service identity.
.NOTES
Requires PowerShell Remoting to be enabled and WMI Service to be running
#>
function Set-WindowsServicePassword
{
	[CmdletBinding()]
	param (
		[String]$HostName,
		[String]$ServiceName,
		[String]$UserName,
		[String]$NewPassword,
		[String]$PrivilegedAccountUserName,
		[String]$PrivilegedAccountPassword
	)
	
	$scriptBlock = {
		param ($ServiceName, $UserName, $NewPassword)
		
		$Service = Get-WmiObject -Class Win32_Service -Filter "DisplayName='$ServiceName'"
		
		#Chech for the service
		if ($Service -eq $null)
		{
			Write-Output "Could not query the Windows Service '$ServiceName' on Host '$HostName'. Please check the Windows Service Name is correct."
		}
		else
		{
			#Get the result of changing the password
			Stop-Service -DisplayName "$ServiceName" -Force -WarningAction SilentlyContinue | Out-Null
			$Result = $Service.Change($null, $null, $null, $null, $null, $null, $UserName, $NewPassword)
			if ($Result.ReturnValue -eq 0) #If the return value equals 0, success to set the password
			{
				#Restart the service and pause for a second before determining the state
				Start-Service -DisplayName "$ServiceName" | Out-Null
				Start-Sleep -seconds 1
				
				#Now determine if the service has restarted or not
				$ServiceStatus = Get-WmiObject -Class Win32_Service -Filter "DisplayName='$ServiceName'"
				$ServiceRunningState = $ServiceStatus.State
				
				#Loop around until the Service has restarted
				if ($ServiceRunningState -eq 'Running')
				{
					Write-Output "Success"
				}
		}
		else #If the return value does not equal 0, fail to set the password
			{
				Write-Output "Failed to set new password for the Windows Service '$ServiceName' on Host '$HostName'. Error value returned = $Result.ReturnValue"
			}
		}
	} #End of scriptBlock
	
	try
	{
		$pass = ConvertTo-SecureString $PrivilegedAccountPassword -AsPlainText -Force
		$cred = New-Object System.Management.Automation.PSCredential($PrivilegedAccountUserName, $pass)
		
		$resultsarray = Invoke-Command -ComputerName $HostName -Authentication 'Default' -Credential $cred -ScriptBlock $scriptBlock -ArgumentList $ServiceName, $UserName, $NewPassword 2>&1 #Using 2>&1 to ensure STDERR is piped to STDOUT
		$resultsarray = [string]::join("`r`n", $resultsarray)
		
		if ($resultsarray -eq "Success")
		{
			Write-Output "Success"
		}
		else
		{
			switch -wildcard ($resultsarray.ToString().ToLower())
			{
				"*WinRM cannot complete the operation*" { Write-Output "Failed to reset the password for the Windows Service '$ServiceName' on Host '$HostName' as it appears the Host is not online, or PowerShell Remoting is not enabled."; break }
				"*WS-Management service running*" { Write-Output "Failed to reset the password for the Windows Service '$ServiceName' on Host '$HostName' as it appears the Host is not online, or PowerShell Remoting is not enabled."; break }
				"*WinRM cannot process the request*" { Write-Output "Failed to reset the password for the Windows Service '$ServiceName' on Host '$HostName' as it appears the Host is not online, or PowerShell Remoting is not enabled."; break }
				"*user name or password is incorrect*" { Write-Output "Failed to reset the password for the Windows Service '$ServiceName' on Host '$HostName' as the Privileged Account password appears to be incorrect, or the account is currently locked."; break }
				"*Cannot start service*" { Write-Output "Failed to restart the Windows Service '$ServiceName' on Host '$HostName'. Please check the account credentials used for the Log On As identity are correct."; break }
				#Add other wildcard matches here as required
				default { Write-Output "An error has occured trying to query the Windows Service '$ServiceName' information on Host '$HostName'. Error = $resultsarray" }
			}
		}
	}
	catch
	{
		switch -wildcard ($error[0].Exception.ToString().ToLower())
		{
			"*cannot bind argument to parameter*" { Write-Output "Failed to reset the password for the Windows Service '$ServiceName' on Host '$HostName' as it appears you may not have associated a Privileged Account Credential with the Password Reset script."; break }
			default { Write-Output "Failed to reset the password for the Windows Service '$ServiceName' on Host '$HostName'. Error Unknown." }
		}
	}
}

#Make a call to the Set-WindowsServicePassword function
Set-WindowsServicePassword -HostName '[HostName]' -ServiceName '[ResourceName]' -UserName '[UserName]' -NewPassword '[NewPassword]' -PrivilegedAccountUserName '[PrivilegedAccountUserName]' -PrivilegedAccountPassword '[PrivilegedAccountPassword]'

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×