The Get-Service cmdlet will retrieve
“objects that represent the services on a local computer or on a remote computer”.
Ambiguous way of formulating things, isn’t it? Let’s try to uncover the meaning behind.
Get-Service | Measure Get-Service -Name * | Measure Get-Service -Name * -include * | Measure
I always get a count of 169 services as you can see:
The Get-Service cmdlet output is a System.ServiceProcess.ServiceController .Net object.
Get-Service | Get-Member -Static
It has 2 static methods, GetServices and GetDevices.
What’s their definition?
[System.ServiceProcess.ServiceController]::GetServices [System.ServiceProcess.ServiceController]::GetDevices
No way to authenticate to query a remote computer. That’s why Get-Service doesn’t support the Credential parameter.
[System.ServiceProcess.ServiceController]::GetServices() | Measure
I got the same number of services as the Get-Service cmdlet.
[System.ServiceProcess.ServiceController]::GetDevices() | Measure
What the heck? What are these 237 additional services?
The GetDevices method
retrieves the device driver services on the local computer.
, i.e, KernelDriver and FileSystemDriver service types.
([System.ServiceProcess.ServiceController]::GetDevices()).ServiceType | Sort -Unique
The GetServices method
retrieves all the services on the local computer, except for the device driver services.
([System.ServiceProcess.ServiceController]::GetServices()).ServiceType | Sort -Unique
Let’s do some maths:
[System.ServiceProcess.ServiceController]::GetDevices() + [System.ServiceProcess.ServiceController]::GetServices() | Measure # Are they unique? [System.ServiceProcess.ServiceController]::GetDevices() + [System.ServiceProcess.ServiceController]::GetServices() | Sort -Unique | Measure
In other words, the Get-Service cmdlet outputs by default only the objects that you can obtain using the GetServices method.
Really?
Let’s find the name of one kernel driver service.
[System.ServiceProcess.ServiceController]::GetDevices() | Select -Last 1 -Property Status,Name,ServiceType,DisplayName | Format-Table -AutoSize
If I start type the first two letters of the service name I’m looking for and rely on the tab completion, only services that you can get with the GetServices method are enumerated.
If I type:
Get-Service -Name Wud* Get-Service -Name WudfP* Get-Service -Name WudfPf
I get:
Based on the above results, the Get-Service cmdlet is able to retrieve kernel driver or file system driver services only if you know their exact name. Wildcard are not allowed in this case.
Why Kernel drivers and file system drivers aren’t returned by the Get-Service cmdlet by default? I can probably guess the answer.
The Get-Service is designed to pass objects through the pipeline to other cmdlets that take actions like “Start”,”Stop”,”Pause”,”Resume”.
Let’s say I do:
Get-Service -Name wu* | Stop-Service -PassThru -Verbose | Set-Service -StartupType Disabled -Verbose
Better safe than sorry. Imagine there’s a critical kernel driver returned by the above wildcard query. It would probably immediately end with a blue screen.
If you really know what you do, you have to know the exact name of kernel driver and file system driver services to be able to manipulate them with the built-in *-Service cmdlets.
>_ 