WEBVTT 00:00.000 --> 00:03.300 >> Hello everyone. I'm instructor Jerri Roberts, 00:03.300 --> 00:05.310 and this is PowerShell Scripting. 00:05.310 --> 00:07.110 In this video, we're going to 00:07.110 --> 00:09.090 talk more about some common commands, 00:09.090 --> 00:11.955 specifically commands that have to do with services. 00:11.955 --> 00:13.995 We're going to talk about Get-Service, 00:13.995 --> 00:16.365 Stop-Service, Start-Service, 00:16.365 --> 00:21.910 Suspend-Service, resume-Service, and Restart-Service. 00:22.070 --> 00:25.370 Get-Service is a very useful command. 00:25.370 --> 00:27.860 It actually gets you a list of services, 00:27.860 --> 00:31.705 it shows both stopped and currently running services. 00:31.705 --> 00:33.770 This could be very, 00:33.770 --> 00:35.210 very useful if you're trying to 00:35.210 --> 00:37.420 figure out what's running and what's not, 00:37.420 --> 00:38.780 especially if you're trying to 00:38.780 --> 00:40.790 troubleshoot an issue or something just is 00:40.790 --> 00:42.140 not being able to 00:42.140 --> 00:44.855 launch or it's crashing or things like that, 00:44.855 --> 00:47.300 you can go in and just do a quick Get-Service, 00:47.300 --> 00:50.875 find your service and see if it's actually running. 00:50.875 --> 00:53.135 Now you can find a service 00:53.135 --> 00:56.990 specifically by using the -name parameter. 00:56.990 --> 00:59.810 If you know the actual name of the service you want to 00:59.810 --> 01:02.285 look at just to Get-Service, 01:02.285 --> 01:04.620 space, -name, 01:04.620 --> 01:06.840 space and the name of the service. 01:06.840 --> 01:08.570 You can also filter 01:08.570 --> 01:11.105 the services using the Where-Object command. 01:11.105 --> 01:12.590 If you guys remember that from 01:12.590 --> 01:15.455 a previous video when we were talking about piping, 01:15.455 --> 01:17.635 we talked about where object. 01:17.635 --> 01:19.430 Now this command will allow 01:19.430 --> 01:21.440 us to do a couple different things. 01:21.440 --> 01:23.990 One of the most useful probably is doing the 01:23.990 --> 01:28.420 where object property status equals stop. 01:28.420 --> 01:31.910 When we're looking for a specific service 01:31.910 --> 01:33.500 and we want to see if it stopped or not, 01:33.500 --> 01:34.975 we can look by name, 01:34.975 --> 01:36.530 or if we want to see what's 01:36.530 --> 01:38.510 actually running or not running, 01:38.510 --> 01:41.945 we can do our Where-Object to see, okay, 01:41.945 --> 01:44.150 this is a list of stopped things 01:44.150 --> 01:46.625 or this is a list of running things. 01:46.625 --> 01:48.140 The way you would do that is 01:48.140 --> 01:51.150 Get-Service space Pipe space 01:51.150 --> 01:55.875 Where-Object -Property Status. 01:55.875 --> 01:59.430 Status being stopped, running all that good stuff, 01:59.430 --> 02:03.235 space -equal space stopped. 02:03.235 --> 02:07.300 Now you'll notice that the actual value here for 02:07.300 --> 02:14.610 the -eq parameter is going to be in quotes. 02:14.610 --> 02:17.620 Now, you could also do a equal sign here, 02:17.620 --> 02:19.390 but in some versions of PowerShell is 02:19.390 --> 02:21.520 deprecated and does not work properly, 02:21.520 --> 02:26.780 so you're going to want to do -eq for equal. 02:28.070 --> 02:31.730 Now another item with Get-Service and 02:31.730 --> 02:33.305 all the other service commands 02:33.305 --> 02:36.240 is -Name versus -DisplayName. 02:36.240 --> 02:39.065 Now a lot of times you can look things up by name, 02:39.065 --> 02:41.945 you can also use the display name. 02:41.945 --> 02:45.380 Services have those two names that you can look for, 02:45.380 --> 02:48.955 the regular name and the display name. 02:48.955 --> 02:51.500 -Name is the usual name for the service and 02:51.500 --> 02:54.995 DisplayName is the display name given to the service. 02:54.995 --> 02:57.965 If you look at this screenshot here, 02:57.965 --> 02:59.840 you'll see that there's a list of 02:59.840 --> 03:02.525 names and a list of display names. 03:02.525 --> 03:05.045 If you use Get-Service, 03:05.045 --> 03:07.340 you can actually go through the list and 03:07.340 --> 03:11.330 find what your actual name and display name is. 03:11.330 --> 03:12.560 Now one thing to note, 03:12.560 --> 03:14.600 DisplayName is usually a little 03:14.600 --> 03:18.105 bit longer than your name. 03:18.105 --> 03:20.610 It has more information in it and can 03:20.610 --> 03:23.345 tell you more about what the actual service is. 03:23.345 --> 03:26.600 Sometimes we don't quite know what it is by name, 03:26.600 --> 03:27.890 but if we look at DisplayName, 03:27.890 --> 03:31.090 we can get some more information and figure it out. 03:31.090 --> 03:33.730 Another thing you can do with Get-Service 03:33.730 --> 03:36.260 is get required independent services. 03:36.260 --> 03:38.540 Now sometimes our services actually depend 03:38.540 --> 03:41.395 on each other in order to run properly. 03:41.395 --> 03:44.900 If we need to find out what 03:44.900 --> 03:46.790 those services are when we're 03:46.790 --> 03:49.645 looking at a service, we can do that. 03:49.645 --> 03:52.120 If you want to find out which services 03:52.120 --> 03:54.230 a service needs in order to run, 03:54.230 --> 03:56.915 so these are the services that have to be running 03:56.915 --> 04:00.020 for our current service that we want to look at to run, 04:00.020 --> 04:02.870 you use the dash required services switch 04:02.870 --> 04:05.735 parameter at the end of your command, 04:05.735 --> 04:08.495 and it can help you find that service. 04:08.495 --> 04:11.855 That command might look something like Get-Service, 04:11.855 --> 04:14.435 space -name, put the name in, 04:14.435 --> 04:17.880 space, and then -RequiredServices. 04:17.880 --> 04:20.450 Now to find out which services 04:20.450 --> 04:24.425 require the current service we want to look at to run, 04:24.425 --> 04:26.210 so those are services that are 04:26.210 --> 04:28.329 >> dependent on our service, 04:28.329 --> 04:30.870 >> you use the -DependentServices 04:30.870 --> 04:32.330 switch parameter at the end, 04:32.330 --> 04:35.480 just like you would do with a -RequiredServices. 04:35.480 --> 04:38.370 Another useful command is Stop-Service. 04:38.370 --> 04:41.900 Now if we run into an issue where a service is 04:41.900 --> 04:43.820 taking up a lot of resources 04:43.820 --> 04:45.760 or it's crashing or having issues, 04:45.760 --> 04:47.340 we can do Stop-Service. 04:47.340 --> 04:49.040 Once the service is stopped, 04:49.040 --> 04:52.325 you have to start it again in order for it to run. 04:52.325 --> 04:55.440 Once it's stopped, it's not going to do anything. 04:56.060 --> 04:58.835 Usually when you look this up, 04:58.835 --> 05:00.425 you look for it by name. 05:00.425 --> 05:07.535 For example, you might do Stop-Service -Name Spooler. 05:07.535 --> 05:09.425 That's for the printer spooler. 05:09.425 --> 05:12.185 You can also use display name here, 05:12.185 --> 05:14.275 if you know what the DisplayName is. 05:14.275 --> 05:16.640 It's just a little easier to use -Name 05:16.640 --> 05:19.415 because -Name is a shorter version. 05:19.415 --> 05:20.960 Start-Service. 05:20.960 --> 05:22.610 Start-Service will actually start 05:22.610 --> 05:24.020 something that has been stopped. 05:24.020 --> 05:25.670 Now remember when I said stop 05:25.670 --> 05:28.895 services have to be started again in order to run, 05:28.895 --> 05:31.545 so you would use Start-Service to do that. 05:31.545 --> 05:34.280 Works the same way as any other service command 05:34.280 --> 05:37.130 typically requires the -name, 05:37.130 --> 05:40.145 or in some cases you can do DisplayName. 05:40.145 --> 05:42.695 It'll be similar and it would be 05:42.695 --> 05:47.129 Start-Service space -name space 05:47.129 --> 05:49.310 the service name in this case is spooler 05:49.310 --> 05:52.520 because we stopped the spooler in the previous slide. 05:52.520 --> 05:55.070 Suspense-Service. 05:55.070 --> 05:58.520 Now, if you're used to working a task manager, 05:58.520 --> 05:59.810 you're probably used to being able to 05:59.810 --> 06:02.240 right-click and pause certain services. 06:02.240 --> 06:04.520 This is pretty much the same thing, 06:04.520 --> 06:06.995 but instead of pause they use the word suspend. 06:06.995 --> 06:11.100 Suspend-Service pauses the service. 06:11.100 --> 06:12.830 Now one thing to note is not 06:12.830 --> 06:14.990 all services allow you to suspend them, 06:14.990 --> 06:16.040 so when you try to do 06:16.040 --> 06:19.910 the Suspend-Service and use the name, 06:19.910 --> 06:21.620 it'll give you a big old wall of 06:21.620 --> 06:23.840 red text and say, hey, you can't do that. 06:23.840 --> 06:25.790 Now the syntax for this is pretty 06:25.790 --> 06:28.270 much similar to all the other commands, 06:28.270 --> 06:30.990 you use the Suspend-Service space, 06:30.990 --> 06:32.640 and then do -name, 06:32.640 --> 06:35.670 you can also do -DisplayName with this one. 06:35.670 --> 06:37.460 In this case, we did 06:37.460 --> 06:39.590 spooler because we've been using that already, 06:39.590 --> 06:45.625 so we just Suspend-Service -Name Spooler. 06:45.625 --> 06:47.510 Now, Resume-Service. 06:47.510 --> 06:49.190 Once you suspend a service, 06:49.190 --> 06:50.930 it's just going to sit there and not do anything 06:50.930 --> 06:53.285 until you actually start it up again. 06:53.285 --> 06:56.540 In order to start it up again you have to resume it. 06:56.540 --> 07:01.105 You would do Resume-Service -Name, 07:01.105 --> 07:03.830 and then the service name in order to get it to run. 07:03.830 --> 07:05.600 Same syntax pretty much as 07:05.600 --> 07:09.125 all the other service commands typically uses -Name, 07:09.125 --> 07:11.510 but this one is, well, you can do -DisplayName. 07:11.510 --> 07:13.430 In our example here we did 07:13.430 --> 07:17.770 >> Resume-Service -Name Spooler. 07:18.589 --> 07:21.270 >> Restarting a service. 07:21.270 --> 07:23.360 Now, sometimes you don't 07:23.360 --> 07:25.460 want to stop and start a service, 07:25.460 --> 07:27.820 instead you just want to restart it. 07:27.820 --> 07:30.875 This command actually allows you to do that. 07:30.875 --> 07:33.320 This is very useful for services 07:33.320 --> 07:36.160 hanging or having issues or throwing errors. 07:36.160 --> 07:38.990 Uses the same syntax as other service commands, 07:38.990 --> 07:42.155 typically uses -Name to locate the service. 07:42.155 --> 07:44.240 Now one of the more common ones you 07:44.240 --> 07:46.270 run into is the printer spooler, 07:46.270 --> 07:48.530 that sometimes has to be restarted 07:48.530 --> 07:51.125 because things get caught in the printer cash, 07:51.125 --> 07:53.060 and then the printer just doesn't work, 07:53.060 --> 07:55.490 so you have to restart the spooler to get it going. 07:55.490 --> 07:58.100 There's some other ones like DNS and stuff 07:58.100 --> 07:59.210 like that on servers that you 07:59.210 --> 08:00.995 might have to restart as well. 08:00.995 --> 08:07.070 Very simple to do is just Restart-Service -Name, 08:07.070 --> 08:09.425 space, and then the name 08:09.425 --> 08:10.880 here we just did Spooler 08:10.880 --> 08:13.200 because that's what we've been using. 08:13.220 --> 08:16.100 It is now time for us to go ahead and 08:16.100 --> 08:18.920 take a look at what that actually looks like. 08:18.920 --> 08:21.049 Now that we're in PowerShell, 08:21.049 --> 08:22.610 we can go ahead and start to 08:22.610 --> 08:24.620 take a look at what those commands look like. 08:24.620 --> 08:28.940 The first one is Get-Service and we type Get-Service. 08:28.940 --> 08:31.280 [NOISE] You'll notice you get 08:31.280 --> 08:34.460 a huge list of different services. 08:34.460 --> 08:37.865 You'll see a status running, stopped. 08:37.865 --> 08:40.615 You'll see the name, 08:40.615 --> 08:42.450 and then you'll see DisplayName. 08:42.450 --> 08:43.550 If you scroll all the way up, 08:43.550 --> 08:48.245 you can see the actual titles here. 08:48.245 --> 08:51.170 Here's your status, is going to be stopped or running, 08:51.170 --> 08:54.155 the name and the DisplayName. 08:54.155 --> 08:58.565 Now say we want to get a specific service by a name, 08:58.565 --> 09:01.500 we could look for that name. 09:02.840 --> 09:06.860 We would look through our list and it is alphabetical, 09:06.860 --> 09:11.220 so you should be able to find things by alphabet. 09:11.890 --> 09:14.525 Say we want to do the principle, 09:14.525 --> 09:17.010 we're just going to take spooler, 09:18.280 --> 09:29.059 and you do Get-Service -Name. [NOISE] 09:29.059 --> 09:32.540 >> Then it's spooler. 09:33.290 --> 09:36.150 You'll see that you get the information there. 09:36.150 --> 09:38.265 You can also do it by display name. 09:38.265 --> 09:46.410 I can go back and do display name. 09:46.410 --> 09:49.890 The display name is print spooler. 09:49.890 --> 09:54.975 But watch what happens when I do that. 09:54.975 --> 09:59.860 Now that happens if there is a space in the name. 09:59.860 --> 10:02.450 If there's a space in the name, 10:02.550 --> 10:05.990 you're going to have to do quotes. 10:09.860 --> 10:13.215 You see it works perfectly fine when you do that. 10:13.215 --> 10:17.145 The other thing is filtering using the where object. 10:17.145 --> 10:24.830 We can do get-service pipe the where objects. 10:25.830 --> 10:32.125 In this case we want to look at the property of status, 10:32.125 --> 10:36.100 which is that first column then we're going to 10:36.100 --> 10:38.140 do equals because we want to equal to 10:38.140 --> 10:41.270 a specific thing and we're going to do stop. 10:42.000 --> 10:45.670 You get a huge list of different things. 10:45.670 --> 10:50.320 You can see these are all the different stop services. 10:50.320 --> 10:53.050 You can also do that for running. 10:53.050 --> 10:55.570 You can also do the property of name 10:55.570 --> 10:58.150 and display name and do equals. 10:58.150 --> 11:00.730 However, there's already 11:00.730 --> 11:05.515 a dash display name and a dash name, as you can see. 11:05.515 --> 11:07.000 You don't necessarily have to do 11:07.000 --> 11:09.410 the where object in that case. 11:12.240 --> 11:15.925 The next thing is name and display name. 11:15.925 --> 11:18.470 As you see here, 11:19.020 --> 11:22.915 you can do display name and you can do name. 11:22.915 --> 11:25.060 Now, again, if you're doing 11:25.060 --> 11:27.760 a service and it has a space in it, 11:27.760 --> 11:30.710 you want to use a quote. 11:32.850 --> 11:36.910 In addition to being able to use get-service to find 11:36.910 --> 11:38.770 out information about all services 11:38.770 --> 11:40.435 and specific services, 11:40.435 --> 11:44.035 you could also get required independent services. 11:44.035 --> 11:46.930 Say for example, we wanted to find 11:46.930 --> 11:53.680 out what services spooler needed to run. 11:53.680 --> 11:56.170 Spooler is running and we need to 11:56.170 --> 11:58.360 know what it requires to run. 11:58.360 --> 12:00.385 We do get-service, 12:00.385 --> 12:03.490 then we do name spooler, 12:03.490 --> 12:08.720 that's the printer spooler and required services, 12:09.600 --> 12:12.610 and you get a list of services that are 12:12.610 --> 12:15.430 required in order to first spooler to run. 12:15.430 --> 12:18.940 If our RPC or a remote procedure call and our HTTP 12:18.940 --> 12:23.050 services are not running, guess what? 12:23.050 --> 12:24.130 Spooler's are not going to run 12:24.130 --> 12:26.050 either because it requires service. 12:26.050 --> 12:27.730 We can also find out 12:27.730 --> 12:31.540 what services are dependent on spooler, 12:31.540 --> 12:35.965 meaning which services actually 12:35.965 --> 12:39.955 need to have a spooler running in order to run. 12:39.955 --> 12:46.580 We do dependent services. 12:47.100 --> 12:50.995 Of course, spelling does count. 12:50.995 --> 12:53.170 You will notice too though, 12:53.170 --> 12:55.720 that the capitalization doesn't matter here. 12:55.720 --> 12:57.190 This particular module doesn't 12:57.190 --> 12:59.350 really care about capitalization. 12:59.350 --> 13:01.360 But if I do dependent services, 13:01.360 --> 13:03.340 we see that the facts has to have 13:03.340 --> 13:05.905 the printer spooler running in order to work. 13:05.905 --> 13:08.200 That makes sense because 13:08.200 --> 13:09.250 the facts and the printer 13:09.250 --> 13:11.960 usually do a lot of stuff together. 13:14.340 --> 13:17.050 The next thing we want to look at in 13:17.050 --> 13:19.120 stop and starting services. 13:19.120 --> 13:22.555 stop-services stops a service completely. 13:22.555 --> 13:29.965 If we do stop-service and we do spooler, 13:29.965 --> 13:32.680 we don't get anything that 13:32.680 --> 13:34.915 comes up to tell us it's stopped. 13:34.915 --> 13:40.760 But if we did get service and we will look at spooler, 13:40.950 --> 13:44.830 we'll see that the spooler is stopped. 13:44.830 --> 13:46.300 Now, it's going to stay in 13:46.300 --> 13:47.410 that state unless you tell it 13:47.410 --> 13:48.564 >> to do something different. 13:48.564 --> 13:51.740 >> We have to do start-service 13:53.460 --> 13:56.930 in order to get it running again. 14:02.630 --> 14:08.140 Now it's running again. In addition 14:08.140 --> 14:10.000 to starting and stopping services, 14:10.000 --> 14:13.285 we can also pause and resume them. 14:13.285 --> 14:15.760 Now, PowerShell uses 14:15.760 --> 14:18.940 a little bit different language [inaudible] suspend. 14:18.940 --> 14:26.095 You' do suspend-service and then you do name spooler. 14:26.095 --> 14:27.985 We got red text. 14:27.985 --> 14:30.160 Remember when I was talking the PowerPoint about 14:30.160 --> 14:35.950 how some services you can't pause and you can't resume. 14:35.950 --> 14:38.770 For example, here our spooler you 14:38.770 --> 14:42.900 can't pause and you'll get that error. 14:42.900 --> 14:45.690 You'll see that it says it cannot 14:45.690 --> 14:49.095 be suspended due to the error. 14:49.095 --> 14:53.570 Cannot pause spooler service on computer. 14:53.570 --> 14:55.600 That means hey, you can't 14:55.600 --> 14:58.405 use pause for that particular service. 14:58.405 --> 15:01.510 Now if you had suspended the service, 15:01.510 --> 15:05.080 it will show up as suspended and then you could do 15:05.080 --> 15:11.050 resume-service name, and then the name. 15:11.050 --> 15:12.280 Now notice you get an error 15:12.280 --> 15:13.630 here again because we use spooler, 15:13.630 --> 15:16.225 you can't positive resume spooler. 15:16.225 --> 15:17.950 Now one thing you can do with 15:17.950 --> 15:22.375 spooler is you can restart it. 15:22.375 --> 15:28.670 You can do restart-service-name spooler, 15:29.130 --> 15:31.720 and you don't notice anything. 15:31.720 --> 15:33.970 Same thing happens in task manager, 15:33.970 --> 15:35.425 you don't really notice anything. 15:35.425 --> 15:39.295 It just starts up again after it stops. 15:39.295 --> 15:40.900 If we get spooler, 15:40.900 --> 15:42.760 we'll see that it is now running. 15:42.760 --> 15:44.770 The restart service usually is 15:44.770 --> 15:48.650 fairly quick depending on the service. 15:50.520 --> 15:54.700 Now that we've had a chance to do our demo, 15:54.700 --> 15:57.760 it is post assessment time. 15:57.760 --> 15:59.815 For this post assessment, 15:59.815 --> 16:02.065 we want to know if you suspended a service, 16:02.065 --> 16:04.090 how would you start it up again? 16:04.090 --> 16:06.385 Would you do a restart-service, 16:06.385 --> 16:08.365 would you do a start-service, 16:08.365 --> 16:10.495 would you do a suspend-service, 16:10.495 --> 16:13.930 or would you do a resume-service? 16:13.930 --> 16:15.490 I'll give you a few moments. 16:15.490 --> 16:16.600 You can pause if you want, 16:16.600 --> 16:18.740 and then we'll get the answer. 16:22.230 --> 16:26.035 The answer is D, resume-service. 16:26.035 --> 16:28.300 Once a service is suspended, 16:28.300 --> 16:29.530 you're going to want to resume 16:29.530 --> 16:31.940 it to start it running again. 16:32.730 --> 16:35.050 That's it for this video, 16:35.050 --> 16:38.090 we talked about working with services.