Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / PowerShell / Running PowerShell Script (*.PS1) as a Windows Service

November 27, 2019 PowerShell

Running PowerShell Script (*.PS1) as a Windows Service

Any PowerShell script can be transformed to a real Windows service that runs in the background and starts automatically during your server boot. You can create a Windows service using srvany.exe or instsrv.exe tools (from Windows Server Resource 2003 Kit) which allow you to run the powershell.exe process with a parameter that contains the path to your PS1 script file.

The main disadvantage of creating a service using this method is that srvany.exe does not control a PowerShell script execution state, and if the app crashes (hangs up), the service does not see it and goes on working. To create a Windows service from a file that contains a PowerShell script, in this article we will use the NSSM (Non-Sucking Service Manager) toolkit, which does not demonstrate the above mentioned disadvantages.

You can download and install NSSM manually or using Chocolatey. Firstly, install Choco itself:

Set-ExecutionPolicy Bypass -Scope Process -Force; `
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

Then install the NSSM package:

choco install nssm

In this example, we will track the changes in a specific Active Directory group in real time and inform a security administrator using a pop-up notification and e-mail (the script is given in this article) .

So, we have a PowerShell code that needs to be saved as a PS1 file. Let’s add an infinite loop that performs a check every minute:

while($true) {
#Your PS code
Start-Sleep –Seconds 60
}

Of course, to implement such a scenario you can create a separate task in the Task Scheduler. But if you have to respond to changes in real time, the separate service method is better.

You can create a service from a PowerShell script using NSSM directly from PowerShell:

$NSSMPath = (Get-Command "C:\ps\nssm\win64\nssm.exe").Source
$NewServiceName = “CheckADGroup”
$PoShPath= (Get-Command powershell).Source
$PoShScriptPath = “C:\ps\CheckADGroup\checkad.ps1”
$args = '-ExecutionPolicy Bypass -NoProfile -File "{0}"' -f $PoShScriptPath
& $NSSMPath install $NewServiceName $PoShPath $args
& $NSSMPath status $NewServiceName

Start your new service:

Start-Service $NewServiceName

Check the service status in PowerShell:

Get-Service $NewServiceName

running powershell script as a windows service

So you have created and started your new Windows service. Make sure that it has appeared in the services management console (services.msc).

CheckADGroup has appeared, it is configured to start automatically and is currently running. As you can see, your PowerShell script is running inside the nssm.exe process.

windows service from a powershell script using nnm

Please note that the service is running under the System account. If you use other modules in your PowerShell scripts (in my case, Get-ADGroupMember from Active Directory for Windows PowerShell is used to get the list of members in the domain security group), this account must have access to the PS module files and AD connection permissions (in my case). You can also start this service under another domain account (or a gMSA account) and allow users to stop/restart the service if they do not have local admin rights.

In order the service can show notifications in a user session enable the Allow service to interact with desktop option on the Log on tab.

To make it work in Windows 10 and Windows Server 2012 R2/2016, change the DWORD NoInteractiveServices parameter value in the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Windows to 0 and run the Interactive Services Detection Service:

Start-Service -Name ui0detect

However, Interactive Services Detection Service has been completely removed from Windows 10 build 1803, and you won’t be able to switch to Session 0. So you won’t see the notification windows displayed under System account.

You can change the service description using this command:

& $NSSMPath set $NewServiceName description “Monitoring of AD group changes”

To remove the service you have created, use the sc delete command or:

nssm remove CheckADGroup

nssm remove powershell service

0 comment
2
Facebook Twitter Google + Pinterest
previous post
Creating Multiple Partitions on a USB Drive in Windows 10
next post
Windows 10 Install Error 0x80300024

Related Reading

How to Sign a PowerShell Script (PS1) with...

February 25, 2021

Configuring PowerShell Script Execution Policy

February 18, 2021

Updating Group Policy Settings on Windows Domain Computers

February 16, 2021

How to Find Inactive Computers and Users in...

January 29, 2021

Checking User Logon History in Active Directory Domain...

January 22, 2021

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • Accessing USB Flash Drive from VMWare ESXi

    February 26, 2021
  • How to Sign a PowerShell Script (PS1) with a Code Signing Certificate?

    February 25, 2021
  • Change the Default Port Number (TCP/1433) for a MS SQL Server Instance

    February 24, 2021
  • How to Shadow (Remote Control) a User’s RDP session on RDS Windows Server 2016/2019?

    February 22, 2021
  • Configuring PowerShell Script Execution Policy

    February 18, 2021
  • Configuring Proxy Settings on Windows Using Group Policy Preferences

    February 17, 2021
  • Updating Group Policy Settings on Windows Domain Computers

    February 16, 2021
  • Managing Administrative Shares (Admin$, IPC$, C$, D$) in Windows 10

    February 11, 2021
  • Packet Monitor (PktMon) – Built-in Packet Sniffer in Windows 10

    February 10, 2021
  • Fixing “Winload.efi is Missing or Contains Errors” in Windows 10

    February 5, 2021

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Install RSAT Feature on Demand on Windows 10 1809 and Later
  • Get-ADUser: Getting Active Directory Users Info via PowerShell
  • How to Create a UEFI Bootable USB Drive to Install Windows 10 or 7?
  • Get-ADComputer: Find Computer Details in Active Directory with PowerShell
  • Managing Printers and Drivers with PowerShell in Windows 10 / Server 2016
  • How to Find the Source of Account Lockouts in Active Directory domain?
  • PSWindowsUpdate: Managing Windows Updates from PowerShell
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top