Service Build - v5

Ask your Windows PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
rgaines
Posts: 1
Joined: Mon Mar 05, 2018 6:36 pm
Contact:

Service Build - v5

Post by rgaines » Thu Apr 19, 2018 1:45 pm

I have built a PowerShell script that listens for security events and sends them to a SUMO Collector and writes to a custom event log.
It runs well from within PoweShell Studio 2018; it runs the same from PowerShell v5; but one I create the service and install it; it doesn't
write to the event log, send the UDP message, or write to the csv file.

The service was created with a manifest with elevated privileges and runs using Local System. What would stop the service from :
1) writing to the event logs
2) writing to a local file
3) sending UDP messages
Reba Gaines
678-449-9080
reba.gaines@fhtechllc.com

User avatar
jvierra
Posts: 12774
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Service Build - v5

Post by jvierra » Thu Apr 19, 2018 2:03 pm

Permissions and firewall settings.

User avatar
Alexander Riedel
Posts: 6671
Joined: Tue May 29, 2007 4:43 pm

Re: Service Build - v5

Post by Alexander Riedel » Thu Apr 19, 2018 3:47 pm

First and foremost, you should not use an elevation manifest for a service. A service already runs at the highest level (assuming system account), so it is completely unnecessary. I would venture a guess that your service is not even starting, but since you are not providing any information on that. If you used our service packager engines, any write-host call would write to the event log, so I suggest to do that in Start-MyService so see if the service actually ever starts.
Alexander Riedel
SAPIEN Technologies, Inc.

User avatar
jvierra
Posts: 12774
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Service Build - v5

Post by jvierra » Thu Apr 19, 2018 3:52 pm

The event log should have events for the start and any failures to start even if you do not place any "Write-Host" cpmmands in the service. This is the default behavior for a service.

User avatar
Alexander Riedel
Posts: 6671
Joined: Tue May 29, 2007 4:43 pm

Re: Service Build - v5

Post by Alexander Riedel » Thu Apr 19, 2018 10:13 pm

Yes, James is correct. You should see that in the event log.
Alexander Riedel
SAPIEN Technologies, Inc.

Locked