Service Build - v5

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 5 years and 11 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
rgaines
Posts: 3
Last visit: Thu Jan 18, 2024 8:58 am

Service Build - v5

Post by rgaines »

I have built a PowerShell script that listens for security events and sends them to a SUMO Collector and writes to a custom event log.
It runs well from within PoweShell Studio 2018; it runs the same from PowerShell v5; but one I create the service and install it; it doesn't
write to the event log, send the UDP message, or write to the csv file.

The service was created with a manifest with elevated privileges and runs using Local System. What would stop the service from :
1) writing to the event logs
2) writing to a local file
3) sending UDP messages
Reba Gaines
678-449-9080
reba.gaines@fhtechllc.com
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Service Build - v5

Post by jvierra »

Permissions and firewall settings.
User avatar
Alexander Riedel
Posts: 8479
Last visit: Thu Mar 28, 2024 9:29 am
Answers: 19
Been upvoted: 37 times

Re: Service Build - v5

Post by Alexander Riedel »

First and foremost, you should not use an elevation manifest for a service. A service already runs at the highest level (assuming system account), so it is completely unnecessary. I would venture a guess that your service is not even starting, but since you are not providing any information on that. If you used our service packager engines, any write-host call would write to the event log, so I suggest to do that in Start-MyService so see if the service actually ever starts.
Alexander Riedel
SAPIEN Technologies, Inc.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Service Build - v5

Post by jvierra »

The event log should have events for the start and any failures to start even if you do not place any "Write-Host" cpmmands in the service. This is the default behavior for a service.
User avatar
Alexander Riedel
Posts: 8479
Last visit: Thu Mar 28, 2024 9:29 am
Answers: 19
Been upvoted: 37 times

Re: Service Build - v5

Post by Alexander Riedel »

Yes, James is correct. You should see that in the event log.
Alexander Riedel
SAPIEN Technologies, Inc.
This topic is 5 years and 11 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked