Each PowerShell script can be converted into a real Windows service that runs in the background and runs automatically when the server is started.
You can create a Windows service using the tools srvany.exe or instsrv.exe (from the Windows Server Resource 2003 kit), which allows you to run the powershell.exe process with a parameter that contains the path to your PS1 script file.
The main disadvantage of creating a service using this method is that srvany.exe does not check the execution status of the PowerShell script. Therefore, if the application crashes, the service cannot detect it and continues to run. To create a Windows service from a file using a PowerShell script, in this article we use the NSSM (Non-Sucking Service Manager) toolkit, which does not have the above mentioned flaws.
You can download and install NSSM manually or with Chocolatey. Install the Choco yourself first:
Set-ExecutionPolicy Bypass -Scope Process -Force; `
iex ( New-Object System.Net.WebClient).DownloadString (‘https://chocolatey.org/install.ps1’)).
Then install the NSSM package :
installation choco nssm
In this example, we follow the changes in a certain group of Active Directory in real time and notify the security administrator via a context-sensitive notification and e-mail.
So we have a PowerShell code that we have to save in a PS1 file. Let’s add an infinite loop that checks every minute:
while ($true) {
#Your PS code
Start-Sleep -Seconds 60
} Of course, you can create a separate task in the task scheduler to implement such a scenario. But if you need to react to changes in real time, a separate maintenance method is preferable.
You can create the service using a PowerShell script by using NSSM directly in PowerShell:
Source
$NewServiceName = CheckADGroup
$PoShPath= (Get-Command powershell).Source
$PoShScriptPath = C:psCheckADGroupcheckad.ps1
$args = ‘-ExecutionPolicy Bypass -NoProfile -File {0}’ -f $PoShScriptPath
and $NSSMPath install $NewServiceName $PoShPath $args
and $NSSMPath status $NewServiceName
Start your new service:
Start the service $New service name
Check the maintenance status in PowerShell :
Get a service $New service name
So you’ve created and launched your new Windows service. Make sure it is displayed in the service management console (.msc services).
CheckADGroup has appeared, has been configured to run automatically and is currently running. As you can see, your PowerShell script is executed as part of the nssm.exe process.
Note that the service runs under the system account. If you use other modules in your PowerShell scripts (in my case, Get-ADGroupMember from Active Directory for Windows PowerShell is used to retrieve the list of members of the domain’s security group), this account must have access to PS module files and AD login rights (in my case). You can also run this service under another domain account (or gMSA account) and allow users to stop/restart the service if they do not have local administrator rights.
To allow the service to display notifications during a user session, select Allow the service to communicate with the desktop on the Connection tab. For Windows 10 and Windows Server 2012 R2/2016, change the parameter DWORD NoInteractiveServices in the HKEY_LOCAL_MACHINESystemCurrentControlSetControlWindows registry key to 0 and start the service for detecting interactive services:
Start the service – name ui0detect
However, the interactive services discovery service has been completely removed from Windows 10 build 1803, and you cannot switch to session 0. In this way, the notification windows are not displayed in the system account.
Use this command to change the service description:
& $NSSMPath set $NewServiceName Description Tracking changes in the AD group
To delete a service you have created, use the sc delete command or
Deletion of the nssm control group
Related Tags:
windows service engine,alwaysup powershell,firedaemon powershell,run powershell script continuously,powershell service wrapper,run script as service windows,powershell new service run ps1,run powershell command continuously,powershell polaris,install nssm,continuous powershell script,powershell create window,powershell install windows service remotely,powergui compile script into service,how to write a windows service in powershell,nssm download,nssm,create windows service to run powershell script,windows service start powershell script,execute powershell from windows service,nssm powershell script,keep powershell script running,powershell repeat command every 5 seconds,powershell run nssm