none
Service logon account password change with WMI win32_service class, exit code 22 RRS feed

  • Question

  • Hi All,

    I am trying to change the password of a service with win32_service class and I am getting error code 22.

    The account is in the local administrators group and also has a logon as a service right. 

    Any help what I am missing. Code and output below

        
    
    $obj = Get-WmiObject win32_service |
                            where { $_.Name -eq 'ServiceName' }
    
    $user = 'domain\user'
    $plainpassword = '******'
    
     $obj.Change(
                            $null,
                            $null,
                            $null,
                            $null,
                            $null,
                            $User,
                            $PlainPassword,
                            $null,
                            $null,
                            $null
                    )

    Error:

    __GENUS          : 2
    __CLASS          : __PARAMETERS
    __SUPERCLASS     :
    __DYNASTY        : __PARAMETERS
    __RELPATH        :
    __PROPERTY_COUNT : 1
    __DERIVATION     : {}
    __SERVER         :
    __NAMESPACE      :
    __PATH           :
    ReturnValue      : 22
    PSComputerName   :

    Thank you in advance


    If you find this helpful, kindly mark as answer. If you have any queries, please post back as a reply. Will look forward to your feedback. Thanking You Soumyajyoti Biswas

    Friday, March 10, 2017 5:38 AM

Answers

  • $DisplayName,$PathName,$ServiceType,$ErrorControl,$StartMode,$DesktopInteract,$StartName,$StartPassword,$LoadOrderGroup,$LoadOrderGroupDependencies,$ServiceDependencies = $null
    # local accounts prefaced by ".\"
    $startName = '.\accountid'
    $startPassword = 'Pass@Word'
    $service = Get-WmiObject win32_service -Filter "Name = 'SQLWriter'"
    
    $service.Change(
    				$DisplayName,
    				$PathName,
    				$ServiceType,
    				$ErrorControl,
    				$StartMode,
    				$DesktopInteract,
    				$StartName,
    				$StartPassword,
    				$LoadOrderGroup,
    				$LoadOrderGroupDependencies,
    				$ServiceDependencies
    )
    


    \_(ツ)_/

    Friday, March 10, 2017 8:01 AM

All replies

  • $DisplayName,$PathName,$ServiceType,$ErrorControl,$StartMode,$DesktopInteract,$StartName,$StartPassword,$LoadOrderGroup,$LoadOrderGroupDependencies,$ServiceDependencies = $null
    # local accounts prefaced by ".\"
    $startName = '.\accountid'
    $startPassword = 'Pass@Word'
    $service = Get-WmiObject win32_service -Filter "Name = 'SQLWriter'"
    
    $service.Change(
    				$DisplayName,
    				$PathName,
    				$ServiceType,
    				$ErrorControl,
    				$StartMode,
    				$DesktopInteract,
    				$StartName,
    				$StartPassword,
    				$LoadOrderGroup,
    				$LoadOrderGroupDependencies,
    				$ServiceDependencies
    )
    


    \_(ツ)_/

    Friday, March 10, 2017 8:01 AM
  • Found this in the junk box.
    function Set-Service2{
    <#
    	.PARAMETER ServiceName
    		The service to be changed
    		
    	.PARAMETER Restart
    		Attempt to stop and restart the service
    	
    	.EXAMPLE
    		Set-Service2 -ServiceName $ServiceName
    		Set-Service2 -ServiceName SQLWriter -StartName LocalSystem -Restart
    		Set-Service2 -ServiceName SQLWriter -StartName testuser -Restart -StartPassword 'Pass@Word'
    	
    	.NOTES
    		See Microsft link for error codes (returnValue)
    	.LINK
    		https://msdn.microsoft.com/en-us/library/aa384901(v=vs.85).aspx
    #>
    	Param(
    		[Parameter(Mandatory)]
    		[string]$ServiceName,
    		$DisplayName,
    		$PathName,
    		$ServiceType,
    		$ErrorControl,
    		$StartMode,
    		$DesktopInteract,
    		$StartName, # local accounts prefaced by ".\"
    		$StartPassword,
    		$LoadOrderGroup,
    		$LoadOrderGroupDependencies,
    		$ServiceDependencies,
    		[switch]$Restart
    	)
    	if($StartName){
    		if($StartName -notmatch '\\'){
    			if($StartPassword -or $StartName -eq 'LocalSystem'){
    				$StartName = ".\$StartName"
    				Write-Verbose $StartName
                }else{
    				Write-Error 'Password cannot be $null'
    return } } } $service = Get-WmiObject win32_service -Filter "Name = '$ServiceName'" $result = $service.Change( $DisplayName, $PathName, $ServiceType, $ErrorControl, $StartMode, $DesktopInteract, $StartName, $StartPassword, $LoadOrderGroup, $LoadOrderGroupDependencies, $ServiceDependencies ) if($result.returnValue -ne 0){ Write-Error ('Service Change failed:' + $result.returnValue) return } if($Restart){ if($service.Started){ $result = $service.StopService() if($result.returnValue -ne 0){ return ("StopService reported:" + $result.returnValue) } } $result = $service.StartService() if ($result.returnValue -eq 0) { Write-Verbose 'Service started' }else{ Write-Error ('Service Start failed:'+$result.returnValue) } } } #local accounts Set-Service2 -ServiceName SQLWriter -StartName LocalSystem -Restart Set-Service2 -ServiceName SQLWriter -StartName testuser -Restart -StartPassword 'Pass@Word' # domain accounts Set-Service2 -ServiceName SQLWriter -StartName domain\testuser -Restart -StartPassword 'Pass@Word'


    \_(ツ)_/




    • Edited by jrv Friday, March 10, 2017 9:10 AM
    Friday, March 10, 2017 8:50 AM
  • Hi Jrv,

    Thank you for your reply.

    But I am using a domain account which is added in the local administrators group.

    So the account is "DOMAIN\USER" for my case. And it throws an error.

    Adding via services.msc works


    If you find this helpful, kindly mark as answer. If you have any queries, please post back as a reply. Will look forward to your feedback. Thanking You Soumyajyoti Biswas

    Friday, March 10, 2017 1:21 PM
  • It needs to have run as service.


    \_(ツ)_/

    Friday, March 10, 2017 1:26 PM
  • The account is added as logon as service in local group policy. I checked that one.

    If you find this helpful, kindly mark as answer. If you have any queries, please post back as a reply. Will look forward to your feedback. Thanking You Soumyajyoti Biswas

    Friday, March 10, 2017 1:27 PM
  • Can't be used remotely.  You cannot authenticate a domain account through a remote connection.

    I have run this many times on my systems and it works as expected.  You must be running elevated to use it.


    \_(ツ)_/

    Friday, March 10, 2017 1:37 PM
  • I was an idiot. See the code there. It has one field less in the change method. There would be a null there


    If you find this helpful, kindly mark as answer. If you have any queries, please post back as a reply. Will look forward to your feedback. Thanking You Soumyajyoti Biswas

    Friday, March 10, 2017 2:01 PM
  • Thank you for all the help as always

    If you find this helpful, kindly mark as answer. If you have any queries, please post back as a reply. Will look forward to your feedback. Thanking You Soumyajyoti Biswas

    Friday, March 10, 2017 2:02 PM