A Better Way to Start and Stop Netwrix Auditor Services
This script is intended to assist network administrators who utilize Netwrix Auditor in their environment, to better control service startup and shutdown. To learn more about why I built this script, please read this post over on my blog, syntaxbearror.io.
How it Works
This script retrieves all running Netwrix services and documents them to a file. It then stops the services one-by-one and sets the service to disabled to prevent it from starting up automatically on the next reboot.
When you are ready to start the Netwrix services back up, the script attempts to access the file it initially created, to get the list of services it modified. If the list is not available, it will retrieve the Netwrix services configured as disabled, and then start those services up and set them to automatic startup. Since Netwrix by default sets services not in use to manual, this avoids us from starting any services not intended to be run.
The script generates a transcript log for review and saves it to the same location as the script.
How to Use
- Copy and Paste the below script in your favorite notepad program and save it as netwrix_svcmgmt.ps1.
- Place the script in your favorite scripts folder on the server hosting your Netwrix Server Application.
- Run it using one of the following commands:
- .\netwrix_svcmgmt.ps1 -mode stop to gracefully stop all the services and prevent them from starting on reboot.
- .\netwrix_svcmgmt.ps1 -mode start to start all the services.
- Enjoy!
Have any issues with this script? Please let me know!
# -----------------------------------------------------------------
# Netwrix Service Management
# Created by: Christopher Clai (www.syntaxbearror.io / www.pshell.dev)
# -----------------------------------------------------------------
# Version 1.0 (September 3rd, 2019)
# -----------------------------------------------------------------
#
### Description
# The purpose of this script is to provide manual controls to start and stop the Netwrix related
# services gracefully for maintenance purposes to reduce the occurence of errors logged in Netwrix
# and maintain healthy log collection activity.
#
# If you utilize this script, consider reducing the time between collections to ensure you don't
# miss any important data!
#
#
#
### Example of running the script:
# .\netwrix_svcmgmt.ps1 -mode [start|stop] (Choose whether we are starting or stopping the services)
#
#
#
# ##### CHANGELOG ########
# Version 1.0
# - Created
#
#
# -----
# DO NOT EDIT ANYTHING BELOW THIS LINE
# -----
# Retrieve parameters
param (
[Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True,HelpMessage='Do you want to start, or stop, all Netwrix related services?')]
$mode
)
# Define other parameters
# Defining the wait time in seconds between service actions
$wtm = "3"
# Name of the text file we write containing services. This is our preferred method for starting services.
$srvlist = "netwrix_servmgt_services.txt"
# Name of the transcript file we write and append to as a ongoing log of activity.
$scrlog = "netwrix_srvmgt_log.txt"
# Start a transcript to record our actions.
Start-Transcript -Path $scrlog -Append
# Let's take some actions based on the mode
if($mode -eq "start") {
# We need to start the services. Let's do that!
if( -not (Test-Path $srvlist)){
# The file does not exist. We must assume disabled services are the ones we want :(. I hate assuming.
Write-Host "Retrieved services via service scan...`r`n"
$servname = Get-Service | where {($_.DisplayName -like "Netwrix*") -and ($_.StartType -eq "Disabled")} | Select-object -ExpandProperty DisplayName | Out-String -Stream
}
else
{
# The file exists, let's load it! Yay, no assumptions!
Write-Host "Retrieved services via file...`r`n"
$servname = Get-Content -Path $srvlist
}
# Verify we have services in the array before we continue.
# Start service array loop.
if (!$servname) {
# We don't. ABORT!
Write-Host "Something went wrong. The service list is blank! If you have an existing service text file in the directory, please delete it and try again. If this still fails, you'll have to manually handle the services. Use the transcript for record of what services were stopped earlier.`r`n" -ForegroundColor Red
Write-Host "Script Exiting.`r`n" -ForegroundColor Yellow
exit
}
else
{
# We have services in the array, let's continue!
#Tell the user what we're about to do.
Write-Host "The following Netwrix services were identifed as needing to be started from our last action...`r`n" -ForegroundColor Yellow
Write-Host $servname -ForegroundColor White -Separator "`n"
Write-Host "`r`n" #adding a line space
Write-Host "Starting services process...`r`n" -ForegroundColor Yellow
# Start Service Start Loop
ForEach ($serv in $servname) {
# Let's retrieve the service information
$tgt = Get-Service -DisplayName $serv
# Start loop to check service status
While ($tgt.Status -ne 'Running') {
# We must alter the service StartupType first.
# Set to disabled to prevent automatic startup
Write-Host "Configuring service to start on next reboot...`r`n" -ForegroundColor Yellow
Set-Service -Name $tgt.Name -StartupType Automatic
# Let's verify the service modification
$tgt = Get-Service -DisplayName $serv
if ($tgt.StartType -eq 'Automatic') {
# We were successful!
Write-Host "Service modification completed sucessfully.`r`n" -ForegroundColor Green
# Now we can start the service.
Start-Service -DisplayName $serv -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
Write-Host $serv "is" $tgt.status "`n"
Write-Host "Allowing time for service to start...`r`n" -ForegroundColor Yellow
Start-Sleep -seconds $wtm
$tgt = Get-Service -DisplayName $serv
# Start verify running state loop
if ($tgt.Status -eq 'Running') {
#Service is now started
Write-Host "Service is started succesfully.`r`n" -ForegroundColor Green
# End verify running state loop
}
} else {
#We were not successful. :(
Write-Host "Failed to modify service. This service may start on next boot. SERVICE NOT STARTED. Check services console directly.`r`n" -ForegroundColor Red
# End verify service modification loop
}
# End Service Status Loop
}
# End Service Start Loop
}
# End service array loop.
}
# End start mode. Begin stop mode.
}
elseif ($mode -eq "stop") {
# These are what we are doing when we stop the services
Write-Host "Documenting the services set to automatic...`r`n"
$servname = Get-Service | where {($_.DisplayName -like "Netwrix*") -and ($_.Status -eq "Running")} | Select-object -ExpandProperty DisplayName | Out-String -Stream
# Write our results to the file
$servname | Out-File -FilePath $srvlist
#Tell the user what we're about to do.
Write-Host "The following Netwrix services were identified as running and will be stopped...`r`n" -ForegroundColor Yellow
Write-Host $servname -ForegroundColor White -Separator "`n"
Write-Host "`r`n" #adding a line space
Write-Host "Starting services process...`r`n" -ForegroundColor Yellow
# Begin service loop to stop the identified services.
ForEach ($serv in $servname) {
# Let's retrieve the service information
$tgt = Get-Service -DisplayName $serv
# Start loop to check service status
While ($tgt.Status -ne 'Stopped') {
Stop-Service -DisplayName $serv -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
Write-Host $serv "is" $tgt.status "`n"
Write-Host "Allowing time for service to stop gracefully...`r`n" -ForegroundColor Yellow
Start-Sleep -seconds $wtm
$tgt = Get-Service -DisplayName $serv
# Start verify stopped state loop
if ($tgt.Status -eq 'Stopped') {
#Service is now stopped
Write-Host "Service is stopped succesfully.`r`n" -ForegroundColor Green
# Set to disabled to prevent automatic startup
Write-Host "Configuring service not to start on next reboot...`r`n" -ForegroundColor Yellow
Set-Service -Name $tgt.Name -StartupType Disabled
# Let's verify the service modification
$tgt = Get-Service -DisplayName $serv
if ($tgt.StartType -eq 'Disabled') {
# We were successful!
Write-Host "Completed.`r`n" -ForegroundColor Green
} else {
#We were not successful. :(
Write-Host "Failed to modify service. This service may start on next boot.`r`n" -ForegroundColor Red
# End verify service modification loop
}
# End verify stopped state loop
}
# End loop to check service status.
}
# End service loop
}
# End stop. What about if undefined?
}
else {
# We have no mode, we cannot assume. End the script!
Write-Host "Mode not defined. Cannot continue.`r`n" -ForegroundColor Red
exit
}
# That's all. Let's end the transcript!
Stop-Transcript
Thanks! this worked perfectly on my netwrix host and saved me loads of time!