Determine the Start Time of a Windows Service with PowerShell

Recently, I was asked to setup a scheduled task or job to restart specific services on certain servers each night and while that’s simple, how do you know for sure the services were indeed restarted? One way is to determine how long a service has been running or when they were started. The dilemma is the necessary information isn’t available using the Get-Service cmdlet or with CIM or WMI using the Get-CimInstance or Get-WmiObject cmdlets with the Win32_Service class.

The good news is that every Windows service that’s running has an underlying process and the start time of a process can be determined with either the Get-Process cmdlet or the WMI Win32_Process class. All you have to do us match up the services to the corresponding process.

Get-Service doesn’t include the process id so I had to resort to using WMI to retrieve the service information so the process id can be retrieved. A PowerShell one-liner can be used to retrieve the information I was looking for.

That one-liner could simply be run inside of Invoke-Command to retrieve the same information from remote systems, but I decided to turn it into a function instead. My first iteration was simple:

When adding remoting within the function itself, I ran into a problem where the services were retrieved from the remote system, but it was trying to match them up to local processes so a little rework was required.

In the end, I decided to use CIM sessions for remote connectivity so the part of the function which previously used the Get-Process cmdlet was changed to use Get-CimInstance with the Win32_Process class.

I also ran into a problem where all of the systems were being queried for the process id of every service instead of just the ones running on that particular system. I narrowed down which CIM sessions were being queried which resolved that problem.

Although this function requires PowerShell 3.0 or higher on the system it’s being run from, since I chose to use CIM sessions for remote connectivity instead of simply wrapping the commands inside of PowerShell remoting, I’m able to target machines using either WSMan or DCom. For more information on that topic, see my “Targeting Down Level Clients with the Get-CimInstance PowerShell Cmdlet” blog article.

The previous example takes advantage of my New-MrCimSession function which automatically determines if a system is able to use WSMan otherwise it automatically falls back to using DCom. More information about that function can be found in my “PowerShell Function to Create CimSessions to Remote Computers with Fallback to Dcom” blog article.

The Get-MrService function shown in this blog article can be downloaded from my PowerShell repository on GitHub.



  1. john

    Hi mike, do you handle for services that do not stop and need to be killed? I was just tasked with something similar and always like to see how people handle certain situations.

  2. Dan

    outstanding Sir


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: