CDPUserSvc、WpnUserService、ConsentUxUserSvc等服务在services.msc服务列表里是以马甲服务呈现的,比如下图中的
CDPUserSvc_bd150
WpnUserService_bd150
ConsentUxUserSvc_bd150
代码语言:powershell复制Get-Service CDPUserSvc | ft -auto
Get-Service | Where-Object { $_.Name -like "CDPUserSvc*" } | ForEach-Object { $_ | Select-Object Name, Status, @{Name='StartMode';Expression={(Get-WmiObject -Class Win32_Service -Filter "Name='$($_.Name)'").StartMode}} } | ft -auto
Get-Service WpnUserService | ft -auto
Get-Service | Where-Object { $_.Name -like "WpnUserService*" } | ForEach-Object { $_ | Select-Object Name, Status, @{Name='StartMode';Expression={(Get-WmiObject -Class Win32_Service -Filter "Name='$($_.Name)'").StartMode}} } | ft -auto
Get-Service ConsentUxUserSvc | ft -auto
Get-Service | Where-Object { $_.Name -like "ConsentUxUserSvc*" } | ForEach-Object { $_ | Select-Object Name, Status, @{Name='StartMode';Expression={(Get-WmiObject -Class Win32_Service -Filter "Name='$($_.Name)'").StartMode}} } | ft -auto
尾部的_xxxxx,不同机器不同系统可能不同
CDPUserSvc_10d5f7
WpnUserService_10d5f7
ConsentUxUserSvc_10d5f7
如果要禁止这些服务开机启动,需要对注册表中原服务和马甲服务的注册表Start项做干预
CDPUserSvc、CDPUserSvc_bd150
WpnUserService、WpnUserService_bd150
ConsentUxUserSvc、ConsentUxUserSvc_bd150
代码语言:powershell复制Set-Service -Name CDPUserSvc -StartupType auto
Get-Service | Where-Object { $_.Name -like "CDPUserSvc*" } | ForEach-Object { reg add "HKLMSYSTEMCurrentControlSetServices$($_.Name)" /v Start /t REG_DWORD /d 4 /f }
Set-Service -Name WpnUserService -StartupType auto
Get-Service | Where-Object { $_.Name -like "WpnUserService*" } | ForEach-Object { reg add "HKLMSYSTEMCurrentControlSetServices$($_.Name)" /v Start /t REG_DWORD /d 4 /f }
Set-Service -Name ConsentUxUserSvc -StartupType auto
Get-Service | Where-Object { $_.Name -like "ConsentUxUserSvc*" } | ForEach-Object { reg add "HKLMSYSTEMCurrentControlSetServices$($_.Name)" /v Start /t REG_DWORD /d 4 /f }
#合并处理
#服务名称列表
$serviceNames = "CDPUserSvc", "WpnUserService", "ConsentUxUserSvc"
#遍历服务名称列表
foreach ($serviceName in $serviceNames) {
#禁用服务
Stop-Service $serviceName -EA 0
Get-Service | Where-Object { $_.Name -like "$serviceName*" } | ForEach-Object { Stop-Service $_.Name -EA 0}
Set-Service -Name $serviceName -StartupType Disabled
Get-Service | Where-Object { $_.Name -like "$serviceName*" } | ForEach-Object { reg add "HKLMSYSTEMCurrentControlSetServices$($_.Name)" /v Start /t REG_DWORD /d 4 /f }
#查看服务
Get-Service $serviceName | ft -auto
Get-Service | Where-Object { $_.Name -like "$serviceName*" } | ForEach-Object { $_ | Select-Object Name, Status, @{Name='StartMode';Expression={(Get-WmiObject -Class Win32_Service -Filter "Name='$($_.Name)'").StartMode}} } | ft -auto
}
