jurbanek/SetUserIdServiceAccount.ps1

## SetUserIdServiceAccount.ps1
<#
CONCEPT CODE ONLY to reset Palo Alto Networks Windows User-ID Agent service account credentials
Modifies the service's "log on" credentials
The "new credentials" can be obtained via a password vault API, other automation, or simple
Get-Credential. This concept uses Get-Credential for concept ease
Assume running locally on Windows server running the Windows User-ID Agent. Can be adapted to run
remotely (consider replacing Get-WmiObject with Get-CimInstance and using the -ComputerName parameter)
Additional error handing and logic is advisable for production use cases
#>

$ServiceName = 'UserIdService'
# Obtain service account credentials via password vault API, automate, or use Get-Credential
$ServiceCred = Get-Credential -Message ('Provide {0} service account credentials' -f $ServiceName)
$Service = Get-WmiObject win32_service -filter ("name='{0}'" -f $ServiceName)

if($Service.Name -eq $ServiceName) {
   Write-Host ('Found service {0}' -f $Service.Name)
   if($Service.State -eq 'Running') {
      Write-Host ('Stopping service {0}' -f $Service.Name)
      Stop-Service -Name $Service.Name
   }
   Write-Host ('Updating service {0} "log on" (startup) credentials' -f $Service.Name)
   Write-Host ('Username: ' -f $ServiceCred.Username)
   Write-Host ('Password: <hidden>')
   $Service.Change($null,$null,$null,$null,$null,$null,$ServiceCred.Username,$ServiceCred.GetNetworkCredential().Password)

   Write-Host ('Starting service {0}' -f $Service.Name)
   Write-Host ('Service start errors will arise if invalid credentials are provided. Review Windows System event log on service start failure')
   Start-Service -Name $Service.Name
}
else {
   Write-Error ('Failed to find service {0}' -f $ServiceName)
}
	<#
	CONCEPT CODE ONLY to reset Palo Alto Networks Windows User-ID Agent service account credentials
	Modifies the service's "log on" credentials
	The "new credentials" can be obtained via a password vault API, other automation, or simple
	Get-Credential. This concept uses Get-Credential for concept ease
	Assume running locally on Windows server running the Windows User-ID Agent. Can be adapted to run
	remotely (consider replacing Get-WmiObject with Get-CimInstance and using the -ComputerName parameter)
	Additional error handing and logic is advisable for production use cases
	#>

	$ServiceName = 'UserIdService'
	# Obtain service account credentials via password vault API, automate, or use Get-Credential
	$ServiceCred = Get-Credential -Message ('Provide {0} service account credentials' -f $ServiceName)
	$Service = Get-WmiObject win32_service -filter ("name='{0}'" -f $ServiceName)

	if($Service.Name -eq $ServiceName) {
	Write-Host ('Found service {0}' -f $Service.Name)
	if($Service.State -eq 'Running') {
	Write-Host ('Stopping service {0}' -f $Service.Name)
	Stop-Service -Name $Service.Name
	}
	Write-Host ('Updating service {0} "log on" (startup) credentials' -f $Service.Name)
	Write-Host ('Username: ' -f $ServiceCred.Username)
	Write-Host ('Password: <hidden>')
	$Service.Change($null,$null,$null,$null,$null,$null,$ServiceCred.Username,$ServiceCred.GetNetworkCredential().Password)

	Write-Host ('Starting service {0}' -f $Service.Name)
	Write-Host ('Service start errors will arise if invalid credentials are provided. Review Windows System event log on service start failure')
	Start-Service -Name $Service.Name
	}
	else {
	Write-Error ('Failed to find service {0}' -f $ServiceName)
	}