How to Manage the UPnP Device Host Service Startup Type with PowerShell

The UPnP (Universal Plug and Play) Device Host service is a critical component in many IT environments, enabling devices to seamlessly connect and communicate on a network. Managing the startup type of this service is essential for both operational efficiency and security. This article delves into a PowerShell script designed to set the startup type for the UPnP Device Host service.

Background

The UPnP Device Host service facilitates device discovery and control, making it easier for devices to connect to networks without manual configuration. However, its convenience also presents potential security risks. IT professionals and Managed Service Providers (MSPs) often need to control the startup type of this service to strike a balance between functionality and security.

The Script

#Requires -Version 5.1

<#
.SYNOPSIS
    Set the startup type for the UPnP Device Host service.
.DESCRIPTION
    Set the startup type for the UPnP Device Host service.
.EXAMPLE
    No parameters needed.
    Disables UPnP Host service.
.EXAMPLE
     -StartupType Automatic
    Enables UPnP Host service.
.EXAMPLE
    PS C:> Set-Upnp.ps1 -StartupType Automatic
    Enables UPnP Host service.
.OUTPUTS
    None
.NOTES
    Minimum OS Architecture Supported: Windows 10, Windows Server 2016
    Release Notes:
    Initial Release
    (c) 2023 NinjaOne
    By using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https://www.ninjaone.com/terms-of-use.
    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. 
    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. 
    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. 
    Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. 
    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. 
    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. 
    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
.COMPONENT
    OSSecurity
#>

[CmdletBinding()]
param (
    [Parameter()]
    [ValidateSet("Boot", "System", "Automatic", "Manual", "Disabled")]
    [String]
    $StartupType = "Disabled"
)

begin {
    function Test-IsElevated {
        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()
        $p = New-Object System.Security.Principal.WindowsPrincipal($id)
        if ($p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator))
        { Write-Output $true }
        else
        { Write-Output $false }
    }
}
process {
    if (-not (Test-IsElevated)) {
        Write-Error -Message "Access Denied. Please run with Administrator privileges."
        exit 1
    }
    try {
        Set-Service -Name "upnphost" -StartupType $StartupType
    }
    catch {
        Write-Error $_
        exit 1
    }
}
end {}

 

Access 300+ scripts in the NinjaOne Dojo

Get Access

Detailed Breakdown

The script begins with a CmdletBinding attribute, indicating advanced functions that act similar to cmdlets. The param block defines the parameters for the script, with the default startup type set to “Disabled”.

The begin block contains a function, Test-IsElevated, which checks if the script is run with Administrator privileges. This is crucial because changing service settings typically requires elevated permissions.

In the process block, the script first checks for elevated permissions. If not present, it throws an error. If permissions are adequate, it attempts to set the UPnP Device Host service’s startup type using the Set-Service cmdlet. Any errors encountered during this process are caught and displayed.

Potential Use Cases

Imagine an IT professional, Alex, working in a medium-sized company. After a security audit, it’s recommended that UPnP services be disabled on servers not using them. Alex can use this script to quickly set the UPnP Device Host service startup type to “Disabled” on multiple servers, ensuring compliance with the security recommendation.

Comparisons

While the Windows Services GUI allows for manual adjustment of service startup types, it’s not scalable for multiple systems. Group Policy can also be used, but it might be overkill for a simple change and can be complex to set up. This script offers a middle ground – it’s more scalable than manual methods and simpler than Group Policy.

FAQs

  • Can I use this script on any Windows machine?
    The script supports Windows 10 and Windows Server 2016 onwards.
  • What if I want to set a different default startup type?
    You can modify the $StartupType default value in the param block.

Security Implications

While the UPnP Device Host service offers convenience, it can be a potential security risk if left unchecked. By controlling its startup type, IT professionals can mitigate potential vulnerabilities. However, care should be taken not to disrupt necessary services, as it might affect device connectivity and functionality.

Recommendations

  • Always test the script in a controlled environment before deploying it in production.
  • Regularly review the startup type of critical services like UPnP Device Host to ensure they align with the organization’s security posture.

Final Thoughts

In the ever-evolving landscape of IT, tools like NinjaOne can be invaluable. With its comprehensive IT monitoring and management capabilities, NinjaOne can complement scripts like the one discussed, offering a holistic approach to IT management. By leveraging both manual scripts and automated tools, IT professionals can ensure that services like UPnP Device Host are both functional and secure.

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about NinjaOne Remote Script Deployment, check out a live tour, or start your free trial of the NinjaOne platform.

Categories:

You might also like

×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).