So I had someone ask if there was a simple way to define a set of services which would be a server's "baseline" set - and ask if there was a way to compare the currently-running services to that baseline. So I set out writing a script that would export current services to a file (easy enough in PowerShell, right? gsv > services.txt ), and the started using diff.exe...
Wait a sec. I shouldn't be doing this with text - PSH is about objects.
gsv | export-clixml c:\services.xml. That's the first step: Serialized objects in an XML file, representing the baseline services a machine should have. ACL the file against unwanted modifications.
Compare a server's current services to the baseline: diff (import-clixml c:\services.xml) (gsv) -prop name. Instance "difference list" and a very easy thing to run periodically. Maybe not something an auditor would accept, but certainly something you could use between audits to sort of check yourself, and make sure servers (or clients) hadn't picked up any new services recently.
The Diff cmdlet (Compare-Object, actually - Diff is an alias, of course) is really neat that way: It'll either compare entire objects (meaning it compares every property, and an object is only the "same" if ALL the properties match), or you can specify a comparison property (which is often the way to go).