Solved

How can I find out what accounts are running what services across my windows 2k3 domain?

Posted on 2009-04-07
8
224 Views
Last Modified: 2012-05-06
Following an outbreak of conficker my client has restricted access to launch exe as services and the like.  Upon relaxing the security we are finding that certain services are not lauching eg dhcp client.  This is down to permissions I know however I would like to find out what accounts are associated to what services as we have serveral instances where the same service is local system on one machine and network service on another
0
Comment
Question by:nashton99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 9

Expert Comment

by:sda100
ID: 24087190
This batch script below will give you the information you need - I've chosen to just echo the information out in CSV format, but you can do what like with it.

You'll be using the Windows-supplied tool, SC.EXE and you'll also need to use a .VBS script which you can download from here (extract it from the ZIP):

Sample output:

WZCSVC, Wireless Zero Configuration, AUTHORITY\NetworkService
xmlprov, Network Provisioning Service, AUTHORITY\NetworkService
SAVService, Sophos Anti-Virus, AUTHORITY\LocalService
SAVAdminService, Sophos Anti-Virus status reporter, AUTHORITY\LocalService
Steve :)

@echo off
SetLocal EnableDelayedExpansion
for /f "tokens=1,*" %%i in ('cscript //NoLogo check_service.wsf /info') do (
    if "%%i"=="Service:" (
        set ShortName=%%j
    ) else (
        if "%%i"=="Description:" (
			set LongName=%%j
			for /f "usebackq tokens=4" %%k in (`sc qc !ShortName!^|find "SERVICE_START_NAME"`) do (
				set StartName=%%k
			)
			echo !ShortName!, !LongName!, !StartName!
        )
    )
)

Open in new window

0
 

Author Comment

by:nashton99
ID: 24087518
Thanks have downloaded and will give it a try, I am not much of a vbs programmer, so may need some more help.  Does anyone know of anything  that has a nice gui
0
 
LVL 9

Expert Comment

by:sda100
ID: 24087733
You don't need to touch the VBS.  If you look at line 12 of the code snippet above (it's a DOS batch file), I echo out 3 values.  It's up to you what you want to do with them... anything tricky, just post back again.

Steve :)
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:nashton99
ID: 24090941
thats great and I can run it fine, but what i would really like to do is run it from a client aqnd check all servers on, the domain and then produce a report, any further tips would be greatly appreciated.  
0
 
LVL 9

Expert Comment

by:sda100
ID: 24097915
Depending on how many servers you have, I think the easiest way might be to use a GPO and configure it to run as a login script (for Administrator?).  You could then adapt the batch file to copy its output to a network share, in a file named %COMPUTERNAME%.TXT, for example?

Take a look at the modified batch file below.

Steve :)

@echo off
SetLocal EnableDelayedExpansion
 
set NetworkDir=\\<SERVER>\<SHARE>
 
for /f "tokens=1,*" %%i in ('cscript //NoLogo check_service.wsf /info') do (
    if "%%i"=="Service:" (
        set ShortName=%%j
    ) else (
        if "%%i"=="Description:" (
            set LongName=%%j
            for /f "usebackq tokens=4" %%k in (`sc qc !ShortName!^|find "SERVICE_START_NAME"`) do (
                set StartName=%%k
            )
            echo !ShortName!, !LongName!, !StartName!>>"%0.out"
        )
    )
)
 
if exist "%0.out" (
    move "%0.out" "%NetworkDir%\%COMPUTERNAME%.txt"
    del "%0.out"
)

Open in new window

0
 
LVL 9

Accepted Solution

by:
sda100 earned 125 total points
ID: 24097924
You could also play with the PsTools package from Microsoft/Sysinternals to run this remotely.

Steve :)
0
 

Author Comment

by:nashton99
ID: 24110578
Thanks again steve been out of the office today but will have a play over the weekend with pstools and the batch file etc.  But I am liking the idea.
0
 

Author Closing Comment

by:nashton99
ID: 31567481
Really basic auditing sorting thank you.  Simple, effective and fast solution
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
A hard and fast method for reducing Active Directory Administrators members.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question