Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How can I find out what accounts are running what services across my windows 2k3 domain?

Posted on 2009-04-07
8
Medium Priority
?
227 Views
Last Modified: 2012-05-06
Following an outbreak of conficker my client has restricted access to launch exe as services and the like.  Upon relaxing the security we are finding that certain services are not lauching eg dhcp client.  This is down to permissions I know however I would like to find out what accounts are associated to what services as we have serveral instances where the same service is local system on one machine and network service on another
0
Comment
Question by:nashton99
  • 4
  • 4
8 Comments
 
LVL 9

Expert Comment

by:sda100
ID: 24087190
This batch script below will give you the information you need - I've chosen to just echo the information out in CSV format, but you can do what like with it.

You'll be using the Windows-supplied tool, SC.EXE and you'll also need to use a .VBS script which you can download from here (extract it from the ZIP):

Sample output:

WZCSVC, Wireless Zero Configuration, AUTHORITY\NetworkService
xmlprov, Network Provisioning Service, AUTHORITY\NetworkService
SAVService, Sophos Anti-Virus, AUTHORITY\LocalService
SAVAdminService, Sophos Anti-Virus status reporter, AUTHORITY\LocalService
Steve :)

@echo off
SetLocal EnableDelayedExpansion
for /f "tokens=1,*" %%i in ('cscript //NoLogo check_service.wsf /info') do (
    if "%%i"=="Service:" (
        set ShortName=%%j
    ) else (
        if "%%i"=="Description:" (
			set LongName=%%j
			for /f "usebackq tokens=4" %%k in (`sc qc !ShortName!^|find "SERVICE_START_NAME"`) do (
				set StartName=%%k
			)
			echo !ShortName!, !LongName!, !StartName!
        )
    )
)

Open in new window

0
 

Author Comment

by:nashton99
ID: 24087518
Thanks have downloaded and will give it a try, I am not much of a vbs programmer, so may need some more help.  Does anyone know of anything  that has a nice gui
0
 
LVL 9

Expert Comment

by:sda100
ID: 24087733
You don't need to touch the VBS.  If you look at line 12 of the code snippet above (it's a DOS batch file), I echo out 3 values.  It's up to you what you want to do with them... anything tricky, just post back again.

Steve :)
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:nashton99
ID: 24090941
thats great and I can run it fine, but what i would really like to do is run it from a client aqnd check all servers on, the domain and then produce a report, any further tips would be greatly appreciated.  
0
 
LVL 9

Expert Comment

by:sda100
ID: 24097915
Depending on how many servers you have, I think the easiest way might be to use a GPO and configure it to run as a login script (for Administrator?).  You could then adapt the batch file to copy its output to a network share, in a file named %COMPUTERNAME%.TXT, for example?

Take a look at the modified batch file below.

Steve :)

@echo off
SetLocal EnableDelayedExpansion
 
set NetworkDir=\\<SERVER>\<SHARE>
 
for /f "tokens=1,*" %%i in ('cscript //NoLogo check_service.wsf /info') do (
    if "%%i"=="Service:" (
        set ShortName=%%j
    ) else (
        if "%%i"=="Description:" (
            set LongName=%%j
            for /f "usebackq tokens=4" %%k in (`sc qc !ShortName!^|find "SERVICE_START_NAME"`) do (
                set StartName=%%k
            )
            echo !ShortName!, !LongName!, !StartName!>>"%0.out"
        )
    )
)
 
if exist "%0.out" (
    move "%0.out" "%NetworkDir%\%COMPUTERNAME%.txt"
    del "%0.out"
)

Open in new window

0
 
LVL 9

Accepted Solution

by:
sda100 earned 375 total points
ID: 24097924
You could also play with the PsTools package from Microsoft/Sysinternals to run this remotely.

Steve :)
0
 

Author Comment

by:nashton99
ID: 24110578
Thanks again steve been out of the office today but will have a play over the weekend with pstools and the batch file etc.  But I am liking the idea.
0
 

Author Closing Comment

by:nashton99
ID: 31567481
Really basic auditing sorting thank you.  Simple, effective and fast solution
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question