Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How can I find out what accounts are running what services across my windows 2k3 domain?

Posted on 2009-04-07
8
Medium Priority
?
225 Views
Last Modified: 2012-05-06
Following an outbreak of conficker my client has restricted access to launch exe as services and the like.  Upon relaxing the security we are finding that certain services are not lauching eg dhcp client.  This is down to permissions I know however I would like to find out what accounts are associated to what services as we have serveral instances where the same service is local system on one machine and network service on another
0
Comment
Question by:nashton99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 9

Expert Comment

by:sda100
ID: 24087190
This batch script below will give you the information you need - I've chosen to just echo the information out in CSV format, but you can do what like with it.

You'll be using the Windows-supplied tool, SC.EXE and you'll also need to use a .VBS script which you can download from here (extract it from the ZIP):

Sample output:

WZCSVC, Wireless Zero Configuration, AUTHORITY\NetworkService
xmlprov, Network Provisioning Service, AUTHORITY\NetworkService
SAVService, Sophos Anti-Virus, AUTHORITY\LocalService
SAVAdminService, Sophos Anti-Virus status reporter, AUTHORITY\LocalService
Steve :)

@echo off
SetLocal EnableDelayedExpansion
for /f "tokens=1,*" %%i in ('cscript //NoLogo check_service.wsf /info') do (
    if "%%i"=="Service:" (
        set ShortName=%%j
    ) else (
        if "%%i"=="Description:" (
			set LongName=%%j
			for /f "usebackq tokens=4" %%k in (`sc qc !ShortName!^|find "SERVICE_START_NAME"`) do (
				set StartName=%%k
			)
			echo !ShortName!, !LongName!, !StartName!
        )
    )
)

Open in new window

0
 

Author Comment

by:nashton99
ID: 24087518
Thanks have downloaded and will give it a try, I am not much of a vbs programmer, so may need some more help.  Does anyone know of anything  that has a nice gui
0
 
LVL 9

Expert Comment

by:sda100
ID: 24087733
You don't need to touch the VBS.  If you look at line 12 of the code snippet above (it's a DOS batch file), I echo out 3 values.  It's up to you what you want to do with them... anything tricky, just post back again.

Steve :)
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 

Author Comment

by:nashton99
ID: 24090941
thats great and I can run it fine, but what i would really like to do is run it from a client aqnd check all servers on, the domain and then produce a report, any further tips would be greatly appreciated.  
0
 
LVL 9

Expert Comment

by:sda100
ID: 24097915
Depending on how many servers you have, I think the easiest way might be to use a GPO and configure it to run as a login script (for Administrator?).  You could then adapt the batch file to copy its output to a network share, in a file named %COMPUTERNAME%.TXT, for example?

Take a look at the modified batch file below.

Steve :)

@echo off
SetLocal EnableDelayedExpansion
 
set NetworkDir=\\<SERVER>\<SHARE>
 
for /f "tokens=1,*" %%i in ('cscript //NoLogo check_service.wsf /info') do (
    if "%%i"=="Service:" (
        set ShortName=%%j
    ) else (
        if "%%i"=="Description:" (
            set LongName=%%j
            for /f "usebackq tokens=4" %%k in (`sc qc !ShortName!^|find "SERVICE_START_NAME"`) do (
                set StartName=%%k
            )
            echo !ShortName!, !LongName!, !StartName!>>"%0.out"
        )
    )
)
 
if exist "%0.out" (
    move "%0.out" "%NetworkDir%\%COMPUTERNAME%.txt"
    del "%0.out"
)

Open in new window

0
 
LVL 9

Accepted Solution

by:
sda100 earned 375 total points
ID: 24097924
You could also play with the PsTools package from Microsoft/Sysinternals to run this remotely.

Steve :)
0
 

Author Comment

by:nashton99
ID: 24110578
Thanks again steve been out of the office today but will have a play over the weekend with pstools and the batch file etc.  But I am liking the idea.
0
 

Author Closing Comment

by:nashton99
ID: 31567481
Really basic auditing sorting thank you.  Simple, effective and fast solution
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question