Solved

Script to change passwords in local services on Windows 2003

Posted on 2009-05-11
5
475 Views
Last Modified: 2012-05-06
Hey Everyone,

I need a script to change all the passwords tied to Services on my Windows 2003 Machines.

I'm changing the local password (for security purposes) and I need a script to run and change all the passwords in the services so nothing stops.

Help please!

Thanks
0
Comment
Question by:eallerton
  • 3
  • 2
5 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 24358802
You should never use an account that's used for interactive logons to run a service with. Create a dedicated accout for each service with only the necessary permissions to run this service, and give it a complex password.
That said, you can use sc.exe to change the service password (and/or the service account) (note the space after "password="!).
Try to avoid the following characters in the password, as they may lead to unexpected results: < | > % ^ &
Note that the service will have to be restarted once the password has been changed.

@echo off
setlocal
sc config "Some Service" password= "TopSecret"
net stop "Some Service"
net start "Some Service"

Open in new window

0
 

Author Comment

by:eallerton
ID: 24358887
The account that all services are usually bound to is the default administrator local account, or am I mistaken?

That being said, I want to change all the passwords using the local administrator to the desired password.


Also, I'm assuming to make that into a batch file and run it, correct?
0
 
LVL 83

Expert Comment

by:oBdA
ID: 24358969
Not at all; just check the "Logon as" column in services.msc. Unless you've installed your own services, the accounts used are Local Service, Local System, Network Service.
Yes, you can use the above as template.
But then again, since you might have to change the properties of some services anyway, why not go the full nine yards and change services using "Administrator" to dedicated accounts?
0
 

Author Comment

by:eallerton
ID: 24364906
Just to make sure I understand this.

BACKUP EXEC is using Domain\Administrator (If I change the admin password, do I need to change the password in the services)

about 70% of the services are local system (I assume I need to change the password if I change the local server's password, correct?)

Some are NT AUTHORITY\LocalService or NT AUTHORITY\NetworkService (I assume I Don't need to touch these)

Is it best practice to have ALL the services running as Local System/Service/NetworkService

Or just all the Windows 2003 builtin services and have all the installed software (BACKUP EXEC) run on a dedicated account

0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 24365019
Neither of the Local Service, Local System, Network Service accounts requires a password; they're local pseudo-accounts that exist solely to run services. You do *not* need to (and should *not*) change any of the Windows default services running under one of these accounts.
With third-party software, it depends on the *software* alone under which account it's running best.
And, yes, if if BE is running under the Administrator account, and you plan to change the password for this account, then you obviously have to change the logon informatoin for the service as well--which is exactly the reason why an "interactive" account should NOT be used for a service. Interactive accounts should change the password far more often than a service account.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Enums (shorthand for ‘enumerations’) are not often used by programmers but they can be quite valuable when they are.  What are they? An Enum is just a type of variable like a string or an Integer, but in this case one that you create that contains…
If like me you are one who spends a lot of time working and scripting with cmd.exe, sometimes it is handy to be able to quickly view a calendar for a given month and year. This script will quickly do just that!  Save the code posted below to a .bat …
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question