Solved

export windows services with credentials

Posted on 2009-05-19
27
358 Views
Last Modified: 2012-05-07
Anyone have a good way to script the export of all of the services settings on windows machines, including tthe credentials?
0
Comment
Question by:jcorso1212
  • 14
  • 13
27 Comments
 
LVL 69

Expert Comment

by:Qlemo
ID: 24426485
You can't export the password. But startup time and service account is feasible.
0
 

Author Comment

by:jcorso1212
ID: 24426678
thats fine. i need to automate it to happen on 50+ servers. How would you do it?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24426764
What should be logged exactly? Startup type, account, image path, display name?
And in which format? E.g. sc command format, so you can use it in a batch file, or comma separated?
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:jcorso1212
ID: 24426803
i just need to be able to see what services are starting as user accounts... pretty much anything. CSV would be fine.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24427454
Call this batch, and redirect the output to a text file. Change the output format to your likeings (tabs, semicolon, ...)

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!
)

Open in new window

0
 

Author Comment

by:jcorso1212
ID: 24431621
appears close, but Im only getting about 10 services to show up?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24431635
Ahh, yes, W2000. Expand sc query in line 3 to use a bigger buffer:

sc query bufsize= 60000

0
 

Author Comment

by:jcorso1212
ID: 24433310
this is what i did, and that didnt do it...

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query ^| find "SERVICE_NAME"') do (
      set sc query bufsize=60000
      set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!
)
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24433876
Tsss, tsss, that wasn't line 3 you changed ...

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query bufsize= 60000 ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!
) 

Open in new window

0
 

Author Comment

by:jcorso1212
ID: 24433935
id love to say thanks, but not yet!

now the file is empty.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24434056
Very strange effect. Must be a bug in the cmd.exe. The equal sign is not retained. I have to escape it, but that has no logical reason:

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!
) 

Open in new window

0
 

Author Comment

by:jcorso1212
ID: 24434125
still nothing...
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24434450
Strange, as I tested exact this code on a W2000 Server ... Where is your sc.exe coming from? I used one from XP (copied, that works!), because I was too lazy to install a RSK or Support Tools.

  1. Try if
    sc query bufsize= 60000
    typed in a cmd window will type anything.
     
  2. Remove the first line (@echo off), and post the resulting output.
0
 

Author Comment

by:jcorso1212
ID: 24434616
number 1 above works and leaves the input in the cmd window.

Number 2 doesnt give me any stuff in the window.

i used the server 2003 sc, then tried the xp. Nothing on both.

I am trying to call this from a script using psexec so that I can run remotely.

I have dump.bat doing
\\serve\netlogon\psexec.exe \\* -u "domain\domainacct" -p "password" \\serve\netlogon\dumpservices.bat >>C:\%computername%.txt

dumpservices.bat is this.

setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!



 

0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24434672
Than something with your redirection must be wrong.
>> C:\%computername%.txt
will be executed locally, not remote. Didi you keep that in mind?

At least the setlocal and the first for have to appear in the output, if there is no echo off.
0
 

Author Comment

by:jcorso1212
ID: 24434759
correct. i understatnd that part. I have also tried with the redirection going to a share with correct permissions. I have tried to run the dumpservices, and get same result.... I dont think its redirection.
0
 

Author Comment

by:jcorso1212
ID: 24434780
when i try running just the dumpservices.bat >>c:\test.txt i get this in the txt file


C:\>setlocal EnableDelayedExpansion

C:\>
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24434902
Could you try it with the more appropriate extension .cmd? dumpservices.cmd, this is. Then try again to use it directly (not remote).

Further debugging:
just use the single line
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do @echo %%S
in a batch file and call it locally.
0
 

Author Comment

by:jcorso1212
ID: 24434983
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do @echo %%S

that executes and gives me all services in text file.
C:\Documents and Settings\bevjc20>for /F "tokens=2 delims=: " %S in ('sc query bufsize= 60000 | find "SERVICE_NAME"') do @echo %S
AeLookupSvc
ALG
AudioSrv
BackupExecAgentAccelerator
BITS
Browser
ccEvtMgr
ccSetMgr
CryptSvc
dcevt32
DcomLaunch
dcstor32
Dhcp
dmserver
Dnscache
ERSvc
Eventlog
EventsManager
EventSystem
Flexlm
GFI_ReportCenter35
helpsvc
HTTPFilter
IISADMIN
lanmanserver
lanmanworkstation
lansweeperservice
LmHosts
LogWatch
mr2kserv
MSDTC
MsDtsServer
msftesql
MSSQL$MICROSOFT##SSEE
MSSQLSERVER
MSSQLServerOLAPService
Netlogon
Netman
Nla
NtLmSsp
omsad
PlugPlay
PolicyAgent
ProtectedStorage
RasMan
RemoteRegistry
ReportServer
RpcSs
SamSs
Schedule
seclogon
SENS
Server
SharedAccess
ShellHWDetection
SmcService
SNMP
Spooler
SQLWriter
Symantec
TapiSrv
TermService
TrkWks
VMAuthdService
VMnetDHCP
VMware
vmware-converter-agent
vmware-converter-server
VMwareHostd
VMwareServerWebAccess
W32Time
W3SVC
winmgmt
WsusService
wuauserv
WZCSVC
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24435081
I've seen the problem. There is a single close bracket missing in the last line (see my code line #11).
0
 

Author Comment

by:jcorso1212
ID: 24442595
its not getting everything again.

Dhcp,AUTO_START,DHCPClient,NTAUTHORITY\NetworkService
Dnscache,AUTO_START,DNSClient,NTAUTHORITY\NetworkService
LmHosts,AUTO_START,TCP/IPNetBIOS Helper,NTAUTHORITY\LocalService
MSDTC,AUTO_START,DistributedTransaction Coordinator,NTAUTHORITY\NetworkService
RemoteRegistry,AUTO_START,RemoteRegistry,NTAUTHORITY\LocalService
RpcSs,AUTO_START,RemoteProcedure Call (RPC),NTAuthority\NetworkService
W32Time,AUTO_START,WindowsTime,NTAUTHORITY\LocalService
c:\dumpservices.bat exited on esbev001 with error code 0.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24442693
What do you expect it to output? It shows any service not started as LocalSystem. Do you want to suppress the various system accounts, too, and see only user accounts? This could be done by changing the if line at the end to:


if /I NOT "!svc_login!" == "LocalSystem"
echo !svc!,!svc_start!,!svc_disp!,!svc_login! | findstr /i /v "LocalSystem NTAuthority"

But this will output nothing in your example above, as there are no user accounts used.
0
 

Author Comment

by:jcorso1212
ID: 24442772
ok. is there anyway to pipe that output to a text file without using the >>.txt.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 24442955
Please be more specific what you want to achieve.
  • a text file for each PC
  • one text file for all, but with computer name
  • piping included in the batch file
  • ...
0
 

Author Comment

by:jcorso1212
ID: 24443595
ooooooh!!!!

i would like one text for all with computer names separating!!! and a small fry!!!!!!

Thanks
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 24444255
What about this? The batch file does the piping already, you need to change the path, of course. Couldn't find the vegetables for your small fry, btw.

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  echo %ComputerName%: !svc!,!svc_start!,!svc_disp!,!svc_login! | findstr /v /i "LocalSystem NTAuthority"
) >> \\server\share\DumpServices.txt

Open in new window

0
 

Author Closing Comment

by:jcorso1212
ID: 31583233
Thanks a million! You have been awesome!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently I finished a vbscript that I thought I'd share.  It uses a text file with a list of server names to loop through and get various status reports, then writes them all into an Excel file.  Originally it was put together for our Altiris server…
Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_28455246.html)28455246) Here (http…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question