export windows services with credentials

You can't export the password. But startup time and service account is feasible.

thats fine. i need to automate it to happen on 50+ servers. How would you do it?

What should be logged exactly? Startup type, account, image path, display name?
And in which format? E.g. sc command format, so you can use it in a batch file, or comma separated?

i just need to be able to see what services are starting as user accounts... pretty much anything. CSV would be fine.

Call this batch, and redirect the output to a text file. Change the output format to your likeings (tabs, semicolon, ...)

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!
)

Select allOpen in new window

appears close, but Im only getting about 10 services to show up?

Ahh, yes, W2000. Expand sc query in line 3 to use a bigger buffer:

sc query bufsize= 60000

this is what i did, and that didnt do it...

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query ^| find "SERVICE_NAME"') do (
      set sc query bufsize=60000
      set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!
)

Tsss, tsss, that wasn't line 3 you changed ...

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query bufsize= 60000 ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!
) 

Select allOpen in new window

id love to say thanks, but not yet!

now the file is empty.

Very strange effect. Must be a bug in the cmd.exe. The equal sign is not retained. I have to escape it, but that has no logical reason:

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!
) 

Select allOpen in new window

still nothing...

Strange, as I tested exact this code on a W2000 Server ... Where is your sc.exe coming from? I used one from XP (copied, that works!), because I was too lazy to install a RSK or Support Tools.

1. Try if
   sc query bufsize= 60000
   typed in a cmd window will type anything.
    
2. Remove the first line (@echo off), and post the resulting output.
   

number 1 above works and leaves the input in the cmd window.

Number 2 doesnt give me any stuff in the window.

i used the server 2003 sc, then tried the xp. Nothing on both.

I am trying to call this from a script using psexec so that I can run remotely.

I have dump.bat doing
\\serve\netlogon\psexec.exe \\* -u "domain\domainacct" -p "password" \\serve\netlogon\dumpservices.bat >>C:\%computername%.txt

dumpservices.bat is this.

setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!



 

Than something with your redirection must be wrong.
>> C:\%computername%.txt
will be executed locally, not remote. Didi you keep that in mind?

At least the setlocal and the first for have to appear in the output, if there is no echo off.

correct. i understatnd that part. I have also tried with the redirection going to a share with correct permissions. I have tried to run the dumpservices, and get same result.... I dont think its redirection.

when i try running just the dumpservices.bat >>c:\test.txt i get this in the txt file


C:\>setlocal EnableDelayedExpansion

C:\>

Could you try it with the more appropriate extension .cmd? dumpservices.cmd, this is. Then try again to use it directly (not remote).

Further debugging:
just use the single line
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do @echo %%S
in a batch file and call it locally.

for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do @echo %%S

that executes and gives me all services in text file.
C:\Documents and Settings\bevjc20>for /F "tokens=2 delims=: " %S in ('sc query bufsize= 60000 | find "SERVICE_NAME"') do @echo %S
AeLookupSvc
ALG
AudioSrv
BackupExecAgentAccelerator
BITS
Browser
ccEvtMgr
ccSetMgr
CryptSvc
dcevt32
DcomLaunch
dcstor32
Dhcp
dmserver
Dnscache
ERSvc
Eventlog
EventsManager
EventSystem
Flexlm
GFI_ReportCenter35
helpsvc
HTTPFilter
IISADMIN
lanmanserver
lanmanworkstation
lansweeperservice
LmHosts
LogWatch
mr2kserv
MSDTC
MsDtsServer
msftesql
MSSQL$MICROSOFT##SSEE
MSSQLSERVER
MSSQLServerOLAPService
Netlogon
Netman
Nla
NtLmSsp
omsad
PlugPlay
PolicyAgent
ProtectedStorage
RasMan
RemoteRegistry
ReportServer
RpcSs
SamSs
Schedule
seclogon
SENS
Server
SharedAccess
ShellHWDetection
SmcService
SNMP
Spooler
SQLWriter
Symantec
TapiSrv
TermService
TrkWks
VMAuthdService
VMnetDHCP
VMware
vmware-converter-agent
vmware-converter-server
VMwareHostd
VMwareServerWebAccess
W32Time
W3SVC
winmgmt
WsusService
wuauserv
WZCSVC

I've seen the problem. There is a single close bracket missing in the last line (see my code line #11).

its not getting everything again.

Dhcp,AUTO_START,DHCPClient,NTAUTHORITY\NetworkService
Dnscache,AUTO_START,DNSClient,NTAUTHORITY\NetworkService
LmHosts,AUTO_START,TCP/IPNetBIOS Helper,NTAUTHORITY\LocalService
MSDTC,AUTO_START,DistributedTransaction Coordinator,NTAUTHORITY\NetworkService
RemoteRegistry,AUTO_START,RemoteRegistry,NTAUTHORITY\LocalService
RpcSs,AUTO_START,RemoteProcedure Call (RPC),NTAuthority\NetworkService
W32Time,AUTO_START,WindowsTime,NTAUTHORITY\LocalService
c:\dumpservices.bat exited on esbev001 with error code 0.

What do you expect it to output? It shows any service not started as LocalSystem. Do you want to suppress the various system accounts, too, and see only user accounts? This could be done by changing the if line at the end to:


if /I NOT "!svc_login!" == "LocalSystem"
echo !svc!,!svc_start!,!svc_disp!,!svc_login! | findstr /i /v "LocalSystem NTAuthority"

But this will output nothing in your example above, as there are no user accounts used.

ok. is there anyway to pipe that output to a text file without using the >>.txt.

Please be more specific what you want to achieve.

• a text file for each PC
• one text file for all, but with computer name
• piping included in the batch file
• ...

ooooooh!!!!

i would like one text for all with computer names separating!!! and a small fry!!!!!!

Thanks

Thanks a million! You have been awesome!