Solved

export windows services with credentials

Posted on 2009-05-19
27
353 Views
Last Modified: 2012-05-07
Anyone have a good way to script the export of all of the services settings on windows machines, including tthe credentials?
0
Comment
Question by:jcorso1212
  • 14
  • 13
27 Comments
 
LVL 68

Expert Comment

by:Qlemo
ID: 24426485
You can't export the password. But startup time and service account is feasible.
0
 

Author Comment

by:jcorso1212
ID: 24426678
thats fine. i need to automate it to happen on 50+ servers. How would you do it?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24426764
What should be logged exactly? Startup type, account, image path, display name?
And in which format? E.g. sc command format, so you can use it in a batch file, or comma separated?
0
 

Author Comment

by:jcorso1212
ID: 24426803
i just need to be able to see what services are starting as user accounts... pretty much anything. CSV would be fine.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24427454
Call this batch, and redirect the output to a text file. Change the output format to your likeings (tabs, semicolon, ...)

@echo off

setlocal EnableDelayedExpansion

for /F "tokens=2 delims=: " %%S in ('sc query ^| find "SERVICE_NAME"') do (

  set svc=%%S

  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (

    if "%%A" == "START_TYPE"         set svc_start=%%C

    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C

    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C

  )

  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!

)

Open in new window

0
 

Author Comment

by:jcorso1212
ID: 24431621
appears close, but Im only getting about 10 services to show up?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24431635
Ahh, yes, W2000. Expand sc query in line 3 to use a bigger buffer:

sc query bufsize= 60000

0
 

Author Comment

by:jcorso1212
ID: 24433310
this is what i did, and that didnt do it...

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query ^| find "SERVICE_NAME"') do (
      set sc query bufsize=60000
      set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!
)
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24433876
Tsss, tsss, that wasn't line 3 you changed ...

@echo off

setlocal EnableDelayedExpansion

for /F "tokens=2 delims=: " %%S in ('sc query bufsize= 60000 ^| find "SERVICE_NAME"') do (

  set svc=%%S

  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (

    if "%%A" == "START_TYPE"         set svc_start=%%C

    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C

    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C

  )

  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!

) 

Open in new window

0
 

Author Comment

by:jcorso1212
ID: 24433935
id love to say thanks, but not yet!

now the file is empty.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24434056
Very strange effect. Must be a bug in the cmd.exe. The equal sign is not retained. I have to escape it, but that has no logical reason:

@echo off

setlocal EnableDelayedExpansion

for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do (

  set svc=%%S

  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (

    if "%%A" == "START_TYPE"         set svc_start=%%C

    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C

    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C

  )

  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!

) 

Open in new window

0
 

Author Comment

by:jcorso1212
ID: 24434125
still nothing...
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24434450
Strange, as I tested exact this code on a W2000 Server ... Where is your sc.exe coming from? I used one from XP (copied, that works!), because I was too lazy to install a RSK or Support Tools.

  1. Try if
    sc query bufsize= 60000
    typed in a cmd window will type anything.
     
  2. Remove the first line (@echo off), and post the resulting output.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:jcorso1212
ID: 24434616
number 1 above works and leaves the input in the cmd window.

Number 2 doesnt give me any stuff in the window.

i used the server 2003 sc, then tried the xp. Nothing on both.

I am trying to call this from a script using psexec so that I can run remotely.

I have dump.bat doing
\\serve\netlogon\psexec.exe \\* -u "domain\domainacct" -p "password" \\serve\netlogon\dumpservices.bat >>C:\%computername%.txt

dumpservices.bat is this.

setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!



 

0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24434672
Than something with your redirection must be wrong.
>> C:\%computername%.txt
will be executed locally, not remote. Didi you keep that in mind?

At least the setlocal and the first for have to appear in the output, if there is no echo off.
0
 

Author Comment

by:jcorso1212
ID: 24434759
correct. i understatnd that part. I have also tried with the redirection going to a share with correct permissions. I have tried to run the dumpservices, and get same result.... I dont think its redirection.
0
 

Author Comment

by:jcorso1212
ID: 24434780
when i try running just the dumpservices.bat >>c:\test.txt i get this in the txt file


C:\>setlocal EnableDelayedExpansion

C:\>
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24434902
Could you try it with the more appropriate extension .cmd? dumpservices.cmd, this is. Then try again to use it directly (not remote).

Further debugging:
just use the single line
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do @echo %%S
in a batch file and call it locally.
0
 

Author Comment

by:jcorso1212
ID: 24434983
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do @echo %%S

that executes and gives me all services in text file.
C:\Documents and Settings\bevjc20>for /F "tokens=2 delims=: " %S in ('sc query bufsize= 60000 | find "SERVICE_NAME"') do @echo %S
AeLookupSvc
ALG
AudioSrv
BackupExecAgentAccelerator
BITS
Browser
ccEvtMgr
ccSetMgr
CryptSvc
dcevt32
DcomLaunch
dcstor32
Dhcp
dmserver
Dnscache
ERSvc
Eventlog
EventsManager
EventSystem
Flexlm
GFI_ReportCenter35
helpsvc
HTTPFilter
IISADMIN
lanmanserver
lanmanworkstation
lansweeperservice
LmHosts
LogWatch
mr2kserv
MSDTC
MsDtsServer
msftesql
MSSQL$MICROSOFT##SSEE
MSSQLSERVER
MSSQLServerOLAPService
Netlogon
Netman
Nla
NtLmSsp
omsad
PlugPlay
PolicyAgent
ProtectedStorage
RasMan
RemoteRegistry
ReportServer
RpcSs
SamSs
Schedule
seclogon
SENS
Server
SharedAccess
ShellHWDetection
SmcService
SNMP
Spooler
SQLWriter
Symantec
TapiSrv
TermService
TrkWks
VMAuthdService
VMnetDHCP
VMware
vmware-converter-agent
vmware-converter-server
VMwareHostd
VMwareServerWebAccess
W32Time
W3SVC
winmgmt
WsusService
wuauserv
WZCSVC
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24435081
I've seen the problem. There is a single close bracket missing in the last line (see my code line #11).
0
 

Author Comment

by:jcorso1212
ID: 24442595
its not getting everything again.

Dhcp,AUTO_START,DHCPClient,NTAUTHORITY\NetworkService
Dnscache,AUTO_START,DNSClient,NTAUTHORITY\NetworkService
LmHosts,AUTO_START,TCP/IPNetBIOS Helper,NTAUTHORITY\LocalService
MSDTC,AUTO_START,DistributedTransaction Coordinator,NTAUTHORITY\NetworkService
RemoteRegistry,AUTO_START,RemoteRegistry,NTAUTHORITY\LocalService
RpcSs,AUTO_START,RemoteProcedure Call (RPC),NTAuthority\NetworkService
W32Time,AUTO_START,WindowsTime,NTAUTHORITY\LocalService
c:\dumpservices.bat exited on esbev001 with error code 0.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24442693
What do you expect it to output? It shows any service not started as LocalSystem. Do you want to suppress the various system accounts, too, and see only user accounts? This could be done by changing the if line at the end to:


if /I NOT "!svc_login!" == "LocalSystem"
echo !svc!,!svc_start!,!svc_disp!,!svc_login! | findstr /i /v "LocalSystem NTAuthority"

But this will output nothing in your example above, as there are no user accounts used.
0
 

Author Comment

by:jcorso1212
ID: 24442772
ok. is there anyway to pipe that output to a text file without using the >>.txt.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24442955
Please be more specific what you want to achieve.
  • a text file for each PC
  • one text file for all, but with computer name
  • piping included in the batch file
  • ...
0
 

Author Comment

by:jcorso1212
ID: 24443595
ooooooh!!!!

i would like one text for all with computer names separating!!! and a small fry!!!!!!

Thanks
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 24444255
What about this? The batch file does the piping already, you need to change the path, of course. Couldn't find the vegetables for your small fry, btw.

@echo off

setlocal EnableDelayedExpansion

for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do (

  set svc=%%S

  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (

    if "%%A" == "START_TYPE"         set svc_start=%%C

    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C

    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C

  )

  echo %ComputerName%: !svc!,!svc_start!,!svc_disp!,!svc_login! | findstr /v /i "LocalSystem NTAuthority"

) >> \\server\share\DumpServices.txt

Open in new window

0
 

Author Closing Comment

by:jcorso1212
ID: 31583233
Thanks a million! You have been awesome!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now