Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 380
  • Last Modified:

export windows services with credentials

Anyone have a good way to script the export of all of the services settings on windows machines, including tthe credentials?
0
jcorso1212
Asked:
jcorso1212
  • 14
  • 13
1 Solution
 
QlemoC++ DeveloperCommented:
You can't export the password. But startup time and service account is feasible.
0
 
jcorso1212Author Commented:
thats fine. i need to automate it to happen on 50+ servers. How would you do it?
0
 
QlemoC++ DeveloperCommented:
What should be logged exactly? Startup type, account, image path, display name?
And in which format? E.g. sc command format, so you can use it in a batch file, or comma separated?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
jcorso1212Author Commented:
i just need to be able to see what services are starting as user accounts... pretty much anything. CSV would be fine.
0
 
QlemoC++ DeveloperCommented:
Call this batch, and redirect the output to a text file. Change the output format to your likeings (tabs, semicolon, ...)

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!
)

Open in new window

0
 
jcorso1212Author Commented:
appears close, but Im only getting about 10 services to show up?
0
 
QlemoC++ DeveloperCommented:
Ahh, yes, W2000. Expand sc query in line 3 to use a bigger buffer:

sc query bufsize= 60000

0
 
jcorso1212Author Commented:
this is what i did, and that didnt do it...

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query ^| find "SERVICE_NAME"') do (
      set sc query bufsize=60000
      set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!
)
0
 
QlemoC++ DeveloperCommented:
Tsss, tsss, that wasn't line 3 you changed ...

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query bufsize= 60000 ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!
) 

Open in new window

0
 
jcorso1212Author Commented:
id love to say thanks, but not yet!

now the file is empty.
0
 
QlemoC++ DeveloperCommented:
Very strange effect. Must be a bug in the cmd.exe. The equal sign is not retained. I have to escape it, but that has no logical reason:

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!
) 

Open in new window

0
 
jcorso1212Author Commented:
still nothing...
0
 
QlemoC++ DeveloperCommented:
Strange, as I tested exact this code on a W2000 Server ... Where is your sc.exe coming from? I used one from XP (copied, that works!), because I was too lazy to install a RSK or Support Tools.

  1. Try if
    sc query bufsize= 60000
    typed in a cmd window will type anything.
     
  2. Remove the first line (@echo off), and post the resulting output.
0
 
jcorso1212Author Commented:
number 1 above works and leaves the input in the cmd window.

Number 2 doesnt give me any stuff in the window.

i used the server 2003 sc, then tried the xp. Nothing on both.

I am trying to call this from a script using psexec so that I can run remotely.

I have dump.bat doing
\\serve\netlogon\psexec.exe \\* -u "domain\domainacct" -p "password" \\serve\netlogon\dumpservices.bat >>C:\%computername%.txt

dumpservices.bat is this.

setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!



 

0
 
QlemoC++ DeveloperCommented:
Than something with your redirection must be wrong.
>> C:\%computername%.txt
will be executed locally, not remote. Didi you keep that in mind?

At least the setlocal and the first for have to appear in the output, if there is no echo off.
0
 
jcorso1212Author Commented:
correct. i understatnd that part. I have also tried with the redirection going to a share with correct permissions. I have tried to run the dumpservices, and get same result.... I dont think its redirection.
0
 
jcorso1212Author Commented:
when i try running just the dumpservices.bat >>c:\test.txt i get this in the txt file


C:\>setlocal EnableDelayedExpansion

C:\>
0
 
QlemoC++ DeveloperCommented:
Could you try it with the more appropriate extension .cmd? dumpservices.cmd, this is. Then try again to use it directly (not remote).

Further debugging:
just use the single line
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do @echo %%S
in a batch file and call it locally.
0
 
jcorso1212Author Commented:
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do @echo %%S

that executes and gives me all services in text file.
C:\Documents and Settings\bevjc20>for /F "tokens=2 delims=: " %S in ('sc query bufsize= 60000 | find "SERVICE_NAME"') do @echo %S
AeLookupSvc
ALG
AudioSrv
BackupExecAgentAccelerator
BITS
Browser
ccEvtMgr
ccSetMgr
CryptSvc
dcevt32
DcomLaunch
dcstor32
Dhcp
dmserver
Dnscache
ERSvc
Eventlog
EventsManager
EventSystem
Flexlm
GFI_ReportCenter35
helpsvc
HTTPFilter
IISADMIN
lanmanserver
lanmanworkstation
lansweeperservice
LmHosts
LogWatch
mr2kserv
MSDTC
MsDtsServer
msftesql
MSSQL$MICROSOFT##SSEE
MSSQLSERVER
MSSQLServerOLAPService
Netlogon
Netman
Nla
NtLmSsp
omsad
PlugPlay
PolicyAgent
ProtectedStorage
RasMan
RemoteRegistry
ReportServer
RpcSs
SamSs
Schedule
seclogon
SENS
Server
SharedAccess
ShellHWDetection
SmcService
SNMP
Spooler
SQLWriter
Symantec
TapiSrv
TermService
TrkWks
VMAuthdService
VMnetDHCP
VMware
vmware-converter-agent
vmware-converter-server
VMwareHostd
VMwareServerWebAccess
W32Time
W3SVC
winmgmt
WsusService
wuauserv
WZCSVC
0
 
QlemoC++ DeveloperCommented:
I've seen the problem. There is a single close bracket missing in the last line (see my code line #11).
0
 
jcorso1212Author Commented:
its not getting everything again.

Dhcp,AUTO_START,DHCPClient,NTAUTHORITY\NetworkService
Dnscache,AUTO_START,DNSClient,NTAUTHORITY\NetworkService
LmHosts,AUTO_START,TCP/IPNetBIOS Helper,NTAUTHORITY\LocalService
MSDTC,AUTO_START,DistributedTransaction Coordinator,NTAUTHORITY\NetworkService
RemoteRegistry,AUTO_START,RemoteRegistry,NTAUTHORITY\LocalService
RpcSs,AUTO_START,RemoteProcedure Call (RPC),NTAuthority\NetworkService
W32Time,AUTO_START,WindowsTime,NTAUTHORITY\LocalService
c:\dumpservices.bat exited on esbev001 with error code 0.
0
 
QlemoC++ DeveloperCommented:
What do you expect it to output? It shows any service not started as LocalSystem. Do you want to suppress the various system accounts, too, and see only user accounts? This could be done by changing the if line at the end to:


if /I NOT "!svc_login!" == "LocalSystem"
echo !svc!,!svc_start!,!svc_disp!,!svc_login! | findstr /i /v "LocalSystem NTAuthority"

But this will output nothing in your example above, as there are no user accounts used.
0
 
jcorso1212Author Commented:
ok. is there anyway to pipe that output to a text file without using the >>.txt.
0
 
QlemoC++ DeveloperCommented:
Please be more specific what you want to achieve.
  • a text file for each PC
  • one text file for all, but with computer name
  • piping included in the batch file
  • ...
0
 
jcorso1212Author Commented:
ooooooh!!!!

i would like one text for all with computer names separating!!! and a small fry!!!!!!

Thanks
0
 
QlemoC++ DeveloperCommented:
What about this? The batch file does the piping already, you need to change the path, of course. Couldn't find the vegetables for your small fry, btw.

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  echo %ComputerName%: !svc!,!svc_start!,!svc_disp!,!svc_login! | findstr /v /i "LocalSystem NTAuthority"
) >> \\server\share\DumpServices.txt

Open in new window

0
 
jcorso1212Author Commented:
Thanks a million! You have been awesome!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 14
  • 13
Tackle projects and never again get stuck behind a technical roadblock.
Join Now