Solved

export windows services with credentials

Posted on 2009-05-19
27
352 Views
Last Modified: 2012-05-07
Anyone have a good way to script the export of all of the services settings on windows machines, including tthe credentials?
0
Comment
Question by:jcorso1212
  • 14
  • 13
27 Comments
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
You can't export the password. But startup time and service account is feasible.
0
 

Author Comment

by:jcorso1212
Comment Utility
thats fine. i need to automate it to happen on 50+ servers. How would you do it?
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
What should be logged exactly? Startup type, account, image path, display name?
And in which format? E.g. sc command format, so you can use it in a batch file, or comma separated?
0
 

Author Comment

by:jcorso1212
Comment Utility
i just need to be able to see what services are starting as user accounts... pretty much anything. CSV would be fine.
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Call this batch, and redirect the output to a text file. Change the output format to your likeings (tabs, semicolon, ...)

@echo off

setlocal EnableDelayedExpansion

for /F "tokens=2 delims=: " %%S in ('sc query ^| find "SERVICE_NAME"') do (

  set svc=%%S

  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (

    if "%%A" == "START_TYPE"         set svc_start=%%C

    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C

    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C

  )

  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!

)

Open in new window

0
 

Author Comment

by:jcorso1212
Comment Utility
appears close, but Im only getting about 10 services to show up?
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Ahh, yes, W2000. Expand sc query in line 3 to use a bigger buffer:

sc query bufsize= 60000

0
 

Author Comment

by:jcorso1212
Comment Utility
this is what i did, and that didnt do it...

@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query ^| find "SERVICE_NAME"') do (
      set sc query bufsize=60000
      set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!
)
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Tsss, tsss, that wasn't line 3 you changed ...

@echo off

setlocal EnableDelayedExpansion

for /F "tokens=2 delims=: " %%S in ('sc query bufsize= 60000 ^| find "SERVICE_NAME"') do (

  set svc=%%S

  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (

    if "%%A" == "START_TYPE"         set svc_start=%%C

    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C

    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C

  )

  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!

) 

Open in new window

0
 

Author Comment

by:jcorso1212
Comment Utility
id love to say thanks, but not yet!

now the file is empty.
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Very strange effect. Must be a bug in the cmd.exe. The equal sign is not retained. I have to escape it, but that has no logical reason:

@echo off

setlocal EnableDelayedExpansion

for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do (

  set svc=%%S

  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (

    if "%%A" == "START_TYPE"         set svc_start=%%C

    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C

    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C

  )

  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!

) 

Open in new window

0
 

Author Comment

by:jcorso1212
Comment Utility
still nothing...
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Strange, as I tested exact this code on a W2000 Server ... Where is your sc.exe coming from? I used one from XP (copied, that works!), because I was too lazy to install a RSK or Support Tools.

  1. Try if
    sc query bufsize= 60000
    typed in a cmd window will type anything.
     
  2. Remove the first line (@echo off), and post the resulting output.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:jcorso1212
Comment Utility
number 1 above works and leaves the input in the cmd window.

Number 2 doesnt give me any stuff in the window.

i used the server 2003 sc, then tried the xp. Nothing on both.

I am trying to call this from a script using psexec so that I can run remotely.

I have dump.bat doing
\\serve\netlogon\psexec.exe \\* -u "domain\domainacct" -p "password" \\serve\netlogon\dumpservices.bat >>C:\%computername%.txt

dumpservices.bat is this.

setlocal EnableDelayedExpansion
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do (
  set svc=%%S
  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (
    if "%%A" == "START_TYPE"         set svc_start=%%C
    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C
    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C
  )
  if /I NOT "!svc_login!" == "LocalSystem" echo !svc!,!svc_start!,!svc_disp!,!svc_login!



 

0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Than something with your redirection must be wrong.
>> C:\%computername%.txt
will be executed locally, not remote. Didi you keep that in mind?

At least the setlocal and the first for have to appear in the output, if there is no echo off.
0
 

Author Comment

by:jcorso1212
Comment Utility
correct. i understatnd that part. I have also tried with the redirection going to a share with correct permissions. I have tried to run the dumpservices, and get same result.... I dont think its redirection.
0
 

Author Comment

by:jcorso1212
Comment Utility
when i try running just the dumpservices.bat >>c:\test.txt i get this in the txt file


C:\>setlocal EnableDelayedExpansion

C:\>
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Could you try it with the more appropriate extension .cmd? dumpservices.cmd, this is. Then try again to use it directly (not remote).

Further debugging:
just use the single line
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do @echo %%S
in a batch file and call it locally.
0
 

Author Comment

by:jcorso1212
Comment Utility
for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do @echo %%S

that executes and gives me all services in text file.
C:\Documents and Settings\bevjc20>for /F "tokens=2 delims=: " %S in ('sc query bufsize= 60000 | find "SERVICE_NAME"') do @echo %S
AeLookupSvc
ALG
AudioSrv
BackupExecAgentAccelerator
BITS
Browser
ccEvtMgr
ccSetMgr
CryptSvc
dcevt32
DcomLaunch
dcstor32
Dhcp
dmserver
Dnscache
ERSvc
Eventlog
EventsManager
EventSystem
Flexlm
GFI_ReportCenter35
helpsvc
HTTPFilter
IISADMIN
lanmanserver
lanmanworkstation
lansweeperservice
LmHosts
LogWatch
mr2kserv
MSDTC
MsDtsServer
msftesql
MSSQL$MICROSOFT##SSEE
MSSQLSERVER
MSSQLServerOLAPService
Netlogon
Netman
Nla
NtLmSsp
omsad
PlugPlay
PolicyAgent
ProtectedStorage
RasMan
RemoteRegistry
ReportServer
RpcSs
SamSs
Schedule
seclogon
SENS
Server
SharedAccess
ShellHWDetection
SmcService
SNMP
Spooler
SQLWriter
Symantec
TapiSrv
TermService
TrkWks
VMAuthdService
VMnetDHCP
VMware
vmware-converter-agent
vmware-converter-server
VMwareHostd
VMwareServerWebAccess
W32Time
W3SVC
winmgmt
WsusService
wuauserv
WZCSVC
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
I've seen the problem. There is a single close bracket missing in the last line (see my code line #11).
0
 

Author Comment

by:jcorso1212
Comment Utility
its not getting everything again.

Dhcp,AUTO_START,DHCPClient,NTAUTHORITY\NetworkService
Dnscache,AUTO_START,DNSClient,NTAUTHORITY\NetworkService
LmHosts,AUTO_START,TCP/IPNetBIOS Helper,NTAUTHORITY\LocalService
MSDTC,AUTO_START,DistributedTransaction Coordinator,NTAUTHORITY\NetworkService
RemoteRegistry,AUTO_START,RemoteRegistry,NTAUTHORITY\LocalService
RpcSs,AUTO_START,RemoteProcedure Call (RPC),NTAuthority\NetworkService
W32Time,AUTO_START,WindowsTime,NTAUTHORITY\LocalService
c:\dumpservices.bat exited on esbev001 with error code 0.
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
What do you expect it to output? It shows any service not started as LocalSystem. Do you want to suppress the various system accounts, too, and see only user accounts? This could be done by changing the if line at the end to:


if /I NOT "!svc_login!" == "LocalSystem"
echo !svc!,!svc_start!,!svc_disp!,!svc_login! | findstr /i /v "LocalSystem NTAuthority"

But this will output nothing in your example above, as there are no user accounts used.
0
 

Author Comment

by:jcorso1212
Comment Utility
ok. is there anyway to pipe that output to a text file without using the >>.txt.
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Please be more specific what you want to achieve.
  • a text file for each PC
  • one text file for all, but with computer name
  • piping included in the batch file
  • ...
0
 

Author Comment

by:jcorso1212
Comment Utility
ooooooh!!!!

i would like one text for all with computer names separating!!! and a small fry!!!!!!

Thanks
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
Comment Utility
What about this? The batch file does the piping already, you need to change the path, of course. Couldn't find the vegetables for your small fry, btw.

@echo off

setlocal EnableDelayedExpansion

for /F "tokens=2 delims=: " %%S in ('sc query bufsize^= 60000 ^| find "SERVICE_NAME"') do (

  set svc=%%S

  for /F "tokens=1,2* delims=: " %%A in ('sc qc %%S ^| findstr /i "Start_Type Service_Start_Name Display_Name"') do (

    if "%%A" == "START_TYPE"         set svc_start=%%C

    if "%%A" == "SERVICE_START_NAME" set svc_login=%%B%%C

    if "%%A" == "DISPLAY_NAME"       set svc_disp=%%B%%C

  )

  echo %ComputerName%: !svc!,!svc_start!,!svc_disp!,!svc_login! | findstr /v /i "LocalSystem NTAuthority"

) >> \\server\share\DumpServices.txt

Open in new window

0
 

Author Closing Comment

by:jcorso1212
Comment Utility
Thanks a million! You have been awesome!
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Well hello again!  Glad to see you've made it this far without giving up.  In this, the fourth installment of my popular series, I'm going to cover functions and subroutines, what they are, and why they are useful.  Just in case you stumbled onto th…
I met Paul Devereux (@pdevereux) today when I responded to his tweet asking “Anybody know how to automate adding files from disk to a folder in #outlook  ?”.  I replied back and told Paul that using automation, in this case scripting, to add files t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now