wk6838
asked on
Domain Administrator Password Change
All, we are looking at doing this soon, can anyone recommend any decent tools that will pull back info on where the admin account is used:
ie Scheduled Tasks, Services, apps etc
We would like this to be seamless as possible, any ideas?
Regards
ie Scheduled Tasks, Services, apps etc
We would like this to be seamless as possible, any ideas?
Regards
I don't think, such tools are available in the market. You need to identify those manually in all workstations and servers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I stumbled across some scripts which may help - see https://www.experts-exchange.com/questions/23919403/Utility-to-identify-services-running-under-domain-account-credentials.html
However, please head the previous advice and take the opportunity to create new accounts, specifically for the job.
However, please head the previous advice and take the opportunity to create new accounts, specifically for the job.
To output scheduled tasks (not created with AT):
schtasks.exe /query /fo list /v > c:\scheduledTasks.txt
or just find if the admin is running it:
schtasks.exe /query /fo list /v | find "User"
I made a vbs-script to check for services some years ago. You are prompted for which server to control and the username. You need to run the script with a user that have privilage on the remote serveres. If you have alot of servers this job will take som time for you to complete. You can modify the script if you have many servers and make it read from a text file the server names to check against.
SG
schtasks.exe /query /fo list /v > c:\scheduledTasks.txt
or just find if the admin is running it:
schtasks.exe /query /fo list /v | find "User"
I made a vbs-script to check for services some years ago. You are prompted for which server to control and the username. You need to run the script with a user that have privilage on the remote serveres. If you have alot of servers this job will take som time for you to complete. You can modify the script if you have many servers and make it read from a text file the server names to check against.
SG
Dim Input
strUser = InputBox("User: ")
strComputer = InputBox("Check on server: ")
WScript.Echo "Looking if " & strUser & " is running any services on " & strComputer
Set objWMIService = GetObject _
("winmgmts:\\" & strComputer & "\root\cimv2")
Set colServices = objWMIService.ExecQuery _
("Select * From Win32_Service Where StartName = '"& strUser &"'")
For Each objService in colServices
Wscript.Echo objService.Name
Next
msgbox "Done"
You can install GPO to enable audit policies on all servers and workstations. Then use a event log collector software to gather all the logs and trigger alerts on certain conditions, in this case the use of the administrator account.