johnnyjonathan
asked on
How to discover services and scheduled tasks using specified account
Hello,
I'm looking to find activity of a specific user.
It can be a software (preferably free) \ powershell \ vbs.
Sadly, we don't have SIEM at the moment, and i'm looking for a quick way to find the information
Any suggestions?
I'm looking to find activity of a specific user.
It can be a software (preferably free) \ powershell \ vbs.
Sadly, we don't have SIEM at the moment, and i'm looking for a quick way to find the information
Any suggestions?
ASKER
Hi Will.
Thanks, but i have AuditPlus and i don't know of "tracking information" in it?
Thanks, but i have AuditPlus and i don't know of "tracking information" in it?
There is no easy way (You may hit lot of road blocks.. :-).. here is a third party tool but it's not free..
http://community.spiceworks.com/topic/237625-discovering-services-and-scheduled-tasks-using-specified-account
Other option is to use Get-RunAsAccount function against the computer list. Refer the following link from script center..
http://gallery.technet.microsoft.com/Getting-information-about-438b5b1c
http://community.spiceworks.com/topic/237625-discovering-services-and-scheduled-tasks-using-specified-account
Other option is to use Get-RunAsAccount function against the computer list. Refer the following link from script center..
http://gallery.technet.microsoft.com/Getting-information-about-438b5b1c
ASKER
Thanks Subsun,
I've tried running the script, i copied it over to my C drive, run the command -
.\Get-RunAsAccount -ComputerName "COMPUTERNAME" -RunAsUser "USERNAME"
but it then just gave me an empty prompt? i've tried checking with false parameters and i still get the same thing
I've tried running the script, i copied it over to my C drive, run the command -
.\Get-RunAsAccount -ComputerName "COMPUTERNAME" -RunAsUser "USERNAME"
but it then just gave me an empty prompt? i've tried checking with false parameters and i still get the same thing
The script written as a function.. You can start the code by dot-sourcing method.. and then run the function..
Check the link for detailed instructions..
http://blog.powershell.no/2012/02/05/getting-information-about-run-as-accounts-for-services-and-scheduled-tasks/
. C:\Get-RunAsAccount.ps1
Get-RunAsAccount -ComputerName "COMPUTERNAME" -RunAsUser "USERNAME"Check the link for detailed instructions..
http://blog.powershell.no/2012/02/05/getting-information-about-run-as-accounts-for-services-and-scheduled-tasks/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
As always, your solutions are amazingly elegant!
Great. Glad it worked for you. Thanks for the grade.
Rob.
Rob.
It not free but they do have a 30 days fully featured trial version...
AD AuditPlus - http://www.manageengine.com/products/active-directory-audit/
Will.