Identifying Service Accounts

[itreman]

As part of our annual E&Y audit, we have been told to make changes to
the accounts that are service accounts (i.e. change their AD name,
password, delete them, create new ones, etc). Well, easy for them to
say! I first need to identify all the service accounts on all of our
servers. How do I do that? The ADMT tool assumes NT to 2K. I tried to
use it from domain A to domain A, but it doesn't like that. There's got
to be another tool that isn't tied to migrations that will work for
this purpose. Any ideas would be greatly appreciated. Thanks!

 

[Roger Abell [MVP]]

the core logic in VBscript/WMI would run

loop on each sHostName
Set oSvcs = _
GetObject("winmgmts:{impersonationLevel=impersonate}!//" &
sHostName).InstancesOf("Win32_Service")
' error check / handle
For Each oSvc In oSvcs
sSvcName = oSvc.Name
sSvcAccount = oSvc.StartName
' test: has this service account been seen before - record new if not
Next
end host loop

 

[itreman]

so, do i just run that script on each of my machines? i'm not familiar
with vbscript, so additional details would be helpful. thanks.

 

[itreman]

actually, i tried running it for the heck of it and it is saying "loop
without do." any ideas?

 

[Roger Abell [MVP]]

It is just the pseudo-code with actual code lines for getting
access to the values you are after.

You may be able to find a complete code at the Scriptcenter,
or C Washington's, etc..

Basically its intent was that it gets fed the hosts you are wanting
to examine, and, running as a domain account with access on
the remote machines, it would examine all services running on
all of those machines.

For just the local machine it would be like

sHostName = "."
' for a remote domain machine a NetBios name would work
Set oSvcs = _
GetObject("winmgmts:{impersonationLevel=impersonate}!//" & _
sHostName).InstancesOf("Win32_Service")
' error check / handle
wscript.echo "services on host : " & sHostName
For Each oSvc In oSvcs
sSvcName = oSvc.Name
sSvcAccount = oSvc.StartName
wscript.echo VbTab & sSvcName & VbTab & sSvcAccount
Next


Save the above as something.vbs and the use cmd to run
cscript something.vbs

If you want, then replace the . dot in
sHostName = "."
with the name of another host.
(note: this assumes that remote management RPC is allowed from
the machine where executed by the machine named in sHostName)

 

[itreman]

worked like a charm. thanks!!

 

[Mike Matheny]

That just lists the services - I believe he wanted the accounts that have
log on as a service set, so he could see what accounts were being used as
service accounts.

 

[itreman]

yes, that is correct. that is exactly what i want. where can i get
that? thanks.