Enumerating services with PowerShell

cli Faced with the somewhat daunting task of changing all the privileged passwords in the environment, I wanted to make sure that we caught all the service accounts (this time) that are configured to run as the renamed domain admin, or other common account. Running services.msc on each machine one at a time was just too much like actual work, so I started looking at/for a way to script this. Yeah, I’m scripting again. Time to grab your gun and bring in the cat.

Since PowerShell seems to be ‘teh new hawtness’ with Microsoft, and strictly speaking, I am supposed to know at least a little bit about it, I opted to cobble a PS script together that would take a list of servers and enumerate all services on each, listing the “Log on as” setting. Dumping it all into an Excel spreadsheet would let me sort/filter so I could find those services not set for Local System, Local Service, or Network Service. If this sounds useful to you too, read on.

Here we of course need Excel, and PowerShell; we need our execution policy set to “remote-signed,” and all the servers that we are going to query need to be setup to support WMI, because we are going to use WMI to get this information from the servers with the Get-WmiObject command, or gwmi as his friends call him. Create a simple text file, one server name per line, to call from the PS script. In the example below, ours is c:\scratch\services\MachineList.txt. Here, the obj.Item.startname is how we reference the property “Log On As.”

#PowerShell script to query all hosts in a list and create an Excel #spreadsheet that lists the computer, service, state, and logon as. #Assumes you have admin rights to the servers, and that all are configured #for WMI. 2008 servers may require additional configuration. #Change path and filename below as needed for your situation. #Test before you use this in production. #Compliments RetroHack.com-let the tubes become overfull. #invokes Excel $Excel = New-Object -Com Excel.Application $Excel.Visible = $True #creates a new workbook $WorkBook = $Excel.WorkBooks.Add() $WorkSheet = $WorkBook.WorkSheets.Item(1) #sets up the columns $WorkSheet.Cells.Item(1,1) = "Computer Name" $WorkSheet.Cells.Item(1,2) = "Name" $WorkSheet.Cells.Item(1,3) = "State" $WorkSheet.Cells.Item(1,4) = "startname" #makes the header purty $CellRange = $WorkSheet.UsedRange $CellRange.Interior.ColorIndex = 19 $CellRange.Font.ColorIndex = 11 $intRow = 2 #calls the text file of computers...check your path here! $colComputer = Cat C:\scratch\services\MachineList.txt ForEach ($strComputer in $colComputer) {$colComputer = Gwmi Win32_service -Computername $strComputer #populates the spreadsheet ForEach($objItem in $colcomputer){ $Worksheet.Cells.Item($intRow, 1) = $strComputer.ToUpper() $Worksheet.Cells.Item($intRow, 2) = $objItem.Name $Worksheet.Cells.Item($intRow, 3) = $objItem.State $Worksheet.Cells.Item($intRow, 4) = $objItem.startname #purties up the spreadsheet $intRow = $intRow + 1}} $Cellrange.Font.Bold = $True $Cellrange.EntireColumn.AutoFit() Clear #all done, kthxbai!

Take your spreadsheet and sort or filter on it as required. This makes for some nice documentation too if you keep it up to date.

Featured on the soundtrack for Reality Bites, this 1994 tune by Crowded House may not be as well known as “Don’t Dream It’s Over,” but it is just frantic enough to fit the mood when you get cascading failures as the first service you missed locks out the account and then the rest scattered across the infrastructure start to bomb. Enjoy!

Crowded House-Locked Out

Direct link for RSS and email subscribers…http://www.youtube.com/watch?v=Aq645z7qfp8

If you found this post useful, please consider following us on twitter. You’ll be the first to learn about new posts, and, rarely, we’ll share a comedic or witty tweet. Of course, you can also leave a comment below (anonymous allowed) to let us know we hooked you up.

Enumerating services with PowerShell

Popular Posts

You might like

That's how we roll

Archives