If you’ve been in IT long enough, chances are that you’ve had to deal with disabling an account or changing a password without knowing if it's running a service somewhere.
I’ve always struggled with this, and have employed a few different methods:
- Buy lunch for a few of your admin friends and have them help you check all of the critical servers and services before making the change.
- Turn it off and pray see what happens
Both of these options stink.
I’ve spent quite a bit of time on the Google and Bing machines looking for someone who had a simpler and cleaner solution to this problem to no avail.
Given that I've caused dealt with this at multiple jobs, it's surprising that no one else admitted guilt has posted a solution to this problem.
So here it is (source and an executable version below)….
cls ##clear the screen Write-Host "Starting Service Credential Check..." $GetDesktopPath = [Environment]::GetFolderPath("Desktop") ## get the path to save the files Write-Host "Saving files to " $GetDesktopPath "..." $name = Read-Host -prompt 'Run for domain (blank = current domain)...' $myDomain = if ($name -eq ""){((Get-WmiObject Win32_ComputerSystem).Domain)} elseif ($name -eq $null){((Get-WmiObject Win32_ComputerSystem).Domain)} else {$name} $ldapaddress = "LDAP://" + $myDomain $ADSearch = New-Object System.DirectoryServices.DirectorySearcher $ADSearch.SearchRoot = $ldapaddress.ToString() $ADSearch.SearchScope = "Subtree" $ADSearch.PageSize = 8000 $ADSearch.Filter = "(objectCategory=Computer)" $colResults = $ADSearch.FindAll() $computers = $colResults.GetDirectoryEntry() $servers = $computers | Where-Object {$_.operatingSystem -Like "*Server*"} #| select -last 50 $servers2 = $servers.dNSHostName | where { Test-Connection -ComputerName $_ -Count 1 -Quiet } $services = gwmi win32_service -computer $servers2 | select SystemName,DisplayName,StartName,State,StartMode | Sort-Object StartName,SystemName,DisplayName $services | ConvertTo-HTML -Property SystemName,DisplayName,StartName,State,StartMode,InstallDate > ([Environment]::GetFolderPath("Desktop")+"\all_services.html") $services | Where-Object {$_.StartName -NotLike "*NT Authority*" -and $_.StartName -NotLike "*NT Service*" -and $_.StartName -NotLike "*locals*"} | ConvertTo-HTML -Property SystemName,DisplayName,StartName,State,StartMode,InstallDate > ([Environment]::GetFolderPath("Desktop")+"\nonsystem_services.xls") Write-Host "The files have been saved..." Write-Host "Exiting..."
Source Code and Executable http://jargonbin.com/downloads/ScanServiceCreds.zip
Facebook Social Comments