Problem solve Get help with specific problems with your technologies, process and projects.

Find services using non-system accounts on multiple machines

It can be a security hazard to run a service in different user contexts other than their out-of-the-box defaults. Find out about a script that searches one or more computers and examines the contexts of the services running on them.

I've written before about how some administrators choose to run services in different user contexts other than their out-of-the-box defaults. Sometimes they do this to ensure that a given service runs in a user context with lower-than-normal privileges for the sake of security. Or sometimes they do this to make sure that the service runs properly no matter what -- by granting it elevated privileges. This includes running services as administrator.

It's a bad idea to run a service in the administrator context. Aside from it being a security hazard (what if someone manages to execute a buffer-overflow attack, for instance, within one of those services?), it's also troublesome if you have to change admin passwords, since you then have to re-initialize the password for all of the services that run as that user. I encountered this firsthand when I tried running SQL Server in another user context. It worked fine until I did my periodic admin password rotation for the computer and couldn't figure out why SQL Server Agent wouldn't run anymore!

Programmer Michael B. Smith has apparently run into this issue as well, and he did something about it. To help prevent problems cropping up due to services being run in anything but the default context, he created a VBScript that searches one or more computers and examines the contexts of the services running on them. If there are any services running under the administrator account, they'll be reported back; if there are services not running under any of the usual default accounts (such as "LocalService" or "LocalSystem"), they'll be described as well.

The script uses an input text file with the NetBIOS name or IP address for each computer to scan on a separate line. Note that each computer must be accessible by RPC in order to be scanned. If you want to simply scan the local computer, just use "localhost" or "127.0.0.1" as the machine name.

About the Author:  Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators.

More information from SearchWinSystems.com


Dig Deeper on Windows Server storage management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchSQLServer

SearchEnterpriseDesktop

SearchVirtualDesktop

Close