I've written before about how some administrators choose to run services in different user contexts other than their out-of-the-box defaults. Sometimes they do this to ensure that a given service runs in a user context with lower-than-normal privileges for the sake of security. Or sometimes they do this to make sure that the service runs properly no matter what -- by granting it elevated privileges. This includes running services as administrator.
It's a bad idea to run a service in the administrator context. Aside from it being a security hazard (what if someone manages to execute a buffer-overflow attack, for instance, within one of those services?), it's also troublesome if you have to change admin passwords, since you then have to re-initialize the password for all of the services that run as that user. I encountered this firsthand when I tried running SQL Server in another user context. It worked fine until I did my periodic admin password rotation for the computer and couldn't figure out why SQL Server Agent wouldn't run anymore!
Programmer Michael B. Smith has apparently run into this issue as well, and he did something about it. To help prevent problems cropping up due to services being run in anything but the default context, he created a VBScript that searches one or more computers and examines the contexts of the services running on them. If there are any services running under the administrator account, they'll be reported back; if there are services not running under any of the usual default accounts (such as "LocalService" or "LocalSystem"), they'll be described as well.
The script uses an input text file with the NetBIOS name or IP address for each computer to scan on a separate line. Note that each computer must be accessible by RPC in order to be scanned. If you want to simply scan the local computer, just use "localhost" or "127.0.0.1" as the machine name.
About the Author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators.
More information from SearchWinSystems.com
- Tip: Tool encrypts passwords to protect admin privileges
- Topic: Administrative tools
- RSS: Sign up for our RSS feed to receive expert advice every day.