IT Bable: Problem with changing network passwords

All of us admins have had this happen to us at least once. We need to change network passwords of system accounts. Either someone in the company has been let go or you are the new IT admin. Well if you don't have enough documentation to know where all the services are that use network accounts or special service accounts this can be problematic. Not to mention it could throw your users in complete chaos and havoc. One thing for sure it is a quick way to get yourself in trouble, make you and your department look bad and maybe even cause a loss of production time. Well now that we know it is bad what are we going to do about it. Well you could log into every server and check each service one by one. Depending on number of services and servers you may loose more than a day of your time to this. And well let's face it if you have to change passwords its better to do this as quickly as possible. What is the answer then?

Powershell!! Yes that is right in one quick line I can determine what accounts are being used for all services on a particular computer. If you are familiar Powershell then I am sure you have dealt with WMI already. Here we will use the
Get-WMIObject Win32_Service
Now all we need to do is add | Select-Object *
For example
Get-WMIObject Win32_Service | Select-Object *

That will give use the following and a lot more. Just take one of the services as an example to see what you need.

PSComputerName : ServerName
Name : SomeService
Status : OK
ExitCode : 0
DesktopInteract : False
ErrorControl : Normal
PathName : "C:\Program Files (x86)\Common
Files\File\Path\SomeService.exe"
ServiceType : Own Process
StartMode : Auto
__GENUS : 2
__CLASS : Win32_Service
__SUPERCLASS : Win32_BaseService
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_Service.Name="SomeService"
__PROPERTY_COUNT : 25
__DERIVATION : {Win32_BaseService, CIM_Service, CIM_LogicalElement,
CIM_ManagedSystemElement}
__SERVER : ServerName
__NAMESPACE : root\cimv2
__PATH : \\ServerName\root\cimv2:Win32_Service.Name="SomSV
ch2Svc"
AcceptPause : False
AcceptStop : True
Caption : SomeService Scheduler2 Service
CheckPoint : 0
CreationClassName : Win32_Service
Description : Provides scheduling for SomeServicecomponents' tasks.
DisplayName : SomeService SomeService2Service
InstallDate :
ProcessId : 2200
ServiceSpecificExitCode : 0
Started : True
<b>StartName : LogonName</b>
State : Running
SystemCreationClassName : Win32_ComputerSystem
SystemName : ServerName
TagId : 0
WaitHint : 0
Scope : System.Management.ManagementScope
Path : \\ServerName\root\cimv2:Win32_Service.Name="SOMSV
ch2Svc"
Options : System.Management.ObjectGetOptions
ClassPath : \\ServerName\root\cimv2:Win32_Service
Properties : {AcceptPause, AcceptStop, Caption, CheckPoint...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :

Here we can see what we need. Name StartName and StartMode Now it looks like
Get-WMIObject win32_service | Select-Object name, startname, startmode If we want to pipe that to a log file we add | Export-CSV C:\filepath\filename.csv Now you might want to check more than one server. Easy enough all you need to do is the following. Create a list of the servers to check in a txt file
$Servers = Get-content c:\filepath\servers.txt
get-wmiobject win32_services | select-object Name, Startname, Startmode | Export-CSV C:\Filepath\FileName.csv

Oh but now that we are checking all servers we need to add one more thing to be able identify what server these services are on. We need to add __SERVER to the select-object parameter. And there you have it a quick way to find the services if. We could also add something to filter out the local and network accounts. Alas I did not go that far.

IT Bable

Wednesday, June 12, 2013

Problem with changing network passwords

No comments:

Post a Comment