Wednesday, December 12, 2007

Script to Audit Service Accounts

Although it is not a good practice to use domain Administrator as a service account, it is still very likely to find such implementations in many organizations. In addition, even if administrator is not used, the same service account can be in use on multiple servers and for multiple services. If there's no document or database available in your environment to keep track of these service accounts, you are in trouble. And if for some reason you need to change the password of these service accounts, you have to know which servers and which services will be affected with the password change.

The script addresses this need. It scans the given list of servers and tries to find a match for the provided keyword in the service accounts. Any matching service and computer name is logged and displayed on the screen. You can use the output file as a reference for updating the passwords. Script does not provide any password change functionality.

Usage:

cscript q_svc.vbs filename keyword

For example:

cscript q_svc.vbs serverlist.txt mydomain\adm

or

cscript q_svc.vbs serverlist.txt svcadmin@mydomain.local


Since the script uses string functions, for example, "mydomain\adm" search will catch both "mydomain\admin" and "mydomain\administrator" accounts if they exist.

You have to be careful and remember that service accounts sometimes are stored in UPN (username@domain) format. If you do a search for "mydomain\adm" only, you will miss the entries like administrator@mydomain.local. On the other hand, a search with the keyword "admin" will catch both type of entries.

To download the script and sample serverlist.txt file, click on "I agree", you will be forwarded to the download site. Modify and populate the serverlist.txt file with your server names, decide on the keyword to search for, then start the script. Test it and if you have any ideas or questions regarding this script, feel free to contact me using the comment link.

Update to the Post:
Somehow, the old free file hosting company decided that these utility scripts cause "abuse/copyright violations" and decided to remove them. Instead of trying to convince them that these scripts belong to me and has nothing to do with abuse, I simply moved them over to another (and better) file hosting service. Sorry for the inconvenience, and thanks for warning me about the dead links.
Another Update to the Post:
Thanks to Mark Vaughn, I realized that the script was not working as intended. I had to change the search logic a little bit. Instead of using queries with "like" on Windows 2003 systems, it checks each service for the given keyword now. I apologize for any inconvenience I might have caused with the previous version.
 
Posted by Ilker Aydin at 11:43 AM
Labels: , , ,
11 comments

Friday, December 7, 2007

Windows Server 2008 RC1 is Available for Download

Check out this link:

http://www.microsoft.com/windowsserver2008/audsel.mspx
Posted by Ilker Aydin at 4:30 PM
Labels: , ,
0 comments
Subscribe to: Posts (Atom)