Author Posts

November 13, 2013 at 2:31 am

With someone on another forum I created a script to check services on all the servers running under an administrator account.
Also I wanted the script to log every server.
Still something not right with the script. The output is empty. I know a server that is running services with administrator account.
If I put this servername last in the serverlist(allwindows.csv), I do get an output. If I put this servername in de middle or someplace else, no output in serverlist.htm. Seems like only the last server in the list is "scanned", although I see every server in the logfile

$a = "

"

$server = Get-Content C:\Allwindows.csv
foreach($comp in $server)
{
try{
$ErrorActionPreference = "Stop"
$ifeverything_ok = $true
$service = get-wmiobject win32_service -ComputerName $comp -filter "StartName Like '%Administrator%'" |
Select-Object @{Expression={$_.systemName};Label = "Server Name"},@{Expression={$_.DisplayName};Label = "Service Name"} ,
@{Expression={$_.Name};Label = "Service"},
@{Expression= {$_.StartName};Label = "Account"},
State | ConvertTo-HTML -head $a -Body "

Service Accounts Running As Domain Administrator

"
$service | Out-File C:\ServerList.htm
$comp | Out-File C:\Temp\Logs.txt -Append -Encoding ascii

#Invoke-Expression C:\ServerList.htm
}
Catch [system.exception]
{
$ifeverything_ok = $false
$comp | Out-File C:\Temp\Logs.txt -Append -encoding ASCII
Add-Content -Value $_.Exception -Path C:\Temp\Logs.txt
}
}

Could you please help me edit this script.
Thanx

November 13, 2013 at 5:11 am

You're overwriting ServerList.htm every time through the loop with that call to Out-File. What you're probably looking to do is something more like this (moving the calls to ConvertTo-Html and Out-File outside the loop):

$head = @'

'@

$ifeverything_ok = $true

Get-Content C:\Allwindows.csv |
ForEach-Object {
    $comp = $_
    try
    {
        $ErrorActionPreference = "Stop"
        
        $properties = @(
            @{Expression={$_.systemName};Label = "Server Name"},
            @{Expression={$_.DisplayName};Label = "Service Name"},
            @{Expression={$_.Name};Label = "Service"},
            @{Expression= {$_.StartName};Label = "Account"},
            'State'
        )

        Get-WmiObject win32_service -ComputerName $comp -filter "StartName Like '%Administrator%'" |
        Select-Object -Property $Properties
        
        $comp | Out-File C:\Temp\Logs.txt -Append -Encoding ascii

    }
    Catch [system.exception]
    {
        $ifeverything_ok = $false
        $comp | Out-File C:\Temp\Logs.txt -Append -encoding ASCII
        Add-Content -Value $_.Exception -Path C:\Temp\Logs.txt
    }
} |
ConvertTo-Html -Head $head -Body "

Service Accounts Running As Domain Administrator

" | Out-File C:\ServerList.htm Invoke-Expression C:\ServerList.htm

On a side note, this script doesn't actually identify services running as a Domain Admin account (which would imply you should be checking for group membership). It just looks for services running as any account with "Administrator" in the name.

November 13, 2013 at 6:27 am

Thank you, thank you..
I've been troubleshooting this for 3 days with someone on the microsoft TechNet forum, and you fix it in 5 or less minutes..
I notice the Microsoft guy was a beginner, but hey, everybody got to start somewhere. I'm a powershell dummy..

And you're side note is true. The subject of this post should be "Services using Administrator account"
I want to be sure to get every service with any administrator account, domain\administrator or administrator@domain or just administrator.
We our going to changed (domain)administrator passwords
Anyway, thanx again