strcomputer
Good evening.
I am trying to determine what - if any - services are running under the
context of the 'Administrator account. I have the following VERY basic
script:
'==================================================================================================
'
' VBScript Source File
'
' NAME: Services-Admin.VBS
' VERSION: 1.0
' COMPANY: outsourceIT
' CREATE DATE : 02/05/2010
' LAST MODIFIED : n/a
'==================================================================================================
' COMMENT: This script will list all Services running under the context of
the Administrator on the local Server
'==================================================================================================
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,authenticationLevel=Pkt}!\\" &
strComputer & "\root\cimv2")
Set colServices = objWMIService.ExecQuery("SELECT * FROM Win32_Service WHERE
StartName = '.\\administrator'",,48)
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTS = objFSO.CreateTextFile("C:\temp\#Services.txt")
objTS.WriteLine "........................................................"
objTS.WriteLine "....................SERVICES RUNNING...................."
objTS.WriteLine "........................................................"
objTS.WriteLine ()
objTS.WriteLine ()
For Each objService in colServices
objTS.WriteLine "Service name: " & objService.Displayname
objTS.WriteLine "Start Mode: " & objService.StartMode
objTS.WriteLine "Service State: " & objService.State
objTS.WriteLine "Credentials: " & objService.StartName
objTS.WriteLine ()
objTS.WriteLine ()
Next
This does not run correctly. What does that mean? It means that the output
file has the top five lines ("Services Running") but nothing underneath it
(no services listed).
If I change the following line:
Set colServices = objWMIService.ExecQuery("SELECT * FROM Win32_Service WHERE
StartName = '.\\administrator'",,48)
to
Set colServices = objWMIService.ExecQuery("SELECT * FROM Win32_Service WHERE
StartName = 'MYDOMAIN\\administrator'",,48)
it is golden. I get the five services listed (with the four lines from the
script) that are using the Administrator account.
However, we have management software on all of the servers in all of the
environments that we manage. I would prefer to have something 'generic'
that will work in all environments.
How do I accomplish this?
Thank you!
Cary
It is not necessary to wait for the username to be populated before logging on. If you create a GPO and place the script in the User Configuration->Windows Settings>Scripts (Logon,Logoff), the username field is guaranteed to be populated.
I've amended my original script to remove the currently logged on user (local or AD) from the Administrators group and add to the Power Users group. I suggest you use a GPO and set restricted groups to control the membership of the Local Administrators group.
Script follows...
Option Explicit
On Error Resume Next
Dim objNetwork, objPUGroup, objADMGroup, objUser
Dim StrComputer, strUser, strDomain
Set objNetwork = WScript.CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
strUser = objNetwork.UserName
strDomain = objNetwork.UserDomain
Set objPUGroup = GetObject("WinNT://" & strComputer & "/Power Users")
Set objADMGroup = GetObject("WinNT://" & strComputer & "/Administrators")
Set objUser = GetObject("WinNT://" & strDomain & "/" & strUser & "")
objADMGroup.Remove(objUser.ADsPath)
objPUGroup.Add(objUser.AdsPath)
WScript.Quit(0)