Dean Wells, of MSEtechnology provides us with svccontext.bat, a script to query all services on all servers in your domain, and report those services that match, or partially match, a specified user context.
NOTE: svccontext.bat uses SC.EXE, either built-in to the OS you run the script from, or available from the resource kit.
NOTE: svccontext.bat uses LDIFDE.EXE, available from your server.
NOTE: Find.exe, SC.EXE, and LDIFDE.EXE must be in the System path.
The syntax for using svccontext.bat is:
SVCcontext FQDN UserName
where:
FQDN is the DNS domain name, like JSIINC.COM or Microsoft.COM.
UserName is the name or partial name of the service context you are querying, like Administrator, System, JSIINC\Service, or MICROSOFT\Admin.
When I typed:
svccontext JSIINC.COM System
I received the following display:
SVCcontext log, "D:\TEMP\SVCcontext.log" - * created by "Jerry" at " 9:18:45.93" on "09/12/2002" * servers in domain "jsiinc.com" queried * queried for match or partial match on "system"The D:\TEMP\SVCcontext.log file began with:
BEGIN LOG + SERVICE AppMgmt on SERVER jsi001.JSIINC.COM runs in the context of LocalSystem + SERVICE AudioSrv on SERVER jsi001.JSIINC.COM runs in the context of LocalSystem + SERVICE BITS on SERVER jsi001.JSIINC.COM runs in the context of LocalSystemsvccontext.bat contains:
:: SVCcontent - Queries all services on all servers within a domain for a specified security context :: Dean Wells - MSEtechnology - Sept. 2002 @echo off setlocal ENABLEDELAYEDEXPANSION :: Begin script body echo. :: Define initial environment set fqdn=%1 set dn=dc=%fqdn:.=,dc=% set principal=%2 set scriptname=SVCcontext set log=%TEMP%\%scriptname%.log set stdout=nul set stderr=nul set found=0 :: Determine if supplied arguments were sufficient if "%2""" ( echo ERROR - Insufficient arguments, "%*" goto :SYNTAX ) :: Define extreme query buffer to cope with unfamiliar environment set bufsize=50000 :: Locate critical executables for %%e in (find.exe sc.exe ldifde.exe) do ( set where="%%~$PATH:e" if "!where!"
"""" ( echo ERROR - Required executable, "%%e", not located within the system path goto :END ) ) :: Cleanup existing temporary/log files and prepare log header del %TEMP%\servers.log 1>%stdout% 2>%stderr% del %log% 1>%stdout% 2>%stderr% echo %scriptname% log, "%log%" - >>%log% echo * created by "%USERNAME%" at "%TIME%" on "%DATE%">>%log% echo * servers in domain "%fqdn%" queried>>%log% echo * queried for match or partial match on "%principal%" >>%log% echo. >>%log% echo BEGIN LOG >>%log% echo. >>%log% :: Determine servers to query ldifde -j %TEMP% -s %fqdn% -d %dn% -r (objectClass=computer) -l dnshostname -f %TEMP%\servers.log 1>%stderr% 2>%stderr% if errorlevel 1 ( echo ERROR - LDAP query failed when enumerating server list goto :SYNTAX ) :: Prepare display echo STATUS - Working ... echo. :: Parse the servers for /f "tokens=2 delims=: " %%h in ('type %TEMP%\servers.log ^| find /i "dnshostname: "') do ( call :GETSVCS %%h ) :: Clean up display and display log if "%found%"=="1" ( echo. >>%log% echo. echo STATUS - Done^^! start "" notepad %log% ) else ( echo STATUS - No services located echo * Queried domain "%fqdn%" echo * Queried for match or partial match on "%principal%" ) echo END LOG >>%log% :: Script body ends goto :END :: Define functions and procedures :GETSVCS for /f "tokens=2 delims=: " %%s in ('sc \\%1 query state^= all bufsize^= %bufsize% ^| find "SERVICE_NAME"') do ( call :QUERYSVCS %1 %%s ) goto :EOF :QUERYSVCS for /f "tokens=2 delims=: " %%p in ('sc \\%1 qc %2 ^| find "SERVICE_START_NAME"') do ( echo %%p | find /i "%principal%" 1>%stderr% 2>%stderr% if not errorlevel 1 ( set found=1 echo + SERVICE %2, SERVER %1, CONTEXT %%p echo + SERVICE %2 on SERVER %1 runs in the context of %%p >>%log% ) ) goto :EOF :SYNTAX echo. echo SYNTAX - %scriptname% \[domain FQDN\] \[username\] echo. echo * \[domain FQDN\] is the DNS domain name to query for servers echo * \[username\] is the name or partial name of the service account echo. echo e.g. - %scriptname% microsoft.com Administrator echo or ... echo e.g. - %scriptname% microsoft.com MICROSOFT\Admin echo. :: End script and perform necessary cleanup :END del %TEMP%\servers.log 1>%stderr% 2>%stderr%