JSI Tip 5721. Report all services on servers in your domain that match a specified context

Dean Wells, of MSEtechnology provides us with svccontext.bat, a script to query all services on all servers in your domain, and report those services that match, or partially match, a specified user context.

NOTE: svccontext.bat uses SC.EXE, either built-in to the OS you run the script from, or available from the resource kit.

NOTE: svccontext.bat uses LDIFDE.EXE, available from your server.

NOTE: Find.exe, SC.EXE, and LDIFDE.EXE must be in the System path.

The syntax for using svccontext.bat is:

SVCcontext FQDN UserName

where:

FQDN is the DNS domain name, like JSIINC.COM or Microsoft.COM.

UserName is the name or partial name of the service context you are querying, like Administrator, System, JSIINC\Service, or MICROSOFT\Admin.

When I typed:

svccontext JSIINC.COM System

I received the following display:

SVCcontext log, "D:\TEMP\SVCcontext.log" - 
  * created by "Jerry" at " 9:18:45.93" on "09/12/2002"
  * servers in domain "jsiinc.com" queried
  * queried for match or partial match on "system"
The D:\TEMP\SVCcontext.log file began with:
BEGIN LOG 
 
+ SERVICE AppMgmt on SERVER jsi001.JSIINC.COM runs in the context of LocalSystem 
+ SERVICE AudioSrv on SERVER jsi001.JSIINC.COM runs in the context of LocalSystem 
+ SERVICE BITS on SERVER jsi001.JSIINC.COM runs in the context of LocalSystem
svccontext.bat contains:
:: SVCcontent - Queries all services on all servers within a domain for a specified security context
:: Dean Wells - MSEtechnology - Sept. 2002

@echo off
setlocal ENABLEDELAYEDEXPANSION

:: Begin script body
echo.

:: Define initial environment
set fqdn=%1
set dn=dc=%fqdn:.=,dc=%
set principal=%2
set scriptname=SVCcontext
set log=%TEMP%\%scriptname%.log
set stdout=nul
set stderr=nul
set found=0

:: Determine if supplied arguments were sufficient
if "%2"

"" ( echo ERROR - Insufficient arguments, "%*" goto :SYNTAX ) :: Define extreme query buffer to cope with unfamiliar environment set bufsize=50000 :: Locate critical executables for %%e in (find.exe sc.exe ldifde.exe) do ( set where="%%~$PATH:e" if "!where!"

"""" ( echo ERROR - Required executable, "%%e", not located within the system path goto :END ) ) :: Cleanup existing temporary/log files and prepare log header del %TEMP%\servers.log 1>%stdout% 2>%stderr% del %log% 1>%stdout% 2>%stderr% echo %scriptname% log, "%log%" - >>%log% echo * created by "%USERNAME%" at "%TIME%" on "%DATE%">>%log% echo * servers in domain "%fqdn%" queried>>%log% echo * queried for match or partial match on "%principal%" >>%log% echo. >>%log% echo BEGIN LOG >>%log% echo. >>%log% :: Determine servers to query ldifde -j %TEMP% -s %fqdn% -d %dn% -r (objectClass=computer) -l dnshostname -f %TEMP%\servers.log 1>%stderr% 2>%stderr% if errorlevel 1 ( echo ERROR - LDAP query failed when enumerating server list goto :SYNTAX ) :: Prepare display echo STATUS - Working ... echo. :: Parse the servers for /f "tokens=2 delims=: " %%h in ('type %TEMP%\servers.log ^| find /i "dnshostname: "') do ( call :GETSVCS %%h ) :: Clean up display and display log if "%found%"=="1" ( echo. >>%log% echo. echo STATUS - Done^^! start "" notepad %log% ) else ( echo STATUS - No services located echo * Queried domain "%fqdn%" echo * Queried for match or partial match on "%principal%" ) echo END LOG >>%log% :: Script body ends goto :END :: Define functions and procedures :GETSVCS for /f "tokens=2 delims=: " %%s in ('sc \\%1 query state^= all bufsize^= %bufsize% ^| find "SERVICE_NAME"') do ( call :QUERYSVCS %1 %%s ) goto :EOF :QUERYSVCS for /f "tokens=2 delims=: " %%p in ('sc \\%1 qc %2 ^| find "SERVICE_START_NAME"') do ( echo %%p | find /i "%principal%" 1>%stderr% 2>%stderr% if not errorlevel 1 ( set found=1 echo + SERVICE %2, SERVER %1, CONTEXT %%p echo + SERVICE %2 on SERVER %1 runs in the context of %%p >>%log% ) ) goto :EOF :SYNTAX echo. echo SYNTAX - %scriptname% \[domain FQDN\] \[username\] echo. echo * \[domain FQDN\] is the DNS domain name to query for servers echo * \[username\] is the name or partial name of the service account echo. echo e.g. - %scriptname% microsoft.com Administrator echo or ... echo e.g. - %scriptname% microsoft.com MICROSOFT\Admin echo. :: End script and perform necessary cleanup :END del %TEMP%\servers.log 1>%stderr% 2>%stderr%


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish