Kaseya Community

Services using Admin authentication

  • We would like to search every server using Administrator account to authenticate services and report these machines so we can change the authentication settings. Is there a way to do this? Our goal is to completely stop using Administrator, and create a user account for services to use. Any help would be appreciated.


    Legacy Forum Name: Services using Admin authentication,
    Legacy Posted By Username: matt.jaramillo
  • Bump. This is a VERY important Script that should be way up there on the list. We need to find this exact same information across about 300 Servers. Anyone have a Solution for this?

  • Copy this code into a .vbs file - create a script that will run it on a machine - upload the services.csv into a variable in kaseya script and then do an if on it to see if Administrator is in it.

    If so then one of the services is using the admin account - you could get fancy and use code to change but I will leave that with you

     

    ' List Service Properties


    Const ForAppending = 8
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objLogFile = objFSO.OpenTextFile("c:\services.csv", _
        ForAppending, True)

    objLogFile.Write _
        ("System Name,Service Name,Service Type,Service State, Exit " _
            & "Code,Process ID,Can Be Paused,Can Be Stopped,Caption," _
            & "Description,Can Interact with Desktop,Display Name,Error " _
            & "Control, Executable Path Name,Service Started," _
            & "Start Mode,Account Name ")
    objLogFile.Writeline

    strComputer = "."
    Set objWMIService = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

    Set colListOfServices = objWMIService.ExecQuery _
            ("Select * from Win32_Service")

    For Each objService in colListOfServices
        objLogFile.Write(objService.SystemName) & ","
        objLogFile.Write(objService.Name) & ","
        objLogFile.Write(objService.ServiceType) & ","
       
        objLogFile.Write(objService.StartName) & ","
        objLogFile.writeline
    Next
    objLogFile.Close

  • http://community.kaseya.com/xsp/f/139/t/11023.aspx

     

    this forum may also help, it has a simaler vbs that would dump a csv file with headers. This one collects all services and all service propertys too.

     

    Edit = sorry I just noticed you are looking for just administrator for the start account correct?



    [edited by: danrche at 3:22 PM (GMT -8) on 1-28-2011] additonal info
  • Is this what you're looking for?

     

    strComputer = "."
    Set objWMIService = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
    Set colServices = objWMIService.ExecQuery _
        ("Select * from Win32_Service")
    For each objService in colServices
        If objService.StartName = ".\netsvc" Then
            errServiceChange = objService.Change _
            ( , , , , , , "NT AUTHORITY\LocalService" , "")  
        End If
    Next
    
    
    
    
    
    
    If you change the (If objService.StartName = ".\netsvc" Then)    to  
     ( If objService.StartName = ".\service you want to change" Then)
    
    
    and (NT AUTHORITY\LocalService) to the start account you want,
     it should do what you're asking if you're looking for specific services.
    
    
    If it has to change all services with Administrator to "who ever" then maybe something like this: 
    'the "sAdmin =" is the account Administrator you're looking for, and 
    the ".\sa.myaccount" is the account you're chaning to. Hope some of this helps. 

    strComputer = "."
    sAdmin = ".\Administrator"
    Set objWMIService = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
    Set colListOfServices = objWMIService.ExecQuery _
            ("Select * from Win32_Service")
    For Each objService in colListOfServices
     If  objService.StartName = sAdmin Then
     errServiceChange = objService.Change (,,,,,, ".\sa.myaccount","")
     End IF
    Next
     


    [edited by: danrche at 3:45 PM (GMT -8) on 1-28-2011] text was cut off
  • yes, thank for the replies. I'm looking at this now. The problem I am having is that if I uplaod the .csv to a variable that creates a problem. Across the board all created .csv files have the same name. If thay all get dumped in the same folder on the Kserver, they will conflict with one another. Also how will the script identify the machine-to-script relationship?

  • quick solution without changing code, file content to script log, but I think that'll get messy.

    I'm heading home for the day, but I'll mix up the script a bit and see if I can come up with something better for ya. I think I can add a @computername into it and maybe just post the services with specific names to something as well.

  • am I correct in assuming that the password for the "chang to" user goes in the "" space as in:

    errServiceChange = objService.Change (,,,,,, ".\sa.myaccount","password")?

  • So, I tried this last one @danrche, and it will work I think. The fact this this whole process of identifying and changing is automated presenta a problem:

    There is no identifier as to which machines the the change took place on so we know which machines we need to bounce the service on to make sure the change took.

    The script will not fail either way so i can't run an "if" against it to send me an email upon need of reboot or service bounce.

    Any ideas there?

  • @Jesse = how about a log of sorts for what's been changed (old name =     new name =    in csv format) , would you like the services to auto bounce? or would you prefer to do that manually? I can add a machine name into it, or maybe name the csv file the computer name something like......   Server1_service_list.csv    If your servers are all named "Server" maybe I can pull the agent id from either the kaseyaD.ini file or the kaesya service it's self.

    I can also build something in to write to event logs if you like. I usually write in "Triggers" into my event logs to pass data results from scripts to tickets from the Machine ID (works well if you're using a PSA b/c it's assigned to the Asset).

    I can also end the script with a service check for if the service is stopped or started logged in the csv file

    Jesse, do you have any suggestions?  What would make your life easier?

  • Well first off, let me say thank you for taking time to help me out.

    I guess what I'm looking for is:

    1. something that will change the user of of all services using admin, to a new defined u/p

    2. Notify me of which servers had the change applied (and the cherry on top would be wich service).

    Now which way i get notified...either bay way of monitoring an event or getting an email or whatever is fine by me.

    We want to manually bounce these services and watch them come back up with thecredentials provided in the script, but we can only do that if we have a list of servers the change was made on.

    Thanks!

  • @Jesse - I have some of it ready, I'm posting below the vbscript for you, but I'm still a little shaky on how to clue you in on what servers had changes. we can do a custom trigger to the event log to create a ticket, maybe put in a regkey = 1 or 0 you could run a check on with kaseya, if you want the csv file emailed to you, smtp will have to be installed or we'll need a server to pass it through(not recommended). Either way the csv files are located in the c:\support folder and will be named after the computer name (to make it easy). so it should look like "server_Service_List.csv"

    I have used smtp to send stuff with a vbscript before, but you have to set the smtp up 1st before you run the script. I think maybe regkey or something so you can run a kscript against it looking for the regkey to see which servers have data changes for you.

     

    I didn't put the results to the event log as they're may be a lot of them, but if you want the results passed into the event logs, you could have tickets created for each server as well as the list of services changed, I can edit out the feilds to include just the service names instead of all the other info. either way this is a good start, and the changes are easy to do :D



    [edited by: danrche at 8:31 AM (GMT -8) on 1-31-2011] added info
  • Set WshShell = WScript.CreateObject("WScript.Shell")
    Const ForAppending = 8
    strComputer = "."
    Set objSysInfo = CreateObject ("WinNTSystemInfo")
    computerName = objSysInfo.ComputerName
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objLogFile = objFSO.OpenTextFile("c:\support\" & computerName & "_Service_List.csv", ForAppending, True)
    objLogFile.Write _
        ("System Name,Service Name,Service Type,Service State, Exit " _
            & "Code,Process ID,Can Be Paused,Can Be Stopped,Caption," _
            & "Description,Can Interact with Desktop,Display Name,Error " _
            & "Control, Executable Path Name,Service Started," _
            & "Start Mode,Account Name ")
    objLogFile.Writeline
    Set objWMIService = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
    Set colListOfServices = objWMIService.ExecQuery _
            ("Select * from Win32_Service")
    sAdmin = ".\Administrator"
    For Each objService in colListOfServices
    IF objService.StartName = sAdmin Then
        objLogFile.Write(objService.SystemName) & ","
        objLogFile.Write(objService.Name) & ","
        objLogFile.Write(objService.ServiceType) & ","
        objLogFile.Write(objService.State) & ","
        objLogFile.Write(objService.ExitCode) & ","
        objLogFile.Write(objService.ProcessID) & ","
        objLogFile.Write(objService.AcceptPause) & ","
        objLogFile.Write(objService.AcceptStop) & ","
        objLogFile.Write(objService.Caption) & ","
        objLogFile.Write(objService.Description) & ","
        objLogFile.Write(objService.DesktopInteract) & ","
        objLogFile.Write(objService.DisplayName) & ","
        objLogFile.Write(objService.ErrorControl) & ","
        objLogFile.Write(objService.PathName) & ","
        objLogFile.Write(objService.Started) & ","
        objLogFile.Write(objService.StartMode) & ","
        objLogFile.Write(objService.StartName) & ","
        objLogFile.writeline
        errServiceChange = objService.Change (,,,,,, ".\sa.my account", "" )
        WshShell.RegWrite "HKLM\******", 1, "REG_DWORD"
    End If
    Next
    objLogFile.Close

     

     

    Make sure you edit the "sa.my account" and also "HKLM\****" I asume you'll want to create

    your own Key for reg, if not take that out and add this for event log:

     

    WshShell.LogEvent 4 , "name of event log trigger"

    ' 0 = success, 1 error, 2 warning, 4 info, 8 autit success, 16 audit failure

     

    also, to add the list of services as an event log:

    WshShell.LogEvent 4, objService.StartName



    [edited by: danrche at 8:35 AM (GMT -8) on 1-31-2011] added functionality
  • Thanks a bunch. I'll give this a go first thing. I'll get back when I've tested it.

    do I enter the PW for the user I'm changing the to in the "" part?

    e.g. errServiceChange = objService.Change (,,,,,, ".\sa.my account", "password" )

  • yes, you've got it !!!

    Also, check your sa.my account on another machine to see how it's written out, for instance .\sa.myAcct is local machine, DOMAIN\sa.myAcct is domain account, Don't break your services if it's going to be domain accounts, then we'll have to add something to determine the domain of each box too. but if it's all local accounts to the box, then you're set.