Find all accounts used for service logon
Rédigé par Sozezzo - - Aucun commentaireThis PowerShell script generates an html report listing all accounts used as logon account by services on servers in an Active Directory domain.
The script has filters to ignore accounts : NT Service, NT AUTHORITY and LocalSystem
Apply filter by servers and services
$FilterServerLike = "*" ## Select all servers $FilterServiceLike = "*" ## Select all services
Ignore accounts
$IgnoreAccount_NT_Service = 1 ## NT Service $IgnoreAccount_NT_AUTHORITY = 1 ## NT AUTHORITY $IgnoreAccount_LocalSystem = 1 ## LocalSystem
Powershell script to find servers and services
<#
report-service-server.ps1
Reads service configuration from all Windows servers in the current domain
and generates report listing all service logon account.
Version history:
08.08.2020 First release
#Reference : https://gallery.technet.microsoft.com/scriptcenter/PowerShell-script-to-find-6fc15ecb
* Use Job and missing nice features
#>
Clear
## Begin Configuration ##
$FilterServerLike = "*" ## Filter server
$FilterServiceLike = "*" ## Filter service
## Search for all server and all services ##
#$FilterServerLike = "**" ## Search all server : "*"
#$FilterServiceLike = "*" ## Search all service
## Search for all server *sql* and all services mssql* ##
#$FilterServerLike = "*sql*" ## Search all server with name *SQL*
#$FilterServiceLike = "MSSQL*" ## Search service MSSQL*
$IgnoreAccount_NT_Service = 1 ## NT Service
$IgnoreAccount_NT_AUTHORITY = 1 ## NT AUTHORITY
$IgnoreAccount_LocalSystem = 1 ## LocalSystem
$ListServer = 1 ## Create table -- Server | #Services | Access status
$reportFile = "$env:TEMP\report_service_server.html"
## End Configuration ##
## Global variables ##
$ErrorActionPreference = "Stop"
$currentDomain = $env:USERDOMAIN.ToUpper()
$ServiceList = @{}
$ServerList = @{}
[string[]]$warnings = @()
function get-server-info()
{
param( $hostname )
if ( Test-Connection -ComputerName $hostname -Count 3 -Quiet ){
try {
# retrieve service list form a remove machine
$serviceList = @( gwmi -Class Win32_Service -ComputerName $hostname -Property Name,StartName,SystemName -ErrorAction Stop )
##$serviceList
##############################
# reads service list
if ( $serviceList.GetType() -eq [Object[]] ){
try
{
$serviceList = $serviceList | ? { $_.StartName.toUpper() }
if ($serviceList.Count -ge 1)
{
$arrID = $script:ServerList.Count+1
$ItemInfo = $hostname, $($serviceList.Count), ""
$script:ServerList.Add( $arrID, @( $ItemInfo ) )
} else
{
$arrID = $script:ServerList.Count+1
$ItemInfo = $hostname, "", "no services"
$script:ServerList.Add( $arrID, @( $ItemInfo ) )
}
#Apply Filter
if ($IgnoreAccount_NT_Service -eq 1) { $serviceList = $serviceList | Where-Object {$_.StartName -notlike "NT Service*" } | ? { $_.StartName } }
if ($IgnoreAccount_NT_AUTHORITY -eq 1) { $serviceList = $serviceList | Where-Object {$_.StartName -notlike "NT AUTHORITY*" } | ? { $_.StartName } }
if ($IgnoreAccount_LocalSystem -eq 1) { $serviceList = $serviceList | Where-Object {$_.StartName -notlike "LocalSystem" } | ? { $_.StartName } }
if ($FilterServiceLike -ne "*") { $serviceList = $serviceList | Where-Object {$_.Name -like $FilterServiceLike } }
foreach( $service in $serviceList ){
$arrID = $script:ServiceList.Count+1
$ItemInfo = $service.StartName, $($service.Name), $($service.SystemName)
$script:ServiceList.Add( $arrID, @( $ItemInfo ) )
}
}
catch {}
}
elseif ( $data.GetType() -eq [String] )
{
$script:warnings += "Fail to read service info"
}
}
catch
{
$global:warnings += @("$hostname | Failed to retrieve data $($_.toString())")
$arrID = $script:ServerList.Count+1
$ItemInfo = $hostname, "", "Failed"
$script:ServerList.Add( $arrID, @( $ItemInfo ) )
}
}
else
{
$global:warnings += @("$hostname | unreachable")
$arrID = $script:ServerList.Count+1
$ItemInfo = $hostname, "", "Unreachable"
$script:ServerList.Add( $arrID, @( $ItemInfo ) )
}
}
################# MAIN #################
## Add-WindowsFeature RSAT-AD-PowerShell
Import-Module ActiveDirectory
# read computer accounts from current domain
Write-Progress -Activity "Retrieving server list from ActiveDirectory" -Status "Processing..." -PercentComplete 0
$serverServiceList = Get-ADComputer -Filter {OperatingSystem -like "Windows Server*"} -Properties DNSHostName, cn | Where-Object {$_.Name -like $FilterServerLike } | ? { $_.enabled }
$count_servers = 0
foreach( $server in $serverServiceList ){
$dnshostname = $server.dnshostname
$dnshostname
++$count_servers
Write-Progress -Activity "Retrieving data from server $dnshostname ( $count_servers / $($serverServiceList.Count) ) " -Status "Processing..." -PercentComplete ( $count_servers * 100 / $serverServiceList.Count )
get-server-info $server.dnshostname
}
# prepare data table for report
Write-Progress -Activity "Generating report" -Status "Please wait..." -PercentComplete 0
$ServiceTable = @()
foreach( $value in $serviceList.Values )
{
$row = new-object psobject
Add-Member -InputObject $row -MemberType NoteProperty -Name "Account" -Value $(($value)[0])
Add-Member -InputObject $row -MemberType NoteProperty -Name "Service" -Value $(($value)[1])
Add-Member -InputObject $row -MemberType NoteProperty -Name "Server" -Value $(($value)[2])
$ServiceTable += $row
}
$ServerTable = @()
foreach( $value in $ServerList.Values )
{
$row = new-object psobject
Add-Member -InputObject $row -MemberType NoteProperty -Name "Server" -Value $(($value)[0])
Add-Member -InputObject $row -MemberType NoteProperty -Name "Services" -Value $(($value)[1])
Add-Member -InputObject $row -MemberType NoteProperty -Name "Status" -Value $(($value)[2])
$ServerTable += $row
}
#################
# create report
$datenow = Get-Date -format "yyyy-MMM-dd HH:mm"
$report = "
<!DOCTYPE html>
<html>
<head>
<style>
TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;white-space:nowrap;}
TH{border-width: 1px;padding: 4px;border-style: solid;border-color: black}
TD{border-width: 1px;padding: 2px 10px;border-style: solid;border-color: black}
</style>
</head>
<body>
<H1>Service & Server report for $currentDomain domain</H1>
<H3>Server Filter : $FilterServerLike</br>
Service Filter : $FilterServiceLike</br>
Login : $env:UserDomain$env:UserName</br>
Date : $datenow
</H3>
<H2>Discovered service accounts</H2>
$( $ServiceTable | Sort Account | ConvertTo-Html Account, Service, Server -Fragment )
Discovered $($ServiceTable.count) services.
</br>
<H2>Discovered servers</H2>
$( $ServerTable | Sort Status, Server | ConvertTo-Html Server, Services, Status -Fragment )
$($serverList.count) servers processed.
</br>
<H2>Warning messages</H2>
$( $warnings | % { "<p>$_</p>" } )
</body>
</html>"
Write-Progress -Activity "Generating report" -Status "Please wait..." -Completed
$report | Set-Content $reportFile -Force
Invoke-Expression $reportFile
Sources :
https://gallery.technet.microsoft.com/scriptcenter/PowerShell-script-to-find-6fc15ecb