The 2011 Scripting Games Beginner Event 4: Use PowerShell to Find Accounts Used by Services

2011 Scripting Games badge

Summary: Beginner Event 4 of the 2011 Scripting Games uses Windows PowerShell to find accounts that are used by services.

About this event

Division

Beginner

Date of Event

4/7/2011 12:01 AM

Due Date

4/14/2011 12:01 AM

Event scenario

You are the network administrator for a medium-sized, single-site company. You are responsible for 50 servers that are running a combination of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2. All of the servers have Windows PowerShell 2.0 installed on them, and Windows PowerShell remoting is enabled. A recent security audit discovered a few services that are not configured to use standard service accounts. Instead, some of the services are using custom service accounts with custom permissions. Because your corporate security plan requires that all services use standard service accounts, your boss has tasked you with writing a Windows PowerShell script that reports all services that are using non-standard accounts. A sample output is shown in the following image.

Design points

  • You do not need to worry about the start mode of the service. Even if a service is disabled, if it uses a non-standard service account it should be reported.
  • You do not need to worry about if the service is running, paused, or stopped. If the service uses a non-standard service account, it should be reported.
  • Standard service accounts are:
    • LocalSystem
    • NT Authority\LocalService
    • NT Authority\NetworkService

2011 Scripting Games links

2011 Scripting Games: All Links on One Page

Submit your scripts on PoshCode

Support our Sponsors!

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. Good luck as you compete in this year’s Scripting Games. We wish you well.

Ed Wilson, Microsoft Scripting Guy