Dean Wells, of MSEtechnology provides us with
svccontext.bat, a script to
query all services on all servers in your domain, and report those services that match, or partially match, a specified
user context.
NOTE: svccontext.bat uses SC.EXE, either built-in to the OS
you run the script from, or available
from the resource kit.
NOTE: svccontext.bat uses LDIFDE.EXE, available from your server.
NOTE: Find.exe, SC.EXE, and LDIFDE.EXE must be in the System path.
The syntax for using svccontext.bat is:
SVCcontext FQDN UserName
where:
FQDN is the DNS domain name, like JSIINC.COM or Microsoft.COM.
UserName is the name or partial name of the service context you are querying, like Administrator,
System, JSIINC\Service, or MICROSOFT\Admin.
When I typed:
svccontext JSIINC.COM System
I received the following display:
SVCcontext log, "D:\TEMP\SVCcontext.log" -
* created by "Jerry" at " 9:18:45.93" on "09/12/2002"
* servers in domain "jsiinc.com" queried
* queried for match or partial match on "system"
The
D:\TEMP\SVCcontext.log file began
with:
BEGIN LOG
+ SERVICE AppMgmt on SERVER jsi001.JSIINC.COM runs in the context of LocalSystem
+ SERVICE AudioSrv on SERVER jsi001.JSIINC.COM runs in the context of LocalSystem
+ SERVICE BITS on SERVER jsi001.JSIINC.COM runs in the context of LocalSystem
svccontext.bat
contains:
:: SVCcontent - Queries all services on all servers within a domain for a specified security context
:: Dean Wells - MSEtechnology - Sept. 2002
@echo off
setlocal ENABLEDELAYEDEXPANSION
:: Begin script body
echo.
:: Define initial environment
set fqdn=%1
set dn=dc=%fqdn:.=,dc=%
set principal=%2
set scriptname=SVCcontext
set log=%TEMP%\%scriptname%.log
set stdout=nul
set stderr=nul
set found=0
:: Determine if supplied arguments were sufficient
if "%2""""" (
echo ERROR - Required executable, "%%e", not located within the system path
goto :END
)
)
:: Cleanup existing temporary/log files and prepare log header
del %TEMP%\servers.log 1>%stdout% 2>%stderr%
del %log% 1>%stdout% 2>%stderr%
echo %scriptname% log, "%log%" - >>%log%
echo * created by "%USERNAME%" at "%TIME%" on "%DATE%">>%log%
echo * servers in domain "%fqdn%" queried>>%log%
echo * queried for match or partial match on "%principal%" >>%log%
echo. >>%log%
echo BEGIN LOG >>%log%
echo. >>%log%
:: Determine servers to query
ldifde -j %TEMP% -s %fqdn% -d %dn% -r (objectClass=computer) -l dnshostname -f %TEMP%\servers.log 1>%stderr% 2>%stderr%
if errorlevel 1 (
echo ERROR - LDAP query failed when enumerating server list
goto :SYNTAX
)
:: Prepare display
echo STATUS - Working ...
echo.
:: Parse the servers
for /f "tokens=2 delims=: " %%h in ('type %TEMP%\servers.log ^| find /i "dnshostname: "') do (
call :GETSVCS %%h
)
:: Clean up display and display log
if "%found%"=="1" (
echo. >>%log%
echo.
echo STATUS - Done^^!
start "" notepad %log%
) else (
echo STATUS - No services located
echo * Queried domain "%fqdn%"
echo * Queried for match or partial match on "%principal%"
)
echo END LOG >>%log%
:: Script body ends
goto :END
:: Define functions and procedures
:GETSVCS
for /f "tokens=2 delims=: " %%s in ('sc \\%1 query state^= all bufsize^= %bufsize% ^| find "SERVICE_NAME"') do (
call :QUERYSVCS %1 %%s
)
goto :EOF
:QUERYSVCS
for /f "tokens=2 delims=: " %%p in ('sc \\%1 qc %2 ^| find "SERVICE_START_NAME"') do (
echo %%p | find /i "%principal%" 1>%stderr% 2>%stderr%
if not errorlevel 1 (
set found=1
echo + SERVICE %2, SERVER %1, CONTEXT %%p
echo + SERVICE %2 on SERVER %1 runs in the context of %%p >>%log%
)
)
goto :EOF
:SYNTAX
echo.
echo SYNTAX - %scriptname% [domain FQDN] [username]
echo.
echo * [domain FQDN] is the DNS domain name to query for servers
echo * [username] is the name or partial name of the service account
echo.
echo e.g. - %scriptname% microsoft.com Administrator
echo or ...
echo e.g. - %scriptname% microsoft.com MICROSOFT\Admin
echo.
:: End script and perform necessary cleanup
:END
del %TEMP%\servers.log 1>%stderr% 2>%stderr%