Contents

Script Dumpster: Find services running under non-standard accounts

Contents

The Problem

Looking for services which are running under NON-standard accounts? Just use this script to display these services.

Very handy in case you need to change passwords for service accounts or want to see what services might be improperly configured [e.g. running under Administrator credentials, or worse, Domain Administrator credentials]

The Script

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
<#
	.NOTES
	===========================================================================
	 Created with: 	SAPIEN Technologies, Inc., PowerShell Studio 2015 v4.2.95
	 Created on:   	11/3/2015 09:53
	 Created by:   	Robert Prüst
	 Organization: 	powershellpr0mpt.com
	 Filename:     	Get-CustomService.ps1
	===========================================================================
#>
<#
	.SYNOPSIS
		Find services which are running under non-standard accounts

	.DESCRIPTION
		Find services through WMI which are running under non-standard accounts, so you know which services to check/change in case of password changes.
		Non-standard accounts include anything starting with 'NT AUTHORITY\' or LocalSystem.

	.PARAMETER ComputerName
		Enter the computername you'd like to query. Default value is 'localhost'

	.EXAMPLE
				PS C:\> Get-CustomServices -ComputerName 'CONTOSO-SRV001'
				Queries CONTOSO-SRV001 for any services running on non-standard accounts

	.NOTES
		Script created to aid with change of domain admin account passwords.
#>
function Get-CustomService
{
	[CmdletBinding()]
	param
	(
		[string]$ComputerName = 'localhost'
	)

	Get-WmiObject -Class Win32_Service -ComputerName $ComputerName | Where-Object { $_.StartName -notlike 'NT AUTHORITY\*' -and $_.StartName -ne 'LocalSystem' } | Select-Object SystemName, Name, State, StartName, StartMode
}