find service account on remote hosts

0
votes

Could you please advise how to find all servers where a specific service account is being used to start Windows services?

I am trying this in PowerShell with these code:

Clear-Host
$address = Get-Content '.\asg connections.csv'
$serviceName = "startname='NT AUTHORITY\\LocalService'"
gwmi Win32_Service -Filter $serviceName -Computer $address

Above piece of code works for "localhost", but gives below error for the remote hosts:

gwmi : Access is denied. (Exception from HRESULT: 0x80070005 
(E_ACCESSDENIED))
At F:\Temp\powershell\play.ps1:30 char:1
+ gwmi win32_service -filter $serviceName -computer $address
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

screenshot

1
powershell
The user account you're running the script with has no rights to logon (network logon) on the target system. Do you use your script in a domain or a workgroup environment?TobyU
have you tried with and enterprise admin ? He/She should be able to do that.Ranadip Dutta
@TobyU Thanks for the note, I am using script in a domain, it is AD privileged account, which has admin rights on these remote machines.Yermek DevOps
@RanadipDutta thanks for note. I think enterprise admin is overkill, because I am using AD account, which has admin rights on those remote hostsYermek DevOps

1 Answers

0
votes

When you use PowerShell remoting you implicitly trying to use the credentials your current Windows session is logged into your machine with on the target machines.

It looks like you do not have any rights with your current set of credentials on those machines.

Are the target machines joined into the same domain as your current user credentials?
If you have a set of working credentials you can log onto those machines with, you can add it in your command with:

Clear-Host
#Promts you for the username and password you wish to save to a credential object
$Cred = Get-Credential
$address = Get-Content '.\asg connections.csv'
$serviceName = "startname='NT AUTHORITY\\LocalService'"
gwmi Win32_Service -Filter $serviceName -Computer $address -Credential $Cred

If the script needs to run automated there are a few different ways to save credential passwords either into an encrypted textfile that can only be decrypted by the user account that encrypted it, or using the build in Windows Credential Vault.