Beat the auditors, be one step ahead with PowerShell!
Summary: Microsoft PFE, Georges Maheu, opens his security assessment toolbox to discuss a Windows PowerShell script he uses to look at Windows services. This script will make an inventory of all services running on your computers and will identify which ones are using non standard service accounts. The inventory is presented in an Excel spreadsheet.
The first step is to generate a list of targeted computers. This can be accomplished with this command:
([adsisearcher]"objectCategory=computer").findall() |
foreach-object {($_.properties).cn} |
out-file -Encoding ascii -FilePath computerList.txt
([adsisearcher]"objectCategory=computer").findall() | foreach-object {($_.properties).cn} | out-file -Encoding ascii -FilePath computerList.txt
&".\1 - Get-Services - Simple Version 1.0.ps1"
&".\1 - Get-Services - Simple Version 1.0.ps1"
The third step is to read the “Hey Scripting Guy” blog series and discover how to document service accounts with PowerShell, Excel Office Automation and WMI. The blog series discusses how the original script can be optimized to go from documenting 50 computers in 90 minutes down to 42 seconds.
Blog articles: