find service account on remote hosts

0

Could you please advise how to find all servers where a specific service account is being used to start Windows services?

I am trying this in PowerShell with these code:

Clear-Host
$address = Get-Content '.\asg connections.csv'
$serviceName = "startname='NT AUTHORITY\\LocalService'"
gwmi Win32_Service -Filter $serviceName -Computer $address

Above piece of code works for "localhost", but gives below error for the remote hosts:

gwmi : Access is denied. (Exception from HRESULT: 0x80070005 
(E_ACCESSDENIED))
At F:\Temp\powershell\play.ps1:30 char:1
+ gwmi win32_service -filter $serviceName -computer $address
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

screenshot

powershell
asked on Stack Overflow Oct 4, 2018 by jhd235 • edited Oct 4, 2018 by Ansgar Wiechers

1 Answer

-1

When you use PowerShell remoting you implicitly trying to use the credentials your current Windows session is logged into your machine with on the target machines.

It looks like you do not have any rights with your current set of credentials on those machines.

Are the target machines joined into the same domain as your current user credentials?
If you have a set of working credentials you can log onto those machines with, you can add it in your command with:

Clear-Host
#Promts you for the username and password you wish to save to a credential object
$Cred = Get-Credential
$address = Get-Content '.\asg connections.csv'
$serviceName = "startname='NT AUTHORITY\\LocalService'"
gwmi Win32_Service -Filter $serviceName -Computer $address -Credential $Cred

If the script needs to run automated there are a few different ways to save credential passwords either into an encrypted textfile that can only be decrypted by the user account that encrypted it, or using the build in Windows Credential Vault.


User contributions licensed under CC BY-SA 3.0