Hey All - I’m trying to put together a query to return the accounts being used to run services on windows servers. The current inspectors for services only return name, display name, and state. I was curious if anything existed to find the account running the service itself.
Most likely I’ll have to query WMI directly. Can power shell be leveraged to output a result directly with relevance (as opposed to piping results to a text file and reading the file periodically?
Also for a point of reference when you run into this I like to use two separate items to help out in searching for the appropriate properties of an inspector:
Item 1 - Introspection - within QNA you can find out what properties can be called from a type.
q: properties of type "service"
A: service name of : string
A: display name of : string
A: state of : string
A: can interact with desktop of : boolean
A: win32 exit code of : integer
A: service specific exit code of : integer
A: checkpoint of : integer
A: login account of : string
A: start type of : string
A: image path of : string
A: file of : file
A: version of : version
A: win32 type of : boolean
A: driver type of : boolean
A: running of : boolean
A: pid of : integer
A: security descriptor of : security descriptor
//I ran this on
q: version of client
A: 9.1.1117.0
Item 2 - Inspector Search - I also have really gotten excited about the new Developer.bigfix.com
Check out this inspector search… link.