Windows Services

(imported topic written by hbkrules6991)

We need to do a mass password change of the local administrator account on all servers. Before we do so, we need to find out if there are any servers that have services that startup using this local admin account. Is there an analysis to look for this type of thing?

Thanks

(imported comment written by BenKus)

Try making a property with this:

(display name of it, state of it, login account of it) of services whose (login account of it as lowercase contains “administrator”)

You might want to make this evaluate only once every 4 hours or so because sometimes iterating over all services is slightly slower (although it should take less than a second so it isn’t a huge deal)…

Ben

(imported comment written by hbkrules6991)

Thanks Ben…one more quick one we are using this to determine which servers have administrator in the local admin group. We actually rename our administrator account, so we want this to come back on every machine as False. The problem is we have a domain group called Server Administrators on some servers, which then makes this statement a false positive. I simply want to know if there is a local account called administrator and is it in the Administrators group. I have tried replacing “contains” with “=” and “is” but both come back as false.

exists member whose (it as string as lowercase contains “administrator”) of local group “Administrators”

Thanks…

(imported comment written by BenKus)

But isn’t it supposed to return false according to what you meant? Doesn’t the computer not have an administrator user?

Ben

(imported comment written by hbkrules6991)

It does but we rename the administrator username to localadmin. On some servers , depending on who set it up, we have both usernames: localadmin and administrator, and this administrator account has a very weak password which is allowing viruses to crack it.

This relevance i am using is picking up Domain Groups which have the word administrator in them i.e Domain\Server Administrators. I believe it is because we have the word “contains” in the relevance. I would like to know whether or not the administrators group has a local account called “administrator” in it.

(imported comment written by BenKus)

Maybe try one of these:

q: exists member whose (it as string as lowercase contains “\administrator”) of local group "Administrators"
A: True

q: exists member whose (following text of last “” of (it as string as lowercase) = “administrator”) of local group "Administrators"
A: True

Ben