stackoom
  简体   繁体   中英

PowerShell Script to pull servers in AD and then search SERVICES running under the Local Administrator account

 原文  2023-01-24 17:29:34       powershell/ service/ active-directory

Question

New to PowerShell, attempting to cobble scripts together to:

  1. Pull a list of Servers in Active Directory (done).
  2. Query each server for a list of SERVICE accounts running under ADMINISTATOR credentials.

Can anyone guide me...prefer to export out to a CSV file, etc.

THANK YOU!

THIS IS WHAT I HAVE:

Import-Module ActiveDirectory
$Serverlist = Get-ADComputer -Filter 'operatingsystem -like "*server*" -and enabled -eq "true"' `
-Properties Name
Sort-Object -Property Name |
foreach ($Server in $Serverlist) {
$Server
Get-WmiObject Win32-Service | Select DisplayName, StartName | Where-Object {$_.StartName -eq "administrator"}

GETTING THESE ERRORS:

At line:5 char:18
+ foreach ($Server in $Serverlist) {
+                  ~~
Unexpected token 'in' in expression or statement.
At line:5 char:17
+ foreach ($Server in $Serverlist) {
+                 ~
Missing closing ')' in expression.
At line:5 char:32
+ foreach ($Server in $Serverlist) {
+                                ~
Unexpected token ')' in expression or statement.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

1 answers

solution1
 0  2023-01-25 02:43:51

Assuming you have permissions to remotely query those hosts you can try the following:

$computers = (Get-ADComputer -Filter 'operatingsystem -like "*server*" -and enabled -eq "true"').DNSHostName
Get-CimInstance Win32_Service -Filter "StartName LIKE '%Administrator%'" -ComputerName $computers
    | Select-Object DisplayName, StartName, PSComputerName
  • Notes
    1. Get-CimInstance and Get-WmiObject (replaced in this example, since its no longer maintained in new PowerShell versions) can invoke queries in parallel, hence no loop is required.
    2. Both cmdlets allow queries with WQL . Faster filtering this way than with powershell .
    3. Only real reason to use Get-WmiObject instead of Get-CimInstance could be if using DCOM as your remoting protocol. At which point you could use New-CimSessionOption -Protocol DCOM and connect using a CimSession. Functionality for both cmdlets is mostly the same.
    4. You should include PSComputerName in your Select-Object statement to understand from which computer the object is coming from.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Powershell script to find services running on remote servers windows run script with local user account from administrator powershell Running Powershell using administrator and server farm account Powershell Script to reset Local Administrator password Running a PowerShell script as administrator without typing in passwords Having trouble running a powershell script on logon as administrator Running Powershell script in WiX install as an Administrator Running PowerShell script as Administrator all arguments are empty Delete local administrator account with delete() method ADSI with Powershell PowerShell: Create local user account on target machine without beeing administrator
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM