Hack 36 Manage Services on Remote Machines
Here are three handy scripts for managing network services that run on remote machines.
While the Services node in Computer Management can be used to manage services on remote machines, using a script is easier if you have many systems to manage. This hack offers three VB scripts you can use to display the services that run on a remote computer, change the start mode for a service, and change the password for the account used by a service. Enjoy!
Getting Remote Computer Service Information
If you want to check services on a remote computer, VBScript can help. Using the WMI repository and ADSI, you can easily retrieve information on stopped or started services.
The script prompts for the NetBIOS name of the remote computer. Alternatively, you can get the service information for the local computer by typing in the local name as localhost. The script responds by displaying complete information for the services that are registered on the specified computer.
The code
Type the following script into Notepad (with Word Wrap disabled) and save it with a .vbs extension:
ComputerName = InputBox("Enter the name of the computer for which you " & _
"want service information")
winmgmt1 = "winmgmts:{impersonationLevel=impersonate}!//"& ComputerName &""
Set ServSet = GetObject( winmgmt1 ).InstancesOf ("Win32_service")
for each Serv in ServSet
GetObject("winmgmts:").InstancesOf ("win32_service")
WScript.Echo ""
WScript.Echo Serv.Description
WScript.Echo " Executable: ", Serv.PathName
WScript.Echo " Status: ", Serv.Status
WScript.Echo " State: ", Serv.State
WScript.Echo " Start Mode: ", Serv.StartMode
Wscript.Echo " Start Name: ", Serv.StartName
next
Running the hack
To run the script, open a command prompt, switch to the directory where the script is located, and type the following:
cscript.exe GetRemoteServices.vbs > services.txt
The reason for redirecting output to a text file is because the script generates a lot of output. A dialog box appears (see Figure 4-1), requesting the name of the remote machine. The machine name can be a FQDN, NetBIOS name, or IP address, as desired.
Figure 4-1. Getting information about services running on a remote machine
Here's a sample of what the output of the script might look like if the target machine is running Windows Server 2003:
Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start. Executable: C:\WINDOWS\system32\svchost.exe -k LocalService Status: OK State: Stopped Start Mode: Disabled Start Name: NT AUTHORITY\LocalService Provides support for application level protocol plug-ins and enables network/protocol connectivity. If this service is disabled, any services that explicitly depend on it will fail to start. Executable: C:\WINDOWS\System32\alg.exe Status: OK State: Stopped Start Mode: Manual Start Name: NT AUTHORITY\LocalService Processes installation, removal, and enumeration requests for Active Directory IntelliMirror group policy programs. If the service is disabled, users will be unable to install, remove, or enumerate any IntelliMirror programs. If this service is disabled, any services that explicitly depend on it will fail to start. Executable: C:\WINDOWS\system32\svchost.exe -k netsvcs Status: OK State: Stopped Start Mode: Manual Start Name: LocalSystem
Note that you can easily determine the start mode, service account, and state of each service from this output.
Changing the Start Mode for a Service
This VBScript changes the Server service start mode to Automatic and works remotely. This can be a big help to sites where the security folks have gone nuts and disabled the Server service or set it to Manual start mode.
In its current form, the script prompts for a remote computer name, connects, and changes the Server service's start mode. The script could also be edited to run on the local computer and placed in a login script to hit a large number of computers at once.
The code
Type the following script into Notepad (with Word Wrap disabled) and save it with a .vbs extension:
strComputer = InputBox("Enter the name of the computer for which " & _
"you want to change the Start Mode for the Server service")
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colService = objWMIService.ExecQuery _
("Select * from Win32_Service where DisplayName = 'Server'")
For Each objService in colService
errReturnCode = objService.Change( , , , , "Automatic")
Next
Running the hack
To run this script, simply create a shortcut to it and double-click on the shortcut.
To change the start mode of another service, simply change the DisplayName to the service you want to modify. For example, to change the start mode for the World Wide Web Publishing Service, you'd alter the select statement to read:
("Select * from Win32_Service where DisplayName = 'w3svc'").
And, of course, you can also use "Manual" or "Disabled" instead of "Automatic" in the second-to-last line.
Changing a Service Password
Services always run within the context of some user account. Usually, this account is built in, such as LocalSystem or NetworkService, but some services, such as IIS and those for Exchange, use special accounts called service accounts. To ensure these accounts are secure, you can change the password used by these accounts, which this script will allow you to do.
The code
Type the following script into Notepad (with Word Wrap disabled) and save it with a .vbs extension:
Dim Computer
Dim ComputerName
Dim ComputerDomain
Dim Service
Dim TargetService
Dim NewPassword
TargetService = "YourServicename"
ComputerDomain = "YourDomain"
ComputerName = "YourComputerName"
NewPassword = "YourPassword"
Set Computer = GetObject("WinNT://" & ComputerDomain & "/" & ComputerName & _ ",computer"
Set Service = Computer.GetObject("service", TargetService)
Service.SetPassword(NewPassword)
Service.SetInfo
Running the hack
Just replace the items in the following lines with your own information:
TargetService = "YourServicename" ComputerDomain = "YourDomain" ComputerName = "YourComputerName" NewPassword = "YourPassword"
For example:
TargetService = "Network Agent" ComputerDomain = "MTIT" ComputerName = "SRV14" NewPassword = "Pa$$w0rd"
?Rod Trent
