PowerShell Scripts for finding Services and Scheduled Tasks that are using a specific account

A while ago I created some scripts that others might find useful.
The scripts where made for checking whether or not it was safe to disable a specific account, by looking for services and scheduled tasks that might be needing this account to run.
The scripts where originally made for checking win-2003 servers.

I have written them so that they now look for the use of the local administrator account on the servers, the scripts can therefore be helpful if you are going to disable this account in your environment (which you should..)
I made three scripts to accomplish this task, one “ping-script” to get a list of servers to check, one to check for services and one to check for scheduled tasks.

The first one is a general “ping-script” that asks for some naming characteristic for the servers you want to query for,
This can be adjusted to meet your naming convention:
If you have a naming convention like this “SQLHQ012″ and you want to list all SQL servers = type SQL at first prompt ($_criteria1), enter – * on the second+ enter.
For all servers at HQ = * on the first prompt,enter – HQ on the second ($_criteria2) + enter
The script will then ask Active Directory by running DSQuery (dsquery computer -name $_criteria1$_criteria2*)
- omitting all machine accounts with “PC” or “NB” in its name.
The script then pings all the machine accounts it has found and creates a list for onlineservers and one for offlineservers.
The lists are created in the same dir as the script is executed from. Ignore screen messages for servers that can not be reached..

____________________________________________________________
del AllServers.txt
del OnlineServers.txt
del OfflineServers.txt
$_criteria1 = Read-host “Enter a unique 1st part of machinenames you want to Query or * to use 1st part as wildcard”
$_criteria2 = Read-host “Enter a unique 2nd part of machinenames you want to Query or * to use 2nd part as wildcard”
dsquery computer -name $_criteria1$_criteria2* -o rdn -limit 0 | where { $_ -notmatch ‘PC’ -And $_ -notmatch ‘NB’}>>serverliste_tmp.txt
(Get-Content serverliste_tmp.txt) |
Foreach-Object {$_ -replace “”"”, “”} |
Set-Content AllServers.txt
del serverliste_tmp.txt
$Servere=Get-Content AllServers.txt
Foreach ($_ in $Servere)
{
$ping = new-object System.Net.NetworkInformation.Ping
$Reply = $ping.send($_)
if ($Reply.status –eq “Success”)
{Write-Output “$_” >>OnlineServers.txt}
else
{Write-Output “$_” >>OfflineServers.txt}
$Reply = “”
}
____________________________________________________________

The second one is a one-liner that gets a list of servers from the file “onlineservers.txt” in the same folder as the script,
Runs a WMI query against all servers in the list and creates a webpage “services_that_uses_specific_account.html”
This webpage lists all servers and the services that uses the account in question.
Change “*\Administrator” to any account you want to check before you disable or delete it

Dependencies:
The script needs the file onlineservers.txt containing one servername per line in the folder the script is executed from.

____________________________________________________________

get-content onlineservers.txt |ForEach-Object {gwmi win32_service -computerName $_| where {$_.StartName -like “*\Administrator”}} | select __Server,name,startname |convertto-html | out-file services_that_uses_specific_account.html
____________________________________________________________

The third one runs Schtasks.exe to get details for all scheduled tasks on all servers in the serverlist “onlineservers.txt”
it then searches through these details for any instance of the word “Administrator”.
All lines that contains this word are then written to the file Servers_with_tasks_as_local_administrator.csv
This file is already prepared with one line containing the description of the different parts of the output.
To search for tasks running as any other user, simply change the word “Administrator” to whatever account you want.

Dependencies:
The script needs the file onlineservers.txt containing one servername per line.
The script also need the file templatefile.csv for descriptions of the output
Both files must be present in the same folder that the script is executed from

____________________________________________________________
Copy templatefile.csv tasks_as_specific_user.csv
$Servere=Get-Content onlineservers.txt
Foreach ($_ in $Servere)
{
Schtasks.exe /query /s $_ /v /FO CSV |select-string -pattern “Administrator” | Add-content ‘tasks_as_specific_user.csv’}
____________________________________________________________
The templatefile CSV and all the other scripts can be downloaded from my SkyDrive:

Go to my SkyDrive to get the scripts

Check_account_use_before_disable.zip contains all the scripts in this post.