fb
Homepage 5 How-to Articles 5 Finding All Exchange Service Accounts Used on PCs

Finding All Exchange Service Accounts Used on PCs

Manage remote endpoints, deploy software and patches with Action1 cloud RMM solution.

Sign up and use free on up to 50 endpoints with no functionality limits or expiration.



January 4, 2019

A lot of data breaches start with attacks on privileged service accounts. An important step in proactively locking the security of your corporate network is to find all Exchange service accounts.

This article explains how to list Exchange service accounts using Action1 RMM to find service accounts in domain Windows server 2008 r2 or other operating systems and also shows how to list service accounts from the command line for organizations that are not able to utilize Action1 RMM in their environments.

Find Exchange Service Accounts Manually:

1. Execute WMI Query in ROOT\\\\CIMV2 Namespace:

  1. Launch WMI Explorer or any other tool which can run WMI queries.
  2. Run WMI query: SELECT * FROM Win32_Service

2. Open WMIC Command-line Interface:

  1. Press WIN+R
  2. Type “wmic”, press Enter
  3. In wmic command line tool type: /node:RemoteComputerName service

3. Run This Simple Windows Powershell Script:

Thru WMI object: Get-WmiObject-Namespace ROOT\\\\CIMV2 -Class Win32_Service -Computer RemoteComputerName

4. Use Following Code to Select Specific Columns:

Execute: Get-WmiObject -Namespace ROOT\\\\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, StartName, PSComputerName

5. Sort the Results Using the Line Below:

Invoke command: Get-WmiObject –Namespace ROOT\\\\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, StartName, PSComputerName | Sort-Object DisplayName

6. The Next Code Helps to Filter Results:

Use it: Get-WmiObject -Namespace ROOT\\\\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, StartName, PSComputerName | Where-Object -FilterScript {$_.DisplayName -like “*Exchange*”}

7. Save Results to CSV File:

Run: Get-WmiObject -Namespace ROOT\\\\CIMV2 -Class Win32_Service –Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, StartName, PSComputerName | Export-CSV “c:\\\\file.csv” -Append -NoTypeInformation

8. The Next Step Is to Query Multiple Computers:

Computers from a text file: Get-Content -Path c:\\\\computers.txt | ForEach-Object {Get-WmiObject -Namespace ROOT\\\\CIMV2 -Class Win32_Service -Computer $_}
Computers from AD domain: Get-ADComputer -Filter {OperatingSystem -Like ‘Windows 10*’} | ForEach-Object {Get-WmiObject -Namespace ROOT\\\\CIMV2 -Class Win32_Service -Computer $_.Name}

How to Uninstall Software Using Action1 RMM:

Action1 RMM is a cloud-based solution for remote endpoint management that encompasses a comprehensive reporting tool that allows you to quickly gather valuable insights on your managed endpoints. Among hundreds of other built-in features, it allows finding all Exchange service accounts used on endpoints. After the discovery is done, you can manage service account passwords and perform other maintenance operations.

Step 1: Get started with Action1 for Free

Sign up to a free version of the Action1 RMM solution and install Action1 agents to your remote endpoints to manage them remotely. Here is the detailed instruction on how to get started.

 

Step 2 – Type Your Question in Plain English:

Action1 allows to find all Exchange service accounts used on multiple endpoints or manage service account passwords and perform maintenance operations. - search query

Step 3 – Set Filters, If Necessary:

How to Find All Exchange Service Accounts Used on PCs

Step 4 – See Results from All Endpoints in Seconds:

Endpoint Name

mac.widgets.local
fred.widgets.local
ray.widgets.local

Display Name

SQL Server
MS Exchange
File Backup

Started

True
True
False

User Name

WIDGETSsql1
WIDGETSxch
WIDGETSb1

State

Running
Running
Stopped

Related Articles

How To Delete User Profiles Remotely with PowerShell

When a user logs onto the computer for the first time (not via the network to access shared folders or printers), Windows creates a user profile. Among its contents are the NTUSER.DAT file (user profile settings), user-specific folders (My Documents, Desktop, etc.),...

About Action1 RMM

Action1 RMM is a cloud-based IT solution for remote monitoring and management, patching, and remote support.

Start your free two-week trial of Action1, or use RMM tools for free forever on 50 endpoints with no functionality limitations!



0 Comments

Submit a Comment

Your email address will not be published.

cloud patch management solutions action1

MSP Solution

Centralize endpoint management and boost efficiency of IT service delivery.

automated server patch management action compliance

Patch Management

Identify and deploy missing OS and third-party software updates.

cloud software deployment tools windows

Software Deployment

Distribute software and updates across managed endpoints.

software distribution tools software inventory action1

IT Asset Inventory

Keep a detailed inventory and manage hardware and software assets.

web client remote desktop

Remote Desktop

Support users via seamless remote desktop connection.

web based rdp client

Unattended Access

Provide administrative support and manage remote devices.

automated patch management action1

Endpoint Management

Run PowerShell, custom scripts, reboot computers and restart services.

API integrations action1

RESTful API

Integrate Action1 RMM to your IT ecosystem.

computer inventory tool for compliance

Reports and Alerts

Conduct endpoint security audits with comprehensive reporting.