Action1 5 How-to Articles 5 How to Find All SQL Server Service Accounts Used on Remote PCs

How to Find All SQL Server Service Accounts Used on Remote PCs

December 21, 2018

By Peter Barnett

A lot of data breaches start with attacks on privileged service accounts. An important step in proactively locking the security of your corporate network is to find all SQL Server service accounts.

Action1 RMM is a free cloud-based RMM solution. Among hundreds of other built-in features such as remote patch deployment, remote desktop, it allows running reports to find all SQL Server service accounts used on endpoints. After the discovery is done, you can manage service account passwords and perform other maintenance operations. This article explains how to list Exchange service accounts using Action1 to find service accounts in domain Windows server 2008 r2 or other operating systems and also shows how to list service accounts from the command line for organizations that are not able to utilize Action1 RMM in their environments.

Manually:

1. Execute WMI Query in ROOT\CIMV2 Namespace:

  1. Launch WMI Explorer or any other tool which can run WMI queries.
  2. Run WMI query: SELECT * FROM Win32_Service

2. Open WMIC Command-line Interface:

  1. Press WIN+R
  2. Type “wmic”, press Enter
  3. In wmic command line tool type: /node:RemoteComputerName service

3. Run This Simple Windows Powershell Script:

Thru WMI object: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName

4. Use Following Code to Select Specific Columns:

Execute: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, StartName, PSComputerName

5. Sort the Results Using the Line Below:

Invoke command: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, StartName, PSComputerName | Sort-Object DisplayName

6. The Next Code Helps to Filter Results:

Use it: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, StartName, PSComputerName | Where-Object -FilterScript {$_.DisplayName -like “*SQL Server*”}

7. Save Results to CSV File:

Run: Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer RemoteComputerName | Select-Object DisplayName, Started, StartMode, StartName, PSComputerName | Export-CSV “c:\file.csv” -Append -NoTypeInformation

8. The Next Step Is to Query Multiple Computers:

Computers from a text file: Get-Content -Path c:\computers.txt | ForEach-Object {Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer $_}
– computers from AD domain: Get-ADComputer -Filter {OperatingSystem -Like ‘Windows 10*’} | ForEach-Object {Get-WmiObject -Namespace ROOT\CIMV2 -Class Win32_Service -Computer $_.Name}

With Action1 RMM Platform:

Step 1 Login to Your Action1 Dashboard

Step 2 Type Your Question in Plain English:

Action1 allows to find all SQL Server service accounts used on multiple endpoints or manage service account passwords and perform maintenance operations. - search query

Step 3 Set Filters, If Necessary:

Action1 allows to find all SQL Server service accounts used on multiple endpoints or manage service account passwords and perform maintenance operations. - set filters

Step 4 See Results from All Endpoints in Seconds:

Endpoint Name

mac.widgets.local
fred.widgets.local
ray.widgets.local

Display Name

SQL Server
MS Exchange
File Backup

Started

True
True
False

User Name

WIDGETSsql1
WIDGETS xch
WIDGETSb1

State

Running
Running
Stopped

See What You Can Do with Action1 RMM

 

Join our weekly LIVE webinar “Patching and remote management” to learn more

about Action1 RMM features and use cases for your IT needs.

 

Related Posts