لطفا منتظر باشید ...
Hack 36 Manage Services on Remote Machines
Here are three handy scripts for managing
network services that run on remote machines.
While the Services node in Computer Management can be
used to manage services on remote machines, using a script is easier
if you have many systems to manage. This hack offers three VB scripts
you can use to display the services that run on a remote computer,
change the start mode for a service, and change the password for the
account used by a service. Enjoy!
Getting Remote Computer Service Information
If you want to check services on a remote computer, VBScript can
help. Using the WMI repository and ADSI, you can easily retrieve
information on stopped or started services.
The script prompts for the NetBIOS name of the remote computer.
Alternatively, you can get the service information for the local
computer by typing in the local name as localhost.
The script responds by displaying complete information for the
services that are registered on the specified computer.
The code
Type the following script into Notepad (with Word Wrap disabled) and
save it with a .vbs extension:
ComputerName = InputBox("Enter the name of the computer for which you " & _
"want service information")
winmgmt1 = "winmgmts:{impersonationLevel=impersonate}!//"& ComputerName &"
Set ServSet = GetObject( winmgmt1 ).InstancesOf ("Win32_service")
for each Serv in ServSet
GetObject("winmgmts:").InstancesOf ("win32_service")
WScript.Echo "
WScript.Echo Serv.Description
WScript.Echo " Executable: ", Serv.PathName
WScript.Echo " Status: ", Serv.Status
WScript.Echo " State: ", Serv.State
WScript.Echo " Start Mode: ", Serv.StartMode
Wscript.Echo " Start Name: ", Serv.StartName
nextRunning the hack
To run the script, open a command prompt, switch to the directory
where the script is located, and type the following:
cscript.exe GetRemoteServices.vbs > services.txt
The reason for redirecting output to a text file is because the
script generates a lot of output. A dialog box appears (see Figure 4-1), requesting the name of the remote machine.
The machine name can be a FQDN, NetBIOS name, or IP address, as
desired.
Figure 4-1. Getting information about services running on a remote machine
Here's a sample of what the output of the script
might look like if the target machine is running Windows Server 2003:
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Notifies selected users and computers of administrative alerts. If the service is stopped,
programs that use administrative alerts will not receive them. If this service is
disabled,
any services that explicitly depend on it will fail to start.
Executable: C:\WINDOWS\system32\svchost.exe -k LocalService
Status: OK
State: Stopped
Start Mode: Disabled
Start Name: NT AUTHORITY\LocalService
Provides support for application level protocol plug-ins and enables network/protocol
connectivity. If this service is disabled, any services that explicitly depend on it will
fail to start.
Executable: C:\WINDOWS\System32\alg.exe
Status: OK
State: Stopped
Start Mode: Manual
Start Name: NT AUTHORITY\LocalService
Processes installation, removal, and enumeration requests for Active Directory
IntelliMirror group policy programs. If the service is disabled, users will be unable to
install, remove, or enumerate any IntelliMirror programs. If this service is disabled,
any services that explicitly depend on it will fail to start.
Executable: C:\WINDOWS\system32\svchost.exe -k netsvcs
Status: OK
State: Stopped
Start Mode: Manual
Start Name: LocalSystem
Note that you can easily determine the start mode, service account,
and state of each service from this output.
Changing the Start Mode for a Service
This VBScript changes the Server service start mode to Automatic and
works remotely. This can be a big help to sites where the security
folks have gone nuts and disabled the Server service or set it to
Manual start mode.
In its current form, the script prompts for a remote computer name,
connects, and changes the Server service's start
mode. The script could also be edited to run on the local computer
and placed in a login script to hit a large number of computers at
once.
The code
Type the following script into Notepad (with Word Wrap disabled) and
save it with a .vbs extension:
strComputer = InputBox("Enter the name of the computer for which " & _
"you want to change the Start Mode for the Server service")
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colService = objWMIService.ExecQuery _
("Select * from Win32_Service where DisplayName = 'Server'")
For Each objService in colService
errReturnCode = objService.Change( , , , , "Automatic")
NextRunning the hack
To run this script, simply create a shortcut to it and double-click
on the shortcut.
To change the start mode of another service, simply change the
DisplayName to the service you want to modify. For
example, to change the start mode for the World Wide Web Publishing
Service, you'd alter the select statement to read:
("Select * from Win32_Service where DisplayName = 'w3svc'").And, of course, you can also use "Manual" or
"Disabled" instead of
"Automatic" in the second-to-last line.
Changing a Service Password
Services always run within the context of some user account. Usually,
this account is built in, such as LocalSystem or
NetworkService, but some services, such as IIS and
those for Exchange, use special accounts called service
accounts. To ensure these accounts are secure, you can
change the password used by these accounts, which this script will
allow you to do.
The code
Type the following script into Notepad (with Word Wrap disabled) and
save it with a .vbs extension:
Dim Computer
Dim ComputerName
Dim ComputerDomain
Dim Service
Dim TargetService
Dim NewPassword
TargetService = "YourServicename"
ComputerDomain = "YourDomain"
ComputerName = "YourComputerName"
NewPassword = "YourPassword"
Set Computer = GetObject("WinNT://" & ComputerDomain & "/" & ComputerName & _ ",computer"
Set Service = Computer.GetObject("service", TargetService)
Service.SetPassword(NewPassword)
Service.SetInfo
Running the hack
Just replace the items in the following lines with
your own information:
TargetService = "YourServicename"
ComputerDomain = "YourDomain"
ComputerName = "YourComputerName"
NewPassword = "YourPassword"
For example:
TargetService = "Network Agent"
ComputerDomain = "MTIT"
ComputerName = "SRV14"
NewPassword = "Pa$$w0rd"
Rod Trent
