How do I extract a list of services AND what account they run as?

cmd.exe windows-server-2003 windows-services

Solution 1:

wmic:
Name and account for all services:
wmic service get name,startname

started services only:
wmic service where started=true get name, startname

services with specific pattern in name:
wmic service where 'name like "%sql%"' get name, startname

nicely formatted as html table (and then opened in your browser):
(wmic service where 'name like "%sql%"' get name, startname /format:htable >out.html) && out.html

Full syntax here: https://msdn.microsoft.com/en-us/library/aa394531%28v=vs.85%29.aspx

Solution 2:

You can accomplish this in two steps:

  1. Get the list of services:sc \\localhost query | findstr SERVICE_NAME
  2. Your missing piece: sc \\localhost qc + SERVICE_NAME + | findstr SERVICE_START_NAME

I would recommend a batch script like this:

@echo off
setlocal EnableDelayedExpansion
sc \\localhost query | findstr SERVICE_NAME > services.lst
for /f "tokens=1,2" %%A in (services.lst) do (
    echo %%B
    sc \\localhost qc %%B | findstr SERVICE_START_NAME
)
del services.lst

That gives you an output like this: enter image description here

Of course, you can further cleanup that output or write to a CSV file in any manner that you would like.

Solution 3:

CMD has no native way to do it. SC and NET are built-in applications that come with Windows but that doesn't mean they're native. At any time an admin can remove them and then even CMD is left in the dark.

sc sdshow is what will get you security descriptors, but this will complicate things if you don't know how to read SDDL strings.

Simplest way is to get Sysinternals PsService.exe from Tools package and use it as psservice security [service]. It will list the SDDL in readable format, including account names.

Solution 4:

Although you can't use PowerShell you should still be able to use VBScript to pull the info from WMI:

Here's a VBS script that will list all services and the account they start as:

strComputer = "."

Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colServices = objWMIService.ExecQuery ("Select * from Win32_Service")

For Each objService in colServices 
    wscript.echo objService.Name & ": " & objService.StartName
Next

Save it and then run it with cscript ScriptName.vbs.

objService.State would give you the service's current state (since you mentioned you're looking to filter by it).

More info on the Win32_Service class.

Related

How do I open the user folder of a hard drive that I transfered?
Get creation time of file in milliseconds
How should I set up my dual-boot so that I can hibernate the secondary OS?
Wrong audio duration with ffmpeg
How to fix corrupted filesystem (shows as RAW) in USB device?
How to change Google chrome windows order in the Windows task panel
What is the difference between systemd's user and system services?
OSX version of `mount -l`
Is any version of OS X/macOS vulnerable to the Year 2038 problem?
How to reset security questions if I forgot them
Headphone symbol when headphones not in use
How do I rename app icons on my iPad home screen?