Roth Consulting Perl Script: SAAudit.pl

Perl Script: SAAudit.pl

`Name:`	`SAAudit.pl`
`Version:`	`1.0`
`Last Updated:`	`2000.09.05`
`Author:`	`Paul Popour`
`Description:`	`Perl script discovers non LocalSystem accounts used by services.`
`Explanation:`	SAAUDIT.PL is designed to list the services on all domain servers that use an account other than the LocalSystem account. The reason this audit is important has primarily to do with the bad habit administrators get into of putting their user name and password or the administrator account and password on services, BAD IDEA. You should be changing the password on these account occasionally for security reasons. You change the password on your account today and several weeks later reboot a server that has a service with your old password set on it - "Error 2140". Because the two events don't typically get linked together logically you'll waste precious time troubleshooting only to find you need to reenter your new password. Another reason to create "service accounts" is that typically services don't need anywhere near the access the administrator account or a domain admin account would give them. Giving them that level of access leaves a back door open for a malicious person or sloppy programmer to wreak havoc on almost every domain object. `This script requires the following extensions: Win32::Lanman Win32::NetAdmn`

The SAAudit.pl Script:

# SAAUDIT.PL
#
# Reports the user account other than LocalSystem used to start
# each services on all servers in a domain
#
# This script was written by Paul Popour (ppopour@infoave.net) in 09/2000.
# It is released into the public domain.  You may use it freely, however,
# if you make any modifications and redistribute, please list your name
# and describe the changes. This script is distributed without any warranty,
# express or implied.
#
#  SYNTAX - perl saaudit.pl [domainname]
#
# Example
#
#   perl saaudit.pl        (uses the domain you are currently logged into)
#  or
#   perl saaudit.pl DOMAIN1
#
# Primary use for this script is to record the accounts used 
# to start the services on servers in a domain.  It ignores
# the services that are using the LocalSystem account.
# Occasionally auditing these accounts will allow you to find
# a service that has been improperly configured to use a normal
# user account, (or worst yet, the administrator account) to start.
#
# This script requires the Win32::Lanman module available at the
# following sites:
#
# http://jenda.mccann.cz/
# http://www.roth.net/perl/
# 
# Thanks to Jens Helberg for this excellent module.  
#
#
use Win32::NetAdmin;
use Win32::Lanman;
if (@ARGV[0] ne ""){$domain = @ARGV[0];} else {$domain = Win32::DomainName;}
$output = "c:\\temp\\Service Account Audit for $domain.txt";
unless (Win32::NetAdmin::GetDomainController("", $domain, $PDC)) {print ("Unable to obtain the PDC name for $domain.");}
unless (Win32::NetAdmin::GetServers($PDC, $domain, 0x00000008, \@servers1)) {print ("Unable to read NetBios 0008.");}
unless (Win32::NetAdmin::GetServers($PDC, $domain, 0x00000010, \@servers2)) {print ("Unable to read NetBios 0010.");}
unless (Win32::NetAdmin::GetServers($PDC, $domain, 0x00008000, \@servers3)) {print ("Unable to read NetBios 8000.");}
@servers1 = (@servers1, @servers2, @servers3);
open(OUTFILE, ">$output") || die ("Cannot open output file $output\n");
foreach $server (@servers1)
	{
	print ".";
	if(!Win32::Lanman::EnumServicesStatus("\\\\$server", "", &SERVICE_WIN32, &SERVICE_STATE_ALL, \@services))
		{
		print "Error enumerating the status of services on $server\t";
		print (Win32::Lanman::GetLastError(), "\n");
		next;
		}
	foreach $service (@services)
		{
		if(!Win32::Lanman::QueryServiceConfig("\\\\$server", '', "${$service}{name}", \%config))
			{
			print "Error querying the configuration of the ${$service}{name} service on $server\t";
			print (Win32::Lanman::GetLastError(), "\n");
			next;
			}
		for $key (sort keys %config)
			{
            if (($key eq "account")&&($config{$key} ne "LocalSystem"))
				{
				print OUTFILE "$server\t${$service}{display}\t$config{$key}\n";
				}
			}
		}
	}
close OUTFILE;

Note: Neither Roth Consulting nor its affiliates are responsible for problems resulting from the misuse, modification or execution of any of the scripts on this web site. It is best that the the user read over the script carefully to insure that the code is not harmful to his environment.

This page has been viewed 1 times.

	Are you searching for a children's bike trailer?
	Would you like to try growing an avocado plant?
	Easily lose weight by increasing your metabolism.
	What, exactly, is a Calorie?
	Want to know about schooling your child using the Montessori method.