{"id":3564,"date":"2018-08-14T23:38:36","date_gmt":"2018-08-14T23:38:36","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=3564"},"modified":"2022-12-02T02:31:53","modified_gmt":"2022-12-02T02:31:53","slug":"how-to-search-for-services-and-scheduled-tasks-run-as-specific-user","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/code\/how-to-search-for-services-and-scheduled-tasks-run-as-specific-user","title":{"rendered":"How to search for Services and Scheduled Tasks run as specific user"},"content":{"rendered":"\n

All organizations should be using service accounts for Specific Tasks and Services, however, some legacy systems might not be. This script will search all servers listed in servers.txt and come back with any results with the username you search<\/p>\n\n\n\n

<\/p>\n\n\n

\n\t
#run this script as administrator#create a servers.txt for all the servers you want to query$Servers = Get-Content servers.txt#add * infront and behind username for wildcard$user = "*administrator*"$findings = foreach ($computername in $Servers){    $schtask = schtasks.exe \/query \/s $computername \/V \/FO CSV | ConvertFrom-Csv | Where { $_."Run As User" -like $user} | Select TaskName    if ($schtask) {Write-Host "`nTask" + $computername + $schtask }       $displayname = Get-WmiObject -class win32_service -computername $computername |where-object startname -like $user | Select displayname    if ($displayname){Write-Host "`nService" + $computername + $displayname }   }<\/code><\/pre> 
 searchServicesandTasksforUser.ps1<\/a> view raw<\/a> <\/div> <\/div><\/div>\n\n\n\n
There\u2019s a free tool with PDQ Inventory for Services<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
All organizations should be using service accounts for Specific Tasks and Services, however, some legacy systems might not be. This script will search all servers listed in […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[320],"tags":[2629,2628,2626,2625,576,2627,2624,2623,2492],"class_list":["post-3564","post","type-post","status-publish","format-standard","hentry","category-code","tag-find-all-scheduled-tasks-running-under-account","tag-find-all-services-running-under-account","tag-find-users","tag-log-on-type","tag-powershell","tag-query-all-servers","tag-scheduled-tasks","tag-services","tag-windows"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=3564"}],"version-history":[{"count":3,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3564\/revisions"}],"predecessor-version":[{"id":6447,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3564\/revisions\/6447"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=3564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=3564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=3564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}