For services I use:
net view to enumerate all machines, process with a little batch processing to clean out the description field
services.exe from http://wettberg.home.texas.net/services.htm
grep32, use unique to get a list of computers using the account or don't to get every service using the account
You could also use ADSI to enumerate the servers and WMI to query the services fairly easily if you are familiar with ADSI and WMI.
A more comprehensive approach could be had using GFI's Languard products, do an audit using network security scanner to find the services and use security and event log monitor to track account login usage.
| AdamT <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 06/27/2006 12:22 PM
|
|
Dear fountain of knowledge,
We've inherited a particularly messy AD structure, and we're now
trying to find out where a particular account is in use. There's
around 80 servers in the domain and 3000 workstations, and this
account appears to be used for pretty much anything that wants to log
on as a service, or anyone who wants domain admin privs.
Is there any kind of audit utility to scan servers and see which
services are using the account, and ideally - any kind of monitoring
package to flag up an alert each time the account is used to, say, map
a drive or connect to a SQL db?
--
AdamT
"A casual stroll through the lunatic asylum shows that faith does not
prove anything." - Nietzsche
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
