-2

How can I get a list of Windows service accounts in Powershell? I've seen many scripts online which attempt to accomplish this. However, they all simply query the list of Windows services, and look at their respective StartName to see which service account is being used. Theoretically, can't there could be a service account which happens not to be used by any service? To demonstrate what I'm referring to, open Windows Explorer (File Explorer), right click on any file, choose Properties > Security > Edit > Add > Advanced > Find Now. I want that whole list of users. I already know how to query for regular users and groups, just not the service accounts.

Thanks,

as9876
  • 934
  • 1
  • 13
  • 38
  • 1
    You may already know that this is not a free code-dispensing service. (What have you tried?) – Bill_Stewart Feb 08 '18 at 22:04
  • @Bill_Stewart, I indicated in the body of the question what I already tried. Thanks – as9876 Feb 08 '18 at 22:08
  • Looked at ([ADSI]"WinNT://$env:COMPUTERNAME").Children, but that doesn't show service accounts, just regular users, groups, and services. – as9876 Feb 08 '18 at 22:08
  • 1
    Do you mean `Get-ADServiceAccount`? – Bill_Stewart Feb 08 '18 at 22:52
  • Downvoters, would you kindly post an explanatory comment? Thanks! – as9876 Feb 09 '18 at 03:59
  • Services run as ordinary local or domain user accounts, there's nothing special about them - except maybe they have the 'logonAsAService' right granted to them. TrustedInstaller is not an account, it's a program `C:\Windows\servicing\TrustedInstaller.exe`. [LocalSystem](https://msdn.microsoft.com/en-us/library/windows/desktop/ms684190%28v=vs.85%29.aspx), [Local Service](https://msdn.microsoft.com/en-us/library/windows/desktop/ms684188(v=vs.85).aspx) and [Network Service](https://msdn.microsoft.com/en-us/library/windows/desktop/ms684272(v=vs.85).aspx) are special, as these links show. – TessellatingHeckler Feb 09 '18 at 09:56
  • Perhaps I didn't word it correctly; my whole question is how to get the entire list of these "special" accounts. – as9876 Feb 09 '18 at 14:03
  • What question are you answering/what problem are you solving by getting such a list? – Bill_Stewart Feb 09 '18 at 15:14

1 Answers1

1

Doing, this...

Windows Explorer (File Explorer), right click on any file, choose Properties > Security > Edit > Add > Advanced > Find Now

... is only showing user who have perms on the file. What does that have to do with Service Accounts? If you want the list of users / perms on a file or folder, that is what Get-ACL is for.

# Get parameters, examples, full and Online help for a cmdlet or function

(Get-Command -Name Get-Acl).Parameters
Get-help -Name Get-Acl -Examples
Get-help -Name Get-Acl -Full
Get-help -Name Get-Acl -Online

(Get-Acl D:\Temp\fsoVolume.docx | Select -ExpandProperty Access).IdentityReference

As for this...

Theoretically, can't there could be a service account which happens not to be used by any service?

... Nope.

What you are saying here is not valid. Simply put, a service account which is not assigned to a service, is simply a user account. There is no way you are ever going to know if some user account is used as a service identity, unless you know the service you are looking for and know the account that should be assigned to service.

Again, A service account is only a service account when it is assigned to a service. No matter what it is named.

Most organizations have a taxonomy / naming convention for accounts which will be used for a given service. Usually, something like svcSQlService, or the like. Yet, if your org has no standard, then that is the first thing to address.

You can only list all services and see what account is assigned as it's identity. If your org has a naming construct, you can use that list to compare against all services to see if it is ever assigned to anything. If not then it should be either assigned to its target service or deleted as some random user account.

postanote
  • 15,138
  • 2
  • 14
  • 25
  • When you click the "Find Now" button, that shows all the accounts on the machine, even the ones not pertaining to the file or folder at hand. – as9876 Feb 09 '18 at 03:48
  • I'm refering to built in accounts, such as NETWORK SERVICE, LOCAL SYSTEM, TrustedInstaller, etc. – as9876 Feb 09 '18 at 03:49
  • Perhaps you are looking for a [list of well-known SIDs](https://support.microsoft.com/en-us/help/243330/)? – Bill_Stewart Feb 09 '18 at 15:13