This tutorial will showcase how to detect whether a specific account is a service account logged into a server with the Goverlan Reach’s Process Automation framework. This may be useful for an IT audit of accounts or when a service account is being locked out due to a bad password stored in a service configuration.
**These tutorials are for demonstration purposes. Please test all Scope Actions before deploying them into production.**
Tutorial
This process automation workflow creates a report that lists the servers, service name and Log On As attribute of the service. Using this same workflow, several actions can be taken.
This Scope Action can also be modified to reset the password on all of the service instances or it can be used to change the Log On As attribute altogether.
Reporting on the Log On As attribute
Step 1 – Starting a new Scope Action
Go to the Global Management via Scope Action console and create a new scope action with the desired name and scope. If you have never created a Scope Action before, please refer to the below video and the Scope Action Creation Basics article for more information.
Step 2 – Configuring the Action Module for the report
Add the following report items to your Action Module.
Add \ Remove –> Report Computer Property –> Services –> Software Services –> Display Name
Add \ Remove –> Report Computer Property –> Services –> Software Services –> Log On As
Add the following conditions using the “Only if the following is true” section.
Add \ Remove –> Set Computer Condition –> Services –> Software Services –> Log On As
The Condition should be “=”
Double click the Desired Value field and enter the Domain\Username of the service account that is being searched for.
This is what the action module should look like when all options are selected.
This Action Module will produce a report like this.
Changing the service account or password on all of your servers
Use the following action module to change the password where the service account is configured.
Step 1 – Configuring the Action Module
Add the following action items to your Action Module.
Add \ Remove –> Execute Computer Action –> Services –> Set Logon As
Set the following Arguments
Service Name: *NOTE: This must be the service name NOT the DISPLAY NAME.
Account Name: *This should be in DOMAIN\USERNAME format
Password: Account password
This is what the action module should look like when all options are selected.
