Biassoni Riccardo wrote:
Hi All,Is there a way to discover Active Directory "Shared" user account or "Service" users Account for auditing purpose? I have domain admin privileges and local access to my domain controllers.
In AD, there's no inherent difference between a service account and a regular user account. In order to actually do this, then, you'd have to actually find some characteristic of these accounts in your environment, such as:
+ Being logged onto multiple workstations at once + Having services configured using the account + Having a particular naming schemeObviously these are going to be fairly environment specific, but there are ways of finding them out (psloggedon and wmic, for instance). They're going to take a substantial amount of effort to figure out however, and investigate if you don't have a consistent way of managing service accounts.
The short answer is: How good's your vbscript/wmi? - James. -- James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org "All at sea again / And now my hurricanes Have brought down this ocean rain / To bathe me again" https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3 --
smime.p7s
Description: S/MIME Cryptographic Signature
