Reader to Reader - 27 Sep 2000

[Editor's Note: Email your scripting solutions (400 words or less) to Reader to Reader at [email protected]. Please include your script and phone number. We edit submissions for style, grammar, and length. If we print your contribution, you receive $100.]

If you manage a Windows NT network, you undoubtedly have many NT services that require domain service accounts. Occasionally, these service accounts need rights to the Domain Admins global group. When you need to change the passwords of these service accounts, or if you want to change a service account altogether, you must manually modify each affected server and workstation.

To automate this time-consuming task, I wrote ChangeService.cmd. This portable NT shell script uses the Microsoft Windows NT Server 4.0 Resource Kit utilities sc.exe and ntrights.exe to change the service account and password of NT services on remote NT 4.0 servers and workstations. The script first uses ntrights.exe to grant Logon As a Service rights to the account you specify as the service account. The script then uses an sc.exe command to make the configuration changes for that service.

Before you can use ChangeService.cmd, you need to get the real name of the service you want to modify (i.e., the name that appears in the registry—not the common name that appears in the Control Panel Services applet). To obtain the real service name, you have three options:

Listing 1 contains an excerpt from ChangeService.cmd. You can find the entire script in the Code Library on the Win32 Scripting Journal Web site (http://www.win32scripting.com/). I also posted this script on my Web site at http://www.scripthorizon.com/. I wrote ChangeService.cmd for NT 4.0 machines running Service Pack 4 (SP4) or later. To run this script, you must be an administrator on the remote machines you're accessing.

—Steve Seguis
[email protected]