functions/local/Get-LocalServiceAccount.ps1
|
function Get-LocalServiceAccount { [CmdletBinding()] param () $domain = (Get-CimInstance -ClassName win32_computersystem).Domain $domainName = ($domain -split "\.")[0] $localSIDSpace = (Get-CimInstance -Query 'SELECT SID from win32_useraccount WHERE Name = "DefaultAccount"').SID -replace '-\d+$' $grouped = Get-CimInstance -ClassName win32_service | Group-Object StartName $systemSid = [System.Security.Principal.SecurityIdentifier]'S-1-5-18' foreach ($group in $grouped) { $sid = $group.Name -as [System.Security.Principal.SecurityIdentifier] if (-not $sid) { try { $sid = ([System.Security.Principal.NTAccount]$group.Name).Translate([System.Security.Principal.SecurityIdentifier]) } catch { } } if ($group.Name -eq 'localSystem') { $sid = $systemSid } $isDomain = $false if ($sid.AccountDomainSid -and ($sid.AccountDomainSid -notlike "$localSIDSpace*")) { $isDomain = $true } if ($group.Name -like "$domainName*") { $isDomain = $true } [PSCustomObject]@{ Computername = $env:COMPUTERNAME UserName = $group.Name UserSid = $sid ServiceNames = $group.Group.Name Services = $group.Group IsDomainAccount = $isDomain } } } |