EV Reach - IT Process Automation Tutorial - Detecting Servers Using a Specific Service Account

Last modified on 2023/07/12 14:32
Contents
ProcessAutomationsCaution

  These tutorial is for demonstration purposes. Please test all Scope Actions before deploying them into production.

Objectives

In this tutorial, you will learn to use EV Reach's Process Automation framework to detect whether a specific account is a service account logged into a server. This may be useful for an IT audit of accounts or when a service account is being locked out due to a bad password stored in a service configuration.

The process automation workflow creates a report that lists the servers, service name and Log On As attribute of the service. Using this same workflow, several actions can be taken. This Scope Action can also be modified to reset the password on all of the service instances or it can be used to change the Log On As attribute altogether.

Best Practice

ProcessAutomationsBestPractice

Step by Step Tutorial

Step 1: Reporting on the Log On As attribute

1. Start a new Scope Action.

  • Go to the Global Management via Scope Action console and create a new scope action with the desired name and scope.

2. Configure the Action Module for the report.

  • Add the following report items to your Action Module.
    Add \ Remove --> Report Computer Property --> Services --> Software Services --> Display Name Add \ Remove --> Report Computer Property --> Services --> Software Services --> Log On As
  • Add the following conditions using the "Only if the following is true" section.
    Add \ Remove --> Set Computer Condition --> Services --> Software Services --> Log On As The Condition should be "=" Double click the Desired Value field and enter the Domain\Username of the service account that is being searched for.
  • This is what the action module should look like when all options are selected.

          tutorial-conditions.png

  • This Action Module will produce a report like this.

          tutorial-2-1024x212.png
 

Step 2: Changing the service account or password on all of your servers

Use the following action module to change the password where the service account is configured.

1. Configure the Action Module.

  • Add the following action items to your Action Module.
    Add \ Remove --> Execute Computer Action --> Services --> Set Logon As Set the following Arguments
  • Enter the information.
    • Service Name: This must be the service name NOT the DISPLAY NAME.
    • Account Name: This should be in DOMAIN\USERNAME format.
    • Password: Account password.
               tutorial-5.png

2. This is what the action module should look like when all options are selected.

          tutorial-8.png

Tags:
Powered by XWiki © EasyVista 2022