Dean Wells, of MSEtechnology provides us with svccontext.bat, a script to query all services on all servers in your domain, and report those services that match, or partially match, a specified user context.

NOTE: svccontext.bat uses SC.EXE, either built-in to the OS you run the script from, or available from the resource kit.

NOTE: svccontext.bat uses LDIFDE.EXE, available from your server.

NOTE: Find.exe, SC.EXE, and LDIFDE.EXE must be in the System path.

The syntax for using svccontext.bat is:

SVCcontext FQDN UserName

where:

FQDN is the DNS domain name, like JSIINC.COM or Microsoft.COM.

UserName is the name or partial name of the service context you are querying, like Administrator, System, JSIINC\Service, or MICROSOFT\Admin.

When I typed:

svccontext JSIINC.COM System

I received the following display:

<b>SVCcontext log, "D:\TEMP\SVCcontext.log" -
  * created by "Jerry" at " 9:18:45.93" on "09/12/2002"
  * servers in domain "jsiinc.com" queried
  * queried for match or partial match on "system"</b>
The D:\TEMP\SVCcontext.log file began with:
<b><a href="/article/domains2/jsi-tip-5721-report-all-services-on-servers-in-your-domain-that-match-a-specified-context-77025?topic=begin%20log">BEGIN LOG</a>
 
+ SERVICE AppMgmt on SERVER jsi001.JSIINC.COM runs in the context of LocalSystem
+ SERVICE AudioSrv on SERVER jsi001.JSIINC.COM runs in the context of LocalSystem
+ SERVICE BITS on SERVER jsi001.JSIINC.COM runs in the context of LocalSystem</b>
svccontext.bat contains:
:: SVCcontent - Queries all services on all servers within a domain for a specified security context
:: Dean Wells - MSEtechnology - Sept. 2002

@echo off
setlocal ENABLEDELAYEDEXPANSION

:: Begin script body
echo.

:: Define initial environment
set fqdn=%1
set dn=dc=%fqdn:.=,dc=%
set principal=%2
set scriptname=SVCcontext
set log=%TEMP%\%scriptname%.log
set stdout=nul
set stderr=nul
set found=0

:: Determine if supplied arguments were sufficient
if "%2"<h1><a name="_echo_ERROR_Insufficient_arguments_goto_SYNTAX_Define_extreme_query_buffer_to_cope_with_unfamiliar_environment_set_bufsize_50000_Locate_critical_executables_for_e_in_find_exe_sc_exe_ldifde_exe_do_set_where_PATH_e_if_where_">"" (
        echo ERROR - Insufficient arguments, "%*"
        goto :SYNTAX
)

:: Define extreme query buffer to cope with unfamiliar environment
set bufsize=50000

:: Locate critical executables
for %%e in (find.exe sc.exe ldifde.exe) do (
        set where="%%~$PATH:e"
        if "!where!"</a></h1>"""" (
                echo ERROR - Required executable, "%%e", not located within the system path
                goto :END
        )
)

:: Cleanup existing temporary/log files and prepare log header
del %TEMP%\servers.log 1>%stdout% 2>%stderr%
del %log% 1>%stdout% 2>%stderr%
echo %scriptname% log, "%log%" - >>%log%
echo   * created by "%USERNAME%" at "%TIME%" on "%DATE%">>%log%
echo   * servers in domain "%fqdn%" queried>>%log%
echo   * queried for match or partial match on "%principal%" >>%log%
echo. >>%log%
echo <a href="/article/domains2/jsi-tip-5721-report-all-services-on-servers-in-your-domain-that-match-a-specified-context-77025?topic=begin%20log">BEGIN LOG</a> >>%log%
echo. >>%log%

:: Determine servers to query
ldifde -j %TEMP% -s %fqdn% -d %dn% -r (objectClass=computer) -l dnshostname -f %TEMP%\servers.log 1>%stderr% 2>%stderr%
if errorlevel 1 (
        echo ERROR - LDAP query failed when enumerating server list
        goto :SYNTAX
)

:: Prepare display
echo STATUS - Working ...
echo.

:: Parse the servers
for /f "tokens=2 delims=: " %%h in ('type %TEMP%\servers.log ^| find /i "dnshostname: "') do (
        call :GETSVCS %%h
)

:: Clean up display and display log
if "%found%"=="1" (
        echo. >>%log%
        echo.
        echo STATUS - Done^^!
        start "" notepad %log%
) else (
        echo STATUS - No services located
        echo          * Queried domain "%fqdn%"
        echo          * Queried for match or partial match on "%principal%"
)
echo <a href="/article/domains2/jsi-tip-5721-report-all-services-on-servers-in-your-domain-that-match-a-specified-context-77025?topic=end%20log">END LOG</a> >>%log%

:: Script body ends
goto :END

:: Define functions and procedures

:GETSVCS
for /f "tokens=2 delims=: " %%s in ('sc \\%1 query state^= all bufsize^= %bufsize% ^| find "SERVICE_NAME"') do (
        call :QUERYSVCS %1 %%s
)
goto :EOF

:QUERYSVCS
for /f "tokens=2 delims=: " %%p in ('sc \\%1 qc %2 ^| find "SERVICE_START_NAME"') do (
        echo %%p | find /i "%principal%" 1>%stderr% 2>%stderr%
        if not errorlevel 1 (
                set found=1
                echo + SERVICE %2, SERVER %1, CONTEXT %%p
                echo + SERVICE %2 on SERVER %1 runs in the context of %%p >>%log%
        )
)
goto :EOF

:SYNTAX
echo.
echo SYNTAX - %scriptname% \[domain FQDN\] \[username\]
echo.
echo   * \[domain FQDN\] is the DNS domain name to query for servers
echo   * \[username\] is the name or partial name of the service account
echo.
echo     e.g. - %scriptname% microsoft.com Administrator
echo  or ...
echo     e.g. - %scriptname% microsoft.com MICROSOFT\Admin
echo.

:: End script and perform necessary cleanup
:END
del %TEMP%\servers.log 1>%stderr% 2>%stderr%