Sometimes, SOX regulations, customer agreement or your boss, forces you to have the password periodically changed for all service accounts and/or accounts running scheduled tasks. So either you have a detailed list of who (the user account) runs what (the service or scheduled task) where (on which computer), and manually change the password at the GUI, or you create a script to help you do the job.
A friend of mine, asked me to help him out and write the script he needed. I thought of creating a script that asks the user for input (account name, new password and a list of computers) and then runs against all the computers in the list and changes the password accordingly… but wouldn’t it be nicer to have a nifty application that does all that, and that you wouldn’t have to edit a text file, or type-in all the parameters each time you want to run the process but with a different set of arguments?
So I decided to write the application. The list of requirements included:
- The computer list should be easy to manage, and the user should be able to easily add a computer to the list, or a pre-created list from a text file, or even directly from an Active Directory container.
- The process results should be easy to understand, and even available to export and save for future references.
- Have an option to manage only services, only scheduled tasks or both.
- Have an option to restart the services after the password was changed.
- Have an option to change the user account running the services and/or scheduled tasks.
- Have a “dry-run” option that would only show the objects (services and scheduled tasks) that their credentials would have been changed.
- Have an option to quickly connect using Remote Desktop to a selected computer in the list, and to edit the properties of scheduled task listed in the results.
The result from this list, together with other ideas and suggestions that came along the way is SSTUM (Service and Scheduled Task User Manager).
I think it’s easy to use, and the GUI is pretty much self explanatory:
1. Add computers to the list. you can add a specific computer name, a list of computers from an Active Directory container or from a csv or text file) using the buttons in the Computer List box, right-click the list area and use the context menu, or drag-and-drop a csv or a text file to the computers list area.
Note: When using the specific computer option you can use a comma (“,”) to add many computers or an asterisk (“*”) to be used with a search filter to add computers from Active Directory. As a combined example: by typing in “SQL*,*TEST” in the Add a specific computer box, you will be adding to the list all computer accounts in Active Directory that start with “SQL” and all computer accounts that end with “TEST”.
2. Type-in the Current User that you want to change it’s password on all the listed computers, type in the New User if you want the change the user account running the services and scheduled tasks (or type-in the same account as in the current user text box, to leave the account information unchanged)
3. Enter the new password, and type it again in the validate field.
4. Select to Manage Scheduled Tasks, Manage Services and whether to Restart the services after the password was changed or not.
5. Click the Report Objects for a “dry-run”, or the Change Credentials to run the process and actually change the credentials for the selected objects (Services and Scheduled Tasks) on the listed computers.
Note: For the Report Objects option, you need only the Current User information.
6. You can right-click the Results pane to quickly connect to a computer using Remote Desktop, to open the Task Properties window, or to export the results report to a CSV or an XML file to be later opened as an XML table in Excel.