we are looking to chnage the domain admin account password. Is there a way to find out in the domain what services on what server is running wih the domain admin account user and password?

we are looking to chnage the domain admin account password. Is there a way to find out in the domain what services on what server is running wih the domain admin account user and password? Most of the services within a Windows Domain will use the NetworkService authentication. The NetworkService is granted authority by your computer account, and computer account by the Domain Controllers. Be sure to doublecheck any SQL Servers for specifics. Steve Kline Microsoft Certified IT Professional: Server Administrator Microsoft Certified Product Specialist Microsoft Certified Network Product Specialist This posting is "as is" without warranties and confers no rights.

just in case someone did install a service and using the domain admin account. how can I find out?

just in case someone did install a service and using the domain admin account. how can I find out? Have you edited the security policy of each system to Audit Account Logons, this can be done with a security template or Group Policy Object deployment. Here's some instructions for GPO Deployment of Windows Event Subscriptions. http://msdn.microsoft.com/en-us/library/aa384372(VS.85).aspx You can track in event viewer to see if theres any logins using the Domain Admin credentials. You can also delegate a client or server to host a subscription event log. You can also use the instructions below to set up manually. To configure the Windows Vista or Windows Server 2008 machine to pull the events from your Server Core machine you need to perform the following steps: On the collector computer, run Event Viewer as an administrator. Click Subscriptions in the console tree. Click Add Subscription in the Actions menu. In Subscription Name, type a name for the subscription. In Description, provide an optional description. In Destination Log, select the log file where collected events are to be stored. By default, collected events are stored in the ForwardedEvents log. Click Add and select the computers from which events are to be collected. Click Select Events to display the Query Filter dialog box. Use the controls in the Query Filter dialog box to specify the criteria that events must meet to be collected. Click OK on the Subscription Properties dialog box. The subscription will be added to the Subscriptions pane and, if the operation was successful, the Status of the subscription will be Active. Then setup the subscription service on each system with this command. WINRM QUICKCONFIG PSTOOLS can make this really easy in a batch script to execute on many machines remotely. http://technet.microsoft.com/en-us/sysinternals/default.aspx psexec \\server "winrm quickconfig" Steve Kline Microsoft Certified IT Professional: Server Administrator Microsoft Certified Product Specialist Microsoft Certified Network Product Specialist This posting is "as is" without warranties and confers no rights.

Hi JonDoe321 , Thanks for post here. This can be done by script. Here is a sample VB script that will list all services name and account that establish services on the computer for you reference: Set objService = GetObject("winmgmts:") Set objCol = objService.ExecQuery("SELECT * FROM Win32_Service") For Each obj In objCol S = S & obj.DisplayName & " ( " & obj.StartName & " )" & vbCrLf Next WScript.Echo S I suggest you may like to initiate a new post to script guy forum for get further suggestion . The Official Scripting Guys Forum! http://social.technet.microsoft.com/Forums/en/ITCG/threads Thanks. Tiger Li Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.