Introduction


Windows services are nothing more than continually running processes that are controlled by the Service Control Manager (SCM). Instead of directly creating a service process, you (or the system itself) sends a start or stop message to the SCM, which takes care of starting or stopping the associated process. The DHCP Client provided with the Windows operating system is an example of a service. It is responsible for requesting and renewing DHCP requests (i.e., obtaining an IP address dynamically), and, interestingly, performing dynamic DNS registrations. After the system begins the boot-up process, the SCM starts the DHCP Client service, which kicks off a process that runs in the background to handle DHCP requests. You can stop the DHCP Client service via the Services snap-in, which causes the SCM to terminate the underlying DHCP Client process. If you start the service, the SCM starts the process.

Each service has a corresponding key in the Registry contained under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services. This stores basic configuration information about the service including service dependencies, the command line to execute to start the service, and startup type (automatic, manual, or disabled). You can find the associated registry key for a service by running the following command:

> sc getkeyname "<ServiceDisplayName>"

For example, this returns the key for the DHCP Client service:

> sc getkeyname "DHCP Client" [SC] GetServiceKeyName SUCCESS  Name = Dhcp

For more information on service registry values, take a look at MS KB 103000 (CurrentControlSet\Services Subkey Entries).

One of the knocks Windows 2000 received was that it had too many services enabled by default. This was both a good and a bad thing. On one hand, it meant that a lot of functionality was turned on out of the box. The downside was that many of the default services, such as IIS, had security issues, so all default installations were vulnerable. As a result, Microsoft changed their stance in Windows XP and Windows Server 2003, opting for a more secure approach. Many of the services that were started up by default in Windows 2000 are now disabled at startup in Windows Server 2003. For a list of the changes in the default startup mode, see MS KB 812519 (Services That Are Turned Off by Default in Windows Server 2003). For a list of the default services in Windows Server 2003, see Appendix F.

Using a Graphical User Interface

The primary graphical interface for managing services is the Services snap-in (services.msc). Largely unchanged since Windows 2000, the Services snap-in is the one-stop shop for stopping and starting services (Recipe 7.1), setting various service properties such as startup type (Recipe 7.4), service account (Recipe 7.5), recovery options (Recipe 7.6), and viewing service dependences ( Recipe 7.10). You can do all of these actions against a remote computer by right-clicking the Services icon in the left pane and selecting "Connect to another computer."

There are a few tasks that you cannot do with the Services snap-in and you have to rely on other tools. For example, if you need to manually install or uninstall a service (Recipe 7.2 and Recipe 7.3), you'll need to use the Service Creation Wizard (srvinstw.exe), which is available in the Windows 2000 Resource Kit, or the Service Installer (instsrv.exe), which is available in the Windows Server 2003 Resource Kit Tools. Likewise, if you want to find services that have certain properties (e.g., find all services run under the Local System account and that have a startup type of Automatic), you'll need to use the sc.exe command-line utility (Recipe 7.8).

Using a Command-Line Interface

Table 7-1 lists the command-line utilities used in this chapter. The sc.exe utility is installed by default with Windows Server 2003, which makes it the de facto service management command-line tool. You can accomplish virtually any service management task with sc. If you are familiar with WMI and the Win32_Service class, which I'll discuss in the next section, you'll also want to take a look at the wmic.exe command. With it, you can tap into any Win32_Service properties or methods from the command line.

Table 7-1. Command-line tools used in this chapter

Tool

Windows Server 2003

Windows 2000

Recipes

eventquery.vbs

%SystemRoot%\System32

N/A

7.12

instsrv

Windows Server 2003 Resource Kit

Windows 2000 Resource Kit

7.2, 7.3

net

%SystemRoot%\System32

%SystemRoot%\System32

7.1

ntrights

Windows Server 2003 Resource Kit

Windows 2000 Resource Kit Supplement 1

7.5

psloglist

Sysinternals

Sysinternals

7.12

psservice

Sysinternals

Sysinternals

7.1, 7.7, 7.8, 7.10

qgrep

Windows Server 2003 Resource Kit

Windows 2000 Resource Kit

7.12

sc

%SystemRoot%\System32

Windows 2000 Resource Kit Supplement 1

7.1-7.10

subinacl

MS Download[1]

MS Download*

7.13

wmic

%SystemRoot%\System32\ Wbem

N/A

7.1, 7.7


[1] subinacl is available in the Windows 2000 and Windows Server 2003 Resource Kits, but I advise downloading the latest version from the Microsoft Download site (http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en or by going to http://www.microsoft.com/downloads and searching for "subinacl"). There have been many updates to the tool and downloading the latest version is the best way to avoid bugs in the earlier versions.

Using VBScript

The primary interface for programmatically managing services is the Win32_Service WMI class. It is used extensively throughout this chapter. Table 7-2 lists the useful properties available with this class, and Table 7-3 contains the methods for this class. All of the properties are read-only. To modify a particular service setting, you have to use a method, such as Change.

Table 7-2. Win32_Service properties

Name

Description

AcceptPause

Boolean that indicates whether the service can be paused (some services cannot).

AcceptStop

Boolean that indicates whether the service can be stopped (some services cannot).

Caption

Short description of the service.

CheckPoint

The service increments this periodically to report its progress during a long start, stop, pause, or continue operation. For example, the service increments this value as it completes each step of its initialization when it is starting up. For services that do not have a start, stop, pause, or continue operation pending, this value should be zero.

Description

Textual description of the service.

DesktopInteract

Boolean that indicates whether the service interacts with the desktop.

DisplayName

Display name of the service.

ErrorControl

Severity of the error if this service fails to start during startup.

ExitCode

Windows error code defining any problems encountered in starting or stopping the service. This property is set to ERROR_SERVICE_SPECIFIC_ERROR (1066) when the error is unique to the service, and information about the error is available in the ServiceSpecificExitCode property.

DatetimeInstallDate

Date and time the service was installed (generally not populated).

Name

Short name for the service. This is the same name that appears as part of the service's Registry key and that you use to manage the service using the sc.exe utility.

PathName

Full command-line path the service invokes when starting.

ProcessId

Process ID (PID) of the process the service is being run from.

ServiceSpecificExitCode

Service-specific error code for errors that occur while the service is either starting or stopping. The exit codes are defined by the service represented by this class. This value is set only when the ExitCode property value is ERROR_SERVICE_SPECIFIC_ERROR (1066).

ServiceType

The type of service, which can be Kernel Driver, File System Driver, Adapter, Recognizer Driver, Own Process, Share Process, or Interactive Process.

Started

Boolean that indicates whether the service has been started.

StartMode

Startup mode for the service.

StartName

Account under which the service runs.

State

Current state of the service, which can be Stopped, Start Pending, Stop Pending, Running, Continue Pending, Pause Pending, Paused, or Unknown.

SystemName

Name of the system on which the service runs.

TagId

For services that are part of a service group, this ID number determines the relative order within the group where the service starts. A value of 0 or no value indicates the service is not loaded as part of a group.

WaitHint

Estimated time required (in milliseconds) for a start pending, stop, pause, or continue operation. After the specified amount of time has elapsed, the service makes a call to update its status with either an incremented CheckPoint value or a change in state.


Table 7-3. Win32_Service methods

Method Name

Method Description

StartService

Attempts to start the service.

StopService

Attempts to stop the service.

PauseService

Attempts to pause the service.

ResumeService

Attempts to resume the service.

InterrogateService

Requests that the service update its state with the SCM.

UserControlService

Sends user-defined control code to the service.

Create

Creates a new service.

Change

Modifies one or more properties of a service. These include DisplayName, PathName, ServiceType, ErrorControl, StartMode, DesktopInteract, StartName, StartPassword, LoadOrderGroup, LoadOrderGroupDependencies, and ServiceDependencies.

ChangeStartMode

Changes the startup mode of a service.

Delete

Deletes a service.




Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net