Windows services are nothing more than continually running processes that are controlled by the Service Control Manager (SCM). Instead of directly creating a service process, you (or the system itself) sends a start or stop message to the SCM, which takes care of starting or stopping the associated process. The DHCP Client provided with the Windows operating system is an example of a service. It is responsible for requesting and renewing DHCP requests (i.e., obtaining an IP address dynamically), and, interestingly, performing dynamic DNS registrations. After the system begins the boot-up process, the SCM starts the DHCP Client service, which kicks off a process that runs in the background to handle DHCP requests. You can stop the DHCP Client service via the Services snap-in, which causes the SCM to terminate the underlying DHCP Client process. If you start the service, the SCM starts the process. Each service has a corresponding key in the Registry contained under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services. This stores basic configuration information about the service including service dependencies, the command line to execute to start the service, and startup type (automatic, manual, or disabled). You can find the associated registry key for a service by running the following command: > sc getkeyname "<ServiceDisplayName>" For example, this returns the key for the DHCP Client service: > sc getkeyname "DHCP Client" [SC] GetServiceKeyName SUCCESS Name = Dhcp For more information on service registry values, take a look at MS KB 103000 (CurrentControlSet\Services Subkey Entries). One of the knocks Windows 2000 received was that it had too many services enabled by default. This was both a good and a bad thing. On one hand, it meant that a lot of functionality was turned on out of the box. The downside was that many of the default services, such as IIS, had security issues, so all default installations were vulnerable. As a result, Microsoft changed their stance in Windows XP and Windows Server 2003, opting for a more secure approach. Many of the services that were started up by default in Windows 2000 are now disabled at startup in Windows Server 2003. For a list of the changes in the default startup mode, see MS KB 812519 (Services That Are Turned Off by Default in Windows Server 2003). For a list of the default services in Windows Server 2003, see Appendix F. Using a Graphical User Interface The primary graphical interface for managing services is the Services snap-in (services.msc). Largely unchanged since Windows 2000, the Services snap-in is the one-stop shop for stopping and starting services (Recipe 7.1), setting various service properties such as startup type (Recipe 7.4), service account (Recipe 7.5), recovery options (Recipe 7.6), and viewing service dependences ( Recipe 7.10). You can do all of these actions against a remote computer by right-clicking the Services icon in the left pane and selecting "Connect to another computer." There are a few tasks that you cannot do with the Services snap-in and you have to rely on other tools. For example, if you need to manually install or uninstall a service (Recipe 7.2 and Recipe 7.3), you'll need to use the Service Creation Wizard (srvinstw.exe), which is available in the Windows 2000 Resource Kit, or the Service Installer (instsrv.exe), which is available in the Windows Server 2003 Resource Kit Tools. Likewise, if you want to find services that have certain properties (e.g., find all services run under the Local System account and that have a startup type of Automatic), you'll need to use the sc.exe command-line utility (Recipe 7.8). Using a Command-Line Interface Table 7-1 lists the command-line utilities used in this chapter. The sc.exe utility is installed by default with Windows Server 2003, which makes it the de facto service management command-line tool. You can accomplish virtually any service management task with sc. If you are familiar with WMI and the Win32_Service class, which I'll discuss in the next section, you'll also want to take a look at the wmic.exe command. With it, you can tap into any Win32_Service properties or methods from the command line. Table 7-1. Command-line tools used in this chapter Tool | Windows Server 2003 | Windows 2000 | Recipes |
---|
eventquery.vbs | %SystemRoot%\System32 | N/A | 7.12 | instsrv | Windows Server 2003 Resource Kit | Windows 2000 Resource Kit | 7.2, 7.3 | net | %SystemRoot%\System32 | %SystemRoot%\System32 | 7.1 | ntrights | Windows Server 2003 Resource Kit | Windows 2000 Resource Kit Supplement 1 | 7.5 | psloglist | Sysinternals | Sysinternals | 7.12 | psservice | Sysinternals | Sysinternals | 7.1, 7.7, 7.8, 7.10 | qgrep | Windows Server 2003 Resource Kit | Windows 2000 Resource Kit | 7.12 | sc | %SystemRoot%\System32 | Windows 2000 Resource Kit Supplement 1 | 7.1-7.10 | subinacl | MS Download[1] | MS Download* | 7.13 | wmic | %SystemRoot%\System32\ Wbem | N/A | 7.1, 7.7 |
[1] subinacl is available in the Windows 2000 and Windows Server 2003 Resource Kits, but I advise downloading the latest version from the Microsoft Download site (http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en or by going to http://www.microsoft.com/downloads and searching for "subinacl"). There have been many updates to the tool and downloading the latest version is the best way to avoid bugs in the earlier versions. Using VBScript The primary interface for programmatically managing services is the Win32_Service WMI class. It is used extensively throughout this chapter. Table 7-2 lists the useful properties available with this class, and Table 7-3 contains the methods for this class. All of the properties are read-only. To modify a particular service setting, you have to use a method, such as Change. Table 7-2. Win32_Service properties Name | Description |
---|
AcceptPause | Boolean that indicates whether the service can be paused (some services cannot). | AcceptStop | Boolean that indicates whether the service can be stopped (some services cannot). | Caption | Short description of the service. | CheckPoint | The service increments this periodically to report its progress during a long start, stop, pause, or continue operation. For example, the service increments this value as it completes each step of its initialization when it is starting up. For services that do not have a start, stop, pause, or continue operation pending, this value should be zero. | Description | Textual description of the service. | DesktopInteract | Boolean that indicates whether the service interacts with the desktop. | DisplayName | Display name of the service. | ErrorControl | Severity of the error if this service fails to start during startup. | ExitCode | Windows error code defining any problems encountered in starting or stopping the service. This property is set to ERROR_SERVICE_SPECIFIC_ERROR (1066) when the error is unique to the service, and information about the error is available in the ServiceSpecificExitCode property. | DatetimeInstallDate | Date and time the service was installed (generally not populated). | Name | Short name for the service. This is the same name that appears as part of the service's Registry key and that you use to manage the service using the sc.exe utility. | PathName | Full command-line path the service invokes when starting. | ProcessId | Process ID (PID) of the process the service is being run from. | ServiceSpecificExitCode | Service-specific error code for errors that occur while the service is either starting or stopping. The exit codes are defined by the service represented by this class. This value is set only when the ExitCode property value is ERROR_SERVICE_SPECIFIC_ERROR (1066). | ServiceType | The type of service, which can be Kernel Driver, File System Driver, Adapter, Recognizer Driver, Own Process, Share Process, or Interactive Process. | Started | Boolean that indicates whether the service has been started. | StartMode | Startup mode for the service. | StartName | Account under which the service runs. | State | Current state of the service, which can be Stopped, Start Pending, Stop Pending, Running, Continue Pending, Pause Pending, Paused, or Unknown. | SystemName | Name of the system on which the service runs. | TagId | For services that are part of a service group, this ID number determines the relative order within the group where the service starts. A value of 0 or no value indicates the service is not loaded as part of a group. | WaitHint | Estimated time required (in milliseconds) for a start pending, stop, pause, or continue operation. After the specified amount of time has elapsed, the service makes a call to update its status with either an incremented CheckPoint value or a change in state. |
Table 7-3. Win32_Service methods Method Name | Method Description |
---|
StartService | Attempts to start the service. | StopService | Attempts to stop the service. | PauseService | Attempts to pause the service. | ResumeService | Attempts to resume the service. | InterrogateService | Requests that the service update its state with the SCM. | UserControlService | Sends user-defined control code to the service. | Create | Creates a new service. | Change | Modifies one or more properties of a service. These include DisplayName, PathName, ServiceType, ErrorControl, StartMode, DesktopInteract, StartName, StartPassword, LoadOrderGroup, LoadOrderGroupDependencies, and ServiceDependencies. | ChangeStartMode | Changes the startup mode of a service. | Delete | Deletes a service. |
|