Session Separation

Service Control Manager

With the basics of services out of the way, let's next meet the program that manages them, the aptly named Service Control Manager (SCM), and its very useful configuration tool sc.exe. SCM has been the Windows component that manages services since Windows 95. SCM mainly:

• Takes care of starting services, whether they start automatically or manually

• Keeps track of which services are currently installed

• Manages communications with currently running services, such as requests to shut down

The SCM built into Windows Vista includes several very important changes that let us harden services more easily.

The Services MMC that you've probably seen before, services.msc, is part of the SCM, as is a very useful command-line tool sc.exe that existed in previous versions of Windows, but only as a Resource Kit or Support Tools application. Its inclusion in Vista is a welcome one. SCM itself is a program called services.exe; a look at Process Explorer will show that all of your svchosts were started by services.exe. sc.exe is an extremely powerful command, but it's got a quirk or two. Here's the basic syntax for sc.exe:

 sc [servername] command servicename [options...] 

You can use sc.exe to control remote systems, as the servername parameter suggests. command is any one of dozens of commands, only a few of which we will be able to cover in this chapter. servicename is something called the "key name" for whatever service you want to control. For example, the Group Policy Client service has key name of "gpsvc." (That human-friendly name "Group Policy Client" is called the "display name.") It's called a key name because gpsvc is the name of the Registry key that contains the configuration information for the Group Policy Client, which is in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gpsvc. Just on the off chance that you don't speak Registry fluently, though, you can get sc.exe to cough up the key name from the display name by typing sc getkeyname “display name”, as in

 C:\>sc getkeyname "group policy client" [SC] GetServiceKeyName SUCCESS Name = gpsvc 

While we haven't got space to cover all of the sc.exe commands here, let's cover a few basic and useful ones. stop, start, pause, and continue will stop, start, pause, or continue a service, as in sc stop dnscache, which will stop the DNS Client service. getdisplayname will, if fed a key name, produce the service's display name, reversing the display-name-to-key-name lookup we saw earlier. config will, in combination with some options, let you configure a service as you can from the Services GUI snap-in. For example, to make the DNS client service, which again has the key name of dnscache, a manual-start service (not a good idea), you'd type

 sc config dnscache start= demand 

Notice a quirk in sc.exe 's syntax there: you've got to put a space between "start=" and "demand." All of the options for sc.exe work that way.