Managing System Services

Previous page
Table of content
Next page

  < Day Day Up > 


Services provide key functions to workstations and servers. To manage system services on local and remote systems, you’ll use the service controller command SC, which has several subcommands, only some of which are explored here. The sections that follow discuss each of these subcommands:

  • SC config Configures service startup and logon accounts

  • SC query Displays the list of all services configured on the computer

  • SC qc Displays the configuration of a specific service

  • SC start Starts services

  • SC stop Stops services

  • SC pause Pauses services

  • SC continue Resumes services

  • SC failure Sets the actions to take upon failure of a service

  • SC qfailure Views the actions to take upon failure of a service

With all commands, you can specify the name of the remote computer whose services you want to work with. To do this, insert the UNC name or IP address of the computer before the subcommand you want to use. This makes the syntax

sc ServerName Subcommand

Viewing Configured Services

To get a list of all services configured on a system, type the following command at the command prompt:

sc query type= service state= all

or

sc ServerName query type= service state= all

where ServerName is the UNC name or IP address of the remote computer, such as \\Mailer1 or \\192.168.1.100, as shown in the following examples:

sc \\Mailer1 query type= service state= all
sc \\192.168.1.100 query type= service state= all

Note

There must be a space after the equal sign (=) as used with type= service and state= all. If you don’t use a space, the command will fail.

With the state flag, you can also use the value active (to show running services only) or inactive (to show all paused or stopped services). Consider the following examples:

sc \\Mailer1 query type= service state= active
sc \\Mailer1 query type= service state= inactive

In the first example, you query MAILER1 for a list of all services that are running. In the second example, you query MAILER1 for a list of all services that are stopped.

The output of SC query shows the services and their configurations. Each service entry is formatted as follows:

SERVICE_NAME: W3SVC
DISPLAY_NAME: World Wide Web Publishing Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

As an administrator, the fields you will work with the most are

  • Service Name The abbreviated name of the service. Only services installed on the system are listed here. If a service you need isn’t listed, you’ll need to install it.

  • Display Name The descriptive name of the service.

  • State The state of the service as Running, Paused, or Stopped.

As you’ll see if you run the SC query command, the output is very long and is best used with a filter to get only the information you want to see. For example, if you use the following command, you clean up the output to show only the most important fields:

sc query type= service | find /v "x0"

Here you pipe the output of SC query through the FIND command and clean up the output so the service entries appear, as shown in this example:

SERVICE_NAME: W3SVC
DISPLAY_NAME: World Wide Web Publishing Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)

Note

The parameter /V “x0” tells the FIND command to display only lines of output that do not contain the text x0, which is the common text on WIN32_Exit_Code, Service_Exit_Code, Checkpoint, and Wait_Hint fields. By specifying that you don’t want to see lines of output that contain this value, you therefore remove these unwanted fields from the display.

If you know the name of a service you want to work with, you can use SC qc to display its configuration information. The syntax is

sc qc ServiceName

where ServiceName is the name of the service you want to examine. The output for individual services looks like this:

SERVICE_NAME: w3svc
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\System32\svchost.exe -k
         iissvcs
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : World Wide Web Publishing Service
        DEPENDENCIES       : RPCSS
                           : HTTPFilter
                           : IISADMIN
        SERVICE_START_NAME : LocalSystem

Note that the output doesn’t tell you the current status of the service. It does, however, tell you the following:

  • Binary Path Name The file path to the executable for the service

  • Dependencies Services that cannot run unless the specified service is running

  • Display Name The descriptive name of the service

  • Service Start Name The name of the user account the service logs on as

  • Start Type The startup configuration of the service

    Note

    Services that are configured to start automatically are listed as AUTO_START. Services that are configured to start manually are listed as DEMAND_START. Services that are disabled are listed as DISABLED.

  • Type The type of service and whether it is a shared process

    Note

    When you are configuring a service logon, it is sometimes important to know whether a process runs in its own context or is shared. Shared processes are listed as WIN32_SHARE_PROCESS. Processes that run in their own context are listed as WIN32_OWN_PROCESS.

Starting, Stopping, and Pausing Services

As an administrator, you’ll often have to start, stop, or pause Windows services. The related SC commands and their syntaxes are

Start a service: 

sc start ServiceName

Pause a service: 

sc pause ServiceName

Resume a paused service: 

sc continue ServiceName

Stop a service: 

sc stop ServiceName

where ServiceName in each case is the abbreviated name of the service you want to work with, such as

sc start w3svc

As with all SC commands, you can also specify the name of the remote computer whose services you want to work with. For example, to start the w3svc on MAILER1, you would use the following command:

sc \\Mailer1 start w3svc

The state listed in the results should show START_PENDING. With stop, pause, and continue you’ll see STOP_PENDING, PAUSE_PENDING, and CONTINUE_PENDING respectively as well. If an error results, the output states FAILED and error text is provided to describe the reason for the failure in more detail. If you are trying to start a service that is already started, you’ll see the error

An instance of the service is already running.

If you are trying to stop a service that is already stopped, you’ll see the error

The service has not been started.

Configuring Service Startup

You can set Windows services to start manually or automatically. You can also turn them off permanently by disabling them. You configure service startup using

sc config ServiceName start= flag

where ServiceName is the abbreviated name of the service you want to work with and flag is the startup type to use. For services, valid flag values are

  • Auto Start service at system startup

  • Demand Allow the services to be started manually

  • Disabled Turns off the service

Following this, you can configure a service to start automatically by using:

sc config w3svc start= auto

or

sc \\Mailer1 config w3svc start= auto
Note

There must be a space after the equal sign (=) as used with start= auto. If you don’t use a space, the command will fail. Note also the command only reports SUCCESS or FAILURE. It won’t tell you that the service was already configured in the startup mode you’ve specified.
Security Alert

Disabling a service doesn’t stop a running service. It only prevents it from being started the next time the computer is booted. To ensure the service is disabled and stopped, run SC stop and then SC config.

Configuring Service Logon

You can configure Windows services to log on as a system account or as a specific user. To ensure a service log on as the LocalSystem account, use

sc config ServiceName obj= LocalSystem

where ServiceName is the name of the service you are configuring to use the LocalSystem account. If the service provides a user interface that can be manipulated, add the flags type= interact type= own, as shown in the following example:

sc config w3svc obj= LocalSystem type= interact type= own

The type= interact flag specifies that the service is allowed to interact with the Windows desktop. The type= own flag specifies that the service runs in its own process. In the case of a service that shares its executable files with other services, you would use the type= share flag, as shown in this example:

sc config w3svc obj= LocalSystem type= interact type= share
Tip

If you don’t know whether a service runs as a shared process or in its own context, use SC qc to determine the service’s start type. This command is discussed in the section of this chapter titled “Viewing Configured Services.”

Services can also log on using named accounts. To do this, use

sc config ServiceName obj= [Domain\]User password= Password

where Domain is the optional domain name in which the user account is located, User is the name of the user account whose permissions you want to use, and Password is the password of that account. Consider the following example:

sc config w3svc obj= adatum\webbies password= blue5!CraZy

Here, you configure W3svc to use the Webbies account in the Adatum domain. The output of the command should state SUCCESS or FAILED. The change will fail if the account name is invalid or doesn’t exist, or if the password for the account is invalid.

Note

If a service has been previously configured to interact with the desktop under the LocalSystem account, you cannot change the service to run under a domain account without using the type= own flag. The syntax therefore becomes sc config ServiceName obj= [Domain\]User password= Password type= own.
Security Alert

As an administrator, you should keep track of any accounts that are used with services. These accounts can be the source of huge security problems if they’re not configured properly. Service accounts should have the strictest security settings and as few permissions as possible while allowing the service to perform necessary functions. Typically, accounts used with services don’t need many of the permissions you would assign to a normal user account. For example, most service accounts don’t need the right to log on locally. Every administrator should know what service accounts are used (so they can better track use of these accounts), and the accounts should be treated as if they were administrator accounts. This means secure passwords, careful monitoring of account usage, careful application of account permissions and privileges, and so on.

Configuring Service Recovery

Using the SC failure command, you can configure Windows services to take specific actions when a service fails. For example, you can attempt to restart the service or run an application.

You can configure recovery options for the first, second, and subsequent recovery attempts. The current failure count is incremented each time a failure occurs. You can also set a parameter that specifies the time that must elapse before the failure counter is reset. For example, you could specify that if 24 hours have passed since the last failure, the failure counter should be reset.

Before you try to configure service recovery, check the current recovery settings using SC qfailure. The syntax is

sc qfailure ServiceName

where ServiceName is the name of the service you want to work with, such as

sc qfailure w3svc

You can of course specify a remote computer as well, such as

sc \\Mailer1 qfailure w3svc

or

sc \\192.168.1.100 qfailure w3svc

In the output, the failure actions are listed in the order they are performed. In the following example output, W3svc is configured to attempt to restart the service the first and second time the service fails and to restart the computer if the service fails a third time:

[SC] QueryServiceConfig2 SUCCESS
 
SERVICE_NAME: w3svc
       RESET_PERIOD (in seconds)   : 86400
       REBOOT_MESSAGE              :
       COMMAND_LINE                :
       FAILURE_ACTIONS             : RESTART -- Delay = 1 milliseconds.
                                    RESTART -- Delay = 1 milliseconds.
                                   REBOOT -- Delay = 1000 milliseconds.

Note

Windows automatically configures recovery for some critical system services during installation. Typically, these services are configured so that they attempt to restart the service. A few services are configured so that they run programs. For example, the IIS Admin service is configured to run a program called Iisreset.exe if the service fails. This program is an application that corrects service problems and safely manages dependent IIS services while working to restart the IIS Admin service.

The command you use to configure service recovery is SC failure and its basic syntax is

sc failure ServiceName reset= FailureResetPeriod actions=  RecoveryActions

where ServiceName is the name of the service you are configuring, FailureResetPeriod specifies the time, in seconds, that must elapse without failure in order to reset the failure counter, and RecoveryActions are the actions to take when failure occurs plus the delay time (in milliseconds) before that action is initiated. The available recovery actions are

  • Take No Action The operating system won’t attempt recovery for this failure but might still attempt recovery of previous or subsequent failures.

  • Restart The Service Stops and then starts the service after a brief pause.

  • Run A Program Allows you to run a program or a script in case of failure. The script can be a batch program or a Windows script. If you select this option, set the full file path to the program you want to run and then set any necessary command-line parameters to pass in to the program when it starts.

  • Reboot The Computer Shuts down and then restarts the computer after the specified delay time is elapsed.

Best Practices

When you configure recovery options for critical services, you might want to try to restart the service on the first and second attempts and then reboot the server on the third attempt.

When you work with SC failure, keep the following in mind:

  • The reset period is set in seconds. Reset periods are commonly set in multiples of hours or days. An hour is 3,600 seconds and a day is 86,400 seconds. For a two-hour reset period, for example, you’d use the value 7,200.

  • Each recovery action must be followed by the time to wait (in milliseconds) before performing the action. For a service restart you’ll probably want to use a short delay, such as 1 millisecond (no delay), 1 second (1,000 milliseconds), or 5 seconds (5,000 milliseconds). For a restart of the computer, you’ll probably want to use a longer delay, such as 15 seconds (15,000 milliseconds) or 30 seconds (30,000 milliseconds).

  • Enter the actions and their delay times as a single text entry with each value separated by a forward slash (/). For example, you could use the value: restart/1000/restart/1000/reboot/15000. Here, on the first and second attempts the service is restarted after a 1-second delay, and on the third attempt the computer is rebooted after a 15-second delay.

Consider the following examples:

sc failure w3svc reset= 86400 actions= restart/1/restart/1/reboot/30000

Here, on the first and second attempts the service is restarted almost immediately, and on the third attempt the computer is rebooted after a 30-second delay. In addition, the failure counter is reset if no failures occur in a 24-hour period (86,400 seconds). You can also specify a remote computer by inserting the UNC name or IP address as shown in previous examples.

If you use the Run action, you specify the command or program to run using the Command= parameter. Follow the Command= parameter with the full file path to the command to run and any arguments to pass to the command. Be sure to enclose the command path and text in double quotation marks, as in the following example:

sc failure w3svc reset= 86400 actions= restart/1/restart/1/run/30000 
command= "c:\restart_w3svc.exe 15"


  < Day Day Up > 


Previous page
Table of content
Next page
Microsoft Windows Command-Line Administrator's Pocket Consultant
MicrosoftВ® WindowsВ® Command-Line Administrators Pocket Consultant
ISBN: 0735620385
EAN: 2147483647
Year: 2004
Pages: 114
Authors: William R. Stanek
BUY ON AMAZON
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
GO! with Microsoft Office 2003 Brief (2nd Edition)
The Oracle Hackers Handbook: Hacking and Defending Oracle
MPLS Configuration on Cisco IOS Software
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy