Before I delve into how to write a service, you must at least know how an SCP can control a service. So I'll start off by examining a few SCP applications that ship with Windows.
The SCP application with which you should become most familiar is the Services snap-in, shown in Figure 3-2. This snap-in shows the list of all services installed on the target machine. The Name and Description columns identify each service's name and offer an informative description of the service's function. The Status column indicates whether the service is Started, Paused, or Stopped (blank entries indicate "stopped"). The Startup Type column indicates when the SCM should invoke the service, and the Log On As column indicates the security context used by the service when it is running.
This information is kept in the SCM's database, which lives inside the registry under the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services |
You should never access this subkey directly; instead, an SCP should call the Windows functions (discussed in the next chapter) that manipulate the database in this subkey. Directly modifying the contents of this key will yield unpredictable results. When you install a product that includes a service, the setup program for that product is an SCP that adds the service's information to the SCM's database.
You can view a remote SCM's service database by selecting the Computer Management node in the left pane of the Computer Management console and then choosing Connect To Another Computer from the Action menu.
Figure 3-2. Services snap-in
NOTE
All services that ship with Windows log on as the LocalSystem security context. This is a highly privileged account, and it is strongly recommended that any services you write also use the LocalSystem account.
So now that you're looking at the Services snap-in, you're probably wondering about all the tasks you can perform with it. Here are the most common operations:
The preceding list certainly accounts for 99 percent of what administrators do with the Services snap-in, but the snap-in can also be used to reconfigure a service. To change a service's settings, you select the service and then display its Properties dialog box. This dialog box contains four tabs; each tab allows the administrator to reconfigure parts of the selected service. The configurable settings are discussed in the following sections.
The General tab (shown in Figure 3-3) allows the administrator to examine and reconfigure general information about the service. The first fact you need to know is that each service goes by two string names: an internal name (used for programmatic purposes) and a display name (a pretty string presented to administrators and users). After being added to the machine's service database, a service's internal name cannot be altered, but the administrator can modify the service's display name and description. The General tab also shows the service's pathname but does not allow the administrator to change it. (This is a limitation imposed by the tab, not by the system.) The administrator can change the service's Startup Type to one of the following:
Figure 3-3. General tab for the Windows Installer service
In addition to configuring the actual service, the administrator can reconfigure the security context under which the service will execute on the Log On tab, shown in Figure 3-4. The security context can be one of the following:
I'll talk more about LocalSystem and user accounts in the "Service Issues" section later in this chapter.
The Log On tab also allows the administrator to specify which hardware profiles the service is enabled in. Hardware profiles allow you to configure services according to your hardware configuration. For example, you might want the fax service to run when your laptop computer is docked and not run when it is undocked.
Figure 3-4. Log On tab for the Distributed Link Tracking service
The Recovery tab, shown in Figure 3-5, allows the administrator to tell the SCM what actions to perform should the service terminate abnormally. Abnormal termination means that the service stopped without reporting a status of SERVICE_STOPPED (discussed later in this chapter). For the first, second, and subsequent attempts, the SCM can do nothing, automatically restart the service, run an executable, or reboot the computer. Note that running an executable and rebooting the computer can fail if the account under which the service is running doesn't have the appropriate privileges or permissions.
Figure 3-5. Recovery tab for the Fax Service service
The Dependencies tab, shown in Figure 3-6, shows the services on which the selected service depends and also what services depend on the selected service. In the figure, you'll see six services dependent on the Workstation service. If the administrator attempts to stop the Workstation service and any dependent services are running, the SCM fails the call. Many SCP programs are written to notify the user that dependent services are running, and to allow the user to choose whether to also stop the dependent services. The Dependencies tab does not allow an administrator to modify any of these dependencies. (I'll discuss service dependencies more in the next chapter.)
Figure 3-6. Dependencies tab for the Workstation service
In addition to the Services snap-in, Windows ships with a command-line SCP tool named Net.exe. This tool is limited in that it allows you to control only those services residing on the local machine. Using Net.exe, you can start, stop, pause, and continue services using the following syntax:
NET START servicename NET STOP servicename NET PAUSE servicename NET CONTINUE servicename |
You can also use Net.exe to display a list of services running on the local machine by simply typing the following, without specifying a servicename:
NET START |
For debugging, the Net.exe tool is quite handy because you can place calls to it in a batch file or other script file.
Another SCP application that Microsoft offers is a command-line tool named SC.exe. This tool ships as part of the Microsoft Windows 2000 Resource Kit. Running this tool without passing it any parameters displays its usage syntax, as shown here:
DESCRIPTION: SC is a command line program used for communicating with the NT Service Controller and services. USAGE: sc <server> [command] [service name] <option1> <option2>... The option <server> has the form \\ServerName Further help on commands can be obtained by typing: "sc [command]" Commands: query-----------Queries the status for a service, or enumerates the status for types of services. queryex---------Queries the extended status for a service, or enumerates the status for types of services. start-----------Starts a service. pause-----------Sends a PAUSE control request to a service. interrogate-----Sends an INTERROGATE control request to a service. continue--------Sends a CONTINUE control request to a service. stop------------Sends a STOP request to a service. config----------Changes the configuration of a service (persistant) description-----Changes the description of a service. failure---------Changes the actions taken by a service upon failure qc--------------Queries the configuration information for a service qdescription----Queries the description for a service. qfailure--------Queries the actions taken by a service upon failure delete----------Deletes a service (from the registry). create----------Creates a service. (adds it to the registry). control---------Sends a control to a service. sdshow----------Displays a service's security descriptor. sdset-----------Sets a service's security descriptor. GetDisplayName--Gets the DisplayName for a service. GetKeyName------Gets the ServiceKeyName for a service. EnumDepend------Enumerates Service Dependencies. The following commands don't require a service name: sc <server> <command> <option> boot------------(ok | bad) Indicates whether the last boot should be saved as the last-known-good boot configuration Lock------------Locks the Service Database QueryLock-------Queries the LockStatus for the SCManager Database EXAMPLE: sc start MyService Would you like to see help for the QUERY and QUERYEX commands? [ y | n ]: y QUERY and QUERYEX OPTIONS : If the query command is followed by a service name, the status for that service is returned. Further options do not apply in this case. If the query command is followed by nothing or one of the options listed below, the services are enumerated. type= Type of services to enumerate (driver, service, all) (default = service) state= State of services to enumerate (inactive, all) (default = active) bufsize= The size (in bytes) of the enumeration buffer (default = 1024) ri= The resume index number at which to begin the enumeration (default = 0) group= Service group to enumerate (default = all groups) SYNTAX EXAMPLES sc query - Enumerates status for active services & drivers sc query messenger - Displays status for the messenger service sc queryex messenger - Displays extended status for the messenger service sc query type= driver - Enumerates only active drivers sc query type= service - Enumerates only Win32 services sc query state= all - Enumerates all services & drivers sc query bufsize= 50 - Enumerates with a 50 byte buffer. sc query ri= 14 - Enumerates with resume index = 14 sc queryex group= "" - Enumerates active services not in a group sc query type= service type= interact - Enumerates all interactive services sc query type= driver group= NDIS - Enumerates all NDIS drivers |
While developing and debugging a service, this tool can help tremendously since it offers a rich command-line interface to all the service control options and can easily be used in a script file.