What is Service Control?
The SC command duplicates some aspects of the NET command but adds the ability to create a service.
To retrieve specific information from SC's output, pipe into FIND or FindStr:
The SC command duplicates some aspects of the NET command but adds the ability to create a service.
You can use Service Control(SC.exe) to Create, Start, Stop, Query or Delete any Windows SERVICE. The command options for SC are case sensitive.
Syntax: SC [\\server] [command] [service_name] [Options]
Key's:
- server: The machine where the service is running
- service_name: The KeyName of the service, this is often but not always the same as the DisplayName shown in Control Panel, Services.
- You can get the KeyName by running: SC GetKeyName <DisplayName>
Commands:
- query [qryOpt] - Show status
- queryEx [qryOpt] - Show extended info - pid, flags
- GetDisplayName - Show the DisplayName
- GetKeyName - Show the ServiceKeyName
- EnumDepend - Show Dependencies
- qc - Show config-dependencies, full path etc
- start - START a service.
- stop - STOP a service
- pause - PAUSE a service.
- continue - CONTINUE a service.
- create - Create a service. (add it to the registry)
- config - permanently change the service configuration
- delete - Delete a service (from the registry)
- control - Send a control to a service
- interrogate - Send an INTERROGATE control request to a service
- Qdescription - Query the description of a service
- description - Change the description of a service
- Qfailure - Query the actions taken by a service upon failure
- failure - Change the actions taken by a service upon failure
- sdShow - Display a service's security descriptor using SDDL
- SdSet - Sets a service's security descriptor using SDDL
qryOpt Command:
- type= driver|service|all - Query specific types of service
- state= active|inactive|all - Query services in a particular state only
- bufsize= bytes
- ri= resume_index_number (default=0)
- group= groupname - Query services in a particular group
Misc commands that don't require a service name:
- SC QueryLock - Query the LockStatus for the ServiceManager Database, this will show if a service request is running
- SC Lock - Lock the Service Database
- SC BOOT -Values are {ok | bad} Indicates whether to save the last restart configuration as the last-known-good restart configuration
Options:
The CREATE and CONFIG commands allow additional options to be set, see the build-in help: 'SC create' and 'SC config'.
Note: The qryOpt options above are case sensitive - they must be entered in lower case, also the position of spaces and = must be written exactly as shown.
Ex:SC query will display if a service is running, giving output like this:
SERVICE_NAME: messenger
TYPE: 20 WIN32_SHARE_PROCESS
STATE: 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE: 0 (0x0)
SERVICE_EXIT_CODE: 0 (0x0)
CHECKPOINT: 0x0
WAIT_HINT: 0x0
To retrieve specific information from SC's output, pipe into FIND or FindStr:
- C:\> SC query messenger | FIND "STATE" | FIND "STOPPED"
- C:\> SC query messenger | FIND "STATE" | FIND "RUNNING"
The statements above will return an %ERRORLEVEL% = 1 if the text is not found
IF errorlevel 1 GOTO: my_subroutine
NET START command can be used in a similar way to check if a service is running:
- NET START | FIND "Service name" > nul
- IF errorlevel 1 ECHO The service is not running
The service control manager will normally wait up to 30 seconds to allow a service to start.
You can modify this time (30,000 milliseconds) in the registry:
You can modify this time (30,000 milliseconds) in the registry:
- HKLM\SYSTEM\CurrentControlSet\Control
- ServicesPipeTimeout (REG_DWORD)
Some options only take effect at the point when the service is started.
Ex: The SC config command allows the executable of a service to be changed. When the service next starts up it will run the new executable. Config changes requires the current user to have “permission to configure the service”.
Ex: The SC config command allows the executable of a service to be changed. When the service next starts up it will run the new executable. Config changes requires the current user to have “permission to configure the service”.
Examples:
- SC GetKeyName "task scheduler"
- SC GetDisplayName schedule
- SC start schedule
- SC QUERY schedule
- SC QUERY type= driver
- SC QUERY state= all |findstr "DISPLAY_NAME STATE" >svc_installed.txt
- SC \\myServer CONFIG myService obj= LocalSystem password= mypassword
- SC CONFIG MyService binPath=c:\myprogram.exe obj=".\LocalSystem" password=""
Imp:Watch out for extra spaces:
SC QUERY state= all Works
SC QUERY state= all Works
SC QUERY sTate =all Fails!
No comments:
Post a Comment