Thursday, April 30, 2015

Windows Server 2012 - Services

In some of my multi-part blog posts, I've examined some rather complex subjects such as Public Key Infrastructure (PKI) or various Exchange migration scenarios. In this post, I'd like to take a look at managing Windows services on Server 2012 R2. In particular, I noticed that there are (at least) three methods to manage services:

  1. Services.msc (GUI management console).
  2. sc.exe commands ("classic" command line).
  3. *-Service Powershell cmdlets: Get-Service, Set-Service, Stop-Service, Start-Service, etc..

The potential advantages of using Powershell rather than sc interests me in particular. For example, even though there are numerous Powershell cmdlets to manage network interfaces, it is my understanding that many administrators still prefer netsh.


I imagine that most Windows administrators are quite familiar with this interface with its four tabs.

Note: enter "services.msc" in the Start | Search box to open the console.

We can stop and start services (and more) by right-clicking on the service in question, in this case the Application Identity service:

I would wager over 90% of those reading this already know that but I'll compare this to the sc.exe and Powershell options later.

If we open the properties of a service, we have (as I wrote earlier) four tabs.

The general tab shows the names, description, start type and status of the service:

We can change the startup type and service status as needed.

Services "log on" and run under the credentials of an account, sometimes the Local System account or the Network Services account or a custom user account created in Active Directory with access to particular resources.

Under the Recovery tab, we configure behavior in case of failure of a service to start:

I do not believe I have ever needed to adjust the settings here but other admins may have had to.

Lastly, we can see service "dependencies" under the tab with the same name:

Basic service troubleshooting: if a service will not start, verify that the "pre-requisite" services are running first. In Microsoft Exchange, for example, if the Active Directory Topology Service is not running, many other Exchange services will simply refuse to start.


SC is a command-line tool that manages services. If we enter...


at the command prompt, a list of all the different commands will be displayed.

For example, sc query shows the status of a service. I'll use it to take a look at the Windows Remote Management service:

C:\>sc query winrm

        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0sc

Among other information, we can see that the service is running.

A similar command, "sc qc servicename" displays the configuration of a service. Once again, we'll use the WinRM service as an example:

C:\>sc qc winrm
[SC] QueryServiceConfig SUCCESS

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Windows Remote Management (WS-Management)
        DEPENDENCIES       : RPCSS
                           : HTTP

Here (above) we can see that the service is set to start automatically (AUTO_START).

We can stop, start, pause and continue services with these SC commands (plus the name of the service of course):

sc stop
sc start
sc pause
sc continue

We can configure the startup type as shown below. Note the space between the = sign and the start(up) type. I have edited out some data for readability (snips).

C:\>sc config AppIDSvc start= auto
[SC] ChangeServiceConfig SUCCESS

C:\>sc qc AppIDSvc
[SC] QueryServiceConfig SUCCESS

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL

C:\>sc config AppIDSvc start= demand
[SC] ChangeServiceConfig SUCCESS

C:\>sc qc AppIDSvc
[SC] QueryServiceConfig SUCCESS

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL

Now let's look at the equivalent Powershell commands...


We can see the various PowerShell cmdlets for managing services with this command:

PS C:\> Get-Command *service* | where { $_.CommandType -eq "Cmdlet" } | select name


Note that "service" is always singular. The command also returns a "New-WebServiceProxy" that I have edited out for clarity.

As with the command "sc query", all services will be displayed if I enter...


It may be more useful to use Get-Service to find the name of the service (if you do not know it already) and then specify it like this (we'll use the WinRM service again).

PS C:\> Get-Service WinRM

Status   Name               DisplayName
------      ----                      -----------
Running  WinRM     Windows Remote Management (WS-Manag...

Get-Service provides fewer details than SC QUERY but we can obtain more with the format-list cmdlet (fl for short):

PS C:\> Get-Service WinRM | fl

Name                : WinRM
DisplayName         : Windows Remote Management (WS-Management)
Status              : Running
DependentServices   : {}
ServicesDependedOn  : {RPCSS, HTTP}
CanPauseAndContinue : False
CanShutdown         : True
CanStop             : True
ServiceType         : Win32ShareProcess

This is quite comparable to the SC QUERY output and perhaps more readable.

Stopping and starting a service (or suspending and resuming) with the PowerShell cmdlets is very straight-forward:

PS C:\> Stop-Service WinRM
PS C:\> Get-Service WinRM | fl name,status

Name   : WinRM
Status : Stopped

PS C:\> Start-Service WinRM
PS C:\> Get-Service WinRM | fl name,status

Name   : WinRM
Status : Running

But what about the startup type of a service? You may have noticed that Get-Service does not display this property. You may recall that SC QUERY did not show this either (see above). We had to use SC QC.

It may seem strange that we can configure the startup type of a service with the Set-Service cmdlet (we'll see that in a moment) but cannot see the current status with Get-Service.

Instead, we have to use the cmdlet Get-Wmiobject win32_service:

PS C:\> Get-Wmiobject win32_service -filter "name = 'WinRM'"

ExitCode   : 0
Name        : WinRM
ProcessId  : 888
StartMode : Auto
State          : Running
Status        : OK

You are welcome to experiment but I found that the syntax must be exactly as indicated. None of these options will work:

get-wmiobject win32_service WinRM
get-wmiobject win32_service -name WinRM
get-wmiobject win32_service -filter "name=WinRM"
get-wmiobject win32_service -filter "name = WinRM"

This was the most concise variant of the cmdlet that would function:

PS C:\> gwmi win32_service -f "name='WinRM'"

Note that...
  • gwmi is the alias of Get-WmiObject
  • We use win32_service even with a x64 operating system. win64_service is not a valid wmi class.
  • We may place a space before and after the = sign for the filter or simply omit these spaces.

Now we'll change the startup type (simply to illustrate the procedure) and then change it back to the original settings.

PS C:\> Set-Service WinRM -StartupType Manual
PS C:\>
PS C:\> gwmi win32_service -f "name='WinRM'"

ExitCode  : 0
Name      : WinRM
ProcessId : 888
StartMode : Manual
State     : Running
Status    : OK

PS C:\> Set-Service WinRM -StartupType Auto
PS C:\>
PS C:\> gwmi win32_service -f "name='WinRM'"

ExitCode  : 0
Name      : WinRM
ProcessId : 888
StartMode : Auto
State     : Running
Status    : OK


And that will be all for this post on managing services with either the Services management console, the SC commands or the PowerShell cmdlets.

One word of caution!

Many services are essential for the proper functioning of the operating system. Changing the startup type of certain services could prevent the OS from starting correctly (or at all).

Common sense would dictate that we do not experiment with these commands on production computers.

No comments:

Post a Comment