Saturday, 20 March 2010

Scripting Services

Yes I'm back... sorry was so long between posts but cloud computing can keep even me busy.

OK down to business when dealing with Windows services and scripting it isn't always as easy as it first sounds, today I'm going to show you how to use SC command as this is the Swiss army knife of service in windows.

First of all you need to know if the service needs to be interact or not (Hear the question what does he mean) well an example of this is some Java applications that need to run Java Virtual Machine in order to run, however this can not be done as JVM runs in user session (interact) so you would need to start it with interactively this is something that NET START doesn't have the option for.

Note If you are not sure what service are running this way you can use sc query type= interact to list them.

The point to this is that simple NET START DEMO_SERVICE won't work as this doesn't have access to user sessions, so although you can stop the service using NET STOP DEMO_SERVICE it won't start again NET START

Now to fix this problem we have SC command example
sc start demo_service
SC command can also be used for changing the service startup type something that can't be done with simple NET START and STOP commands

For example we want to change demo_service to auto from disabled we can use
sc config demo_service start= auto
Or if you wanted to disable it you could use disabled instated of auto and demand (demand means manual)
sc config demo_service start= disabled

Now I'm sure some of you are thinking this is great but when would I even use all this?

Well now for the real world example lets say you have 200 servers using a service account Domain\java_user that starts the Java application you believe that the password has been compromised, now as you can imagine this would be a few hours work to change the password on each server manually.

So using your PSEXEC command has shown in previous postings to run sc config app_service password= NewPa55W0rd to change the service account password on all affected servers.

then you run
sc stop app_service
again with PSEXEC against all the servers and finally
sc start app_service
to start the services again.

result 200 servers with password changed and applied in less then 20 minutes with only 3 command lines.

Note when doing this in real world you would have them done in maybe two groups or more on load balanced network so you don't create an outage of the application when doing this.

No comments: