Monday, February 9, 2015

Lesson 8: Understanding and Managing Windows Services

clip_image001
In today’s Geek School lesson, we’re going to teach you about Windows Services and how to manage them using the built-in utilities.
SCHOOL NAVIGATION
  1. Understanding Windows Administration Tools
  2. Using Task Scheduler to Run Processes Later
  3. Using Event Viewer to Troubleshoot Problems
  4. Understanding Hard Drive Partitioning with Disk Management
  5. Learning to Use the Registry Editor Like a Pro
  6. Monitoring Your PC with Resource Monitor and Task Manager
  7. Understanding the Advanced System Properties Panel
  8. Understanding and Managing Windows Services
  9. Using Group Policy Editor to Tweak Your PC
Over the years, people have spent a lot of time disabling and tweaking the configuration of Windows Services, and entire web sites have been devoted to understanding which services you can disable.
Thankfully modern versions of Windows have greatly streamlined the things that run as services, added the ability to delay them from starting until later, and allowed them to run only when triggered rather than all the time. The overall footprint of Windows has even decreased due to all this work.
But people still are determined to disable services. So today’s lesson is going to teach you about services, how to analyze them, remove them, or disable them. What we’re not going to do is give you an exact list of services to disable, because for the most part, you should leave the built-in services alone.

What Are Services Exactly?

Windows services are a special type of application that is configured to launch and run in the background, in some cases before the user has even logged in. They can be configured to run as the local system account. Services are designed to run continuously in the background and perform system tasks, like backing up your computer or running a server process that listens on a network port.
Back in the Windows XP days, services could be configured to run interactively and run alongside the rest of your applications, but since Vista, all services are forced to run in a special window session that can’t interact with your local desktop. So a service that tries to open a dialog box or show you a message won’t be allowed to do so.
Unlike regular applications, which can be simply launched and run under your user account, a service must be installed and registered with Windows, which requires an administrator account, and usually a User Account Control prompt before that happens. So if you don’t allow an application to run as administrator, it cannot just create a service to run in the background.

The Services Panel

Windows has always used the Services panel as a way to manage the services that are running on your computer. You can easily get there at any point by simply hitting WIN + R on your keyboard to open the Run dialog, and typing in services.msc.
The Services panel is fairly simple: there are a list of services, a status column to show whether it is running or not, and more information like name, description, and the startup type of the service. You’ll notice that not every service is running all the time.
clip_image002
While you can select a service and either right-click it or click the toolbar buttons to start, stop, or restart it, you can also double-click to open up the properties view and get more information.
Disabling the service is as simple as changing the Startup type drop-down to disabled and choosing Apply, although you can also change it to Manual or automatic with a delayed start. From this dialog you can see the full path to the executable as well, which can help in many cases when you want to see what exactly the service is running.
clip_image003
The Log On tab allows you to choose whether the service is logged on as the local system account or under another account. This is mostly useful in a server environment where you might want to run a service account from the domain that has access to resources on other servers.
clip_image004
You might notice the option for “Allow service to interact with desktop”, which we mentioned earlier – by default, services are not allowed to access your desktop unless this box is checked, and this checkbox is really only there for legacy support.
But just checking that box doesn’t immediately give them access – you would also need to make sure that the NoInteractiveServices value in the registry is set to 0, because when it is set to 1, that checkbox is ignored and services can’t interact with the desktop at all. Note: in Windows 8, the value is set to 1, and interactive services are prohibited.
clip_image005
Services aren’t supposed to be interactive because all windows exist in the same user terminal with access to common resources like the clipboard, and if they are running along with other processes there could be an issue where a malicious application running in a normal user process could attempt to gain more access through a service, and considering that services run as the local system account, that probably isn’t a good thing.
clip_image006
The Recovery tab allows you to choose options for what happens when the service fails. You can choose to automatically restart the service, which is generally the default option, or you can run a program or restart the computer.
The Run a program option is probably the most useful, since you could set Windows to automatically send out an email if the service fails more than once – a helpful option in a server environment. It’s definitely much less helpful on a regular desktop.
clip_image007
The dependencies tab shows which services depend on a particular service, and which services depend on the one you are looking at. If you are planning on disabling a service, you should probably consult this section first to make sure nothing else requires that service.

Looking at Services in Task Manager for Windows 8.x

The regular services panel hasn’t changed much in years, but thankfully there is a much better way to look at which services are running, and which of those services are using a lot of resources.
Task manager in Windows 8 has a new Services tab, which allows you to stop and start services, but also comes with a “Search online” option, and even more useful, the “Go to details” option.
clip_image008
Once you’ve selected Go to details from the menu, you’ll be switched over to the Details tab, and the process that is responsible for that service will be highlighted.
clip_image009
As you can see, the process responsible for the Distributed Link Tracking is taking up 28,712 K of memory, which seems like a lot, until you realize that the particular svchost.exe process is actually responsible for a whole bunch of services.
Right-click it again, and then select Go to Services, and you’ll see what we’re talking about. Now many services are selected in the Services window, and you’ll notice they are all in the LocalSystemNetworkRestricted group, and they are all currently running.
So that 28 MB of memory is actually being used for a whole set of services, which makes it more understandable why it is using all that memory.
clip_image010

Using Process Explorer to Look at Services

clip_image011
If you want a much clearer view of what services are running under each process, your best bet is to pull out Process Explorer, find the service in the list, double-click it, and then go to the Services tab. This method works on any version of Windows.
Hint: in Process Explorer all the services should be in the tree underneath services.exe.

Should You Disable Services?

Unfortunately, many crapware applications install Windows Services during their installation process, and use them to keep their nonsense running in the background and re-launching repeatedly. Other applications implement a Windows Service to provide functionality that you might not need. These are the services that you should disable.
Our general rule is that Microsoft’s built-in Windows services should be left alone – Windows 8 or even Windows 7 has done a good job of cutting down the services to just really important functionality, and you won’t gain much in the way of resources by disabling those services.
What you should definitely do, however, is look for any services that are not part of Windows, and try to deal with them instead. If you don’t have any idea what the service is, or it is for an application that you don’t want running all the time, you should do some research and decide whether to disable it.

Don’t Disable, Set to Manual

One of the rules that we like to follow is to avoid disabling services, since that can cause problems and errors. Instead, just try setting the service to Manual start.
clip_image012
If you find that a particular service needs to be running, but maybe doesn’t need to be running immediately, you can also change it to Automatic (Delayed Start) instead, which will delay starting until the system calms down after boot.

Administering Services from the Command Prompt

clip_image013
Some operations just can’t be done through the graphical user interface. If you want to delete a service, for example, you can only do that through the command line.
Note: please do NOT delete services.
You can query the status of a service using the sc command, like this:
sc qc eventlog
clip_image014
There are many other commands and operations that you can perform, including deleting a service, which we would only recommend if you have malware on your system that is running as a service.
sc delete <malwareservicename>
Do not delete services.
You can also do other things, like stopping and restarting services from the command prompt using the sc utility. For example, to stop the distributed link tracking client, use this command:
sc stop TrkWks
To start it again, use sc start <servicename>.
clip_image015

Final Thoughts

If you have services running that are wasting resources and slowing your computer down, you should simply uninstall and remove the applications that put them there. There’s really no reason to delete services, disable them, or anything else.
Because why disable something that needs to be uninstalled?
Next Page: Using Group Policy Editor to Tweak Your PC

No comments:

Post a Comment