Windows service

sc
Developer(s)	Microsoft, ReactOS Contributors
Operating system	Windows, ReactOS
Type	Command
License	Windows: Proprietary commercial software ; ReactOS: GNU General Public License
Website	docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc754599(v%3dws.11)

Last updated February 12, 2024

In Windows NT operating systems, a Windows service is a computer program that operates in the background.^[1] It is similar in concept to a Unix daemon.^[1] A Windows service must conform to the interface rules and protocols of the Service Control Manager, the component responsible for managing Windows services. It is the Services and Controller app, services.exe, that launches all the services and manages their actions, such as start, end, etc.^[2]

Windows services can be configured to start when the operating system is started and run in the background as long as Windows is running. Alternatively, they can be started manually or by an event. Windows NT operating systems include numerous services which run in context of three user accounts: System, Network Service and Local Service. These Windows components are often associated with Host Process for Windows Services. Because Windows services operate in the context of their own dedicated user accounts, they can operate when a user is not logged on.

Prior to Windows Vista, services installed as an "interactive service" could interact with Windows desktop and show a graphical user interface. In Windows Vista, however, interactive services are deprecated and may not operate properly, as a result of Windows Service hardening.^[3]^[4]

Administration

Windows administrators can manage services via:

The Services snap-in (found under Administrative Tools in Windows Control Panel)
Sc.exe
Windows PowerShell

Services snap-in

The Services snap-in, built upon Microsoft Management Console, can connect to the local computer or a remote computer on the network, enabling users to:^[1]

view a list of installed services along with service name, descriptions and configuration
start, stop, pause or restart services^[5]
specify service parameters when applicable
change the startup type. Acceptable startup types include:
- Automatic: The service starts at system startup.
- Automatic (Delayed): The service starts a short while after the system has finished starting up. This option was introduced in Windows Vista in an attempt to reduce the boot-to-desktop time. However, not all services support delayed start.^[6]
- Manual: The service starts only when explicitly summoned.
- Disabled: The service is disabled. It will not run.
change the user account context in which the service operates
configure recovery actions that should be taken if a service fails
inspect service dependencies, discovering which services or device drivers depend on a given service or upon which services or device drivers a given service depends
export the list of services as a text file or as a CSV file

Command line

The command-line tool to manage Windows services is sc.exe. It is available for all versions of Windows NT.^[7] This utility is included with Windows XP ^[8] and later^[9] and also in ReactOS.

The sc command's scope of management is restricted to the local computer. However, starting with Windows Server 2003, not only can sc do all that the Services snap-in does, but it can also install and uninstall services.^[9]

The sc command duplicates some features of the net command.^[10]

The ReactOS version was developed by Ged Murphy and is licensed under the GPL.^[11]

sc sub-commands
Name	Description	Windows support	ReactOS support
query	Show service status	Yes	Yes
queryex	Show extended service info (e.g. pid, flags)	Yes	Yes
start	Start a service	Yes	Yes
pause	Pause a service	Yes	Yes
interrogate	Send an INTERROGATE control request to a service	Yes	Yes
continue	Continue a service	Yes	Yes
stop	Stop a service	Yes	Yes
config	permanently change the service configuration	Yes	Yes
description	Change a service description	Yes	Yes
failure	Change the actions taken by a service upon failure	Yes	Yes
failureflag		Yes	No
sidtype		Yes	No
privs		Yes	No
managedaccount		Yes	No
qc	Show the service config (e.g. dependencies, full path etc.)	Yes	Yes
qdescription	Query a service description	Yes	Yes
qfailure		Yes	No
qfailureflag		Yes	No
qsidtype		Yes	No
qprivs		Yes	No
qtriggerinfo		Yes	No
qpreferrednode		Yes	No
qmanagedaccount		Yes	No
qprotection		Yes	No
quserservice		Yes	No
delete	Delete a service	Yes	Yes
create	Create a service	Yes	Yes
control	Send a control to a service	Yes	Yes
sdshow	Display a service's security descriptor using SDDL	Yes	Yes
sdset	Sets a service's security descriptor using SDDL	Yes	Yes
showsid		Yes	No
triggerinfo		Yes	No
preferrednode		Yes	No
GetDisplayName	Show the service DisplayName	Yes	Yes
GetKeyName	Show the service ServiceKeyName	Yes	Yes
EnumDepend	Show the service Dependencies	Yes	Yes
boot		Yes	No
Lock		Yes	No
QueryLock		Yes	No

Examples

The following example enumerates the status for active services & drivers.^[12]

C:\>sc query

The following example displays the status for the Windows Event log service.^[12]

C:\>sc query eventlog

PowerShell

The Microsoft.PowerShell.Management PowerShell module (included with Windows) has several cmdlets which can be used to manage Windows services:

Get-Service^[13]
New-Service^[14]
Restart-Service^[15]
Resume-Service^[16]
Set-Service^[17]
Start-Service^[18]
Stop-Service^[19]
Suspend-Service^[20]

Other management tools

Windows also includes components that can do a subset of what the snap-in, Sc.exe and PowerShell do. The net command can start, stop, pause or resume a Windows service.^[21] In Windows Vista and later, Windows Task Manager can show a list of installed services and start or stop them. MSConfig can enable or disable (see startup type description above) Windows services.

Installation

Windows services are installed and removed via *.INF setup scripts by SetupAPI; an installed service can be started immediately following its installation, and a running service can be stopped before its deinstallation.^[22]^[23]^[24]

Development

Writing native services

For a program to run as a Windows service, the program needs to be written to handle service start, stop, and pause messages from the Service Control Manager (SCM) through the System Services API. SCM is the Windows component responsible for managing service processes.

Wrapping applications as a service

The Windows Resource Kit for Windows NT 3.51, Windows NT 4.0 and Windows 2000 provides tools to control the use and registration of services: SrvAny.exe acts as a service wrapper to handle the interface expected of a service (e.g. handle service_start and respond sometime later with service_started or service_failed) and allow any executable or script to be configured as a service. Sc.exe allows new services to be installed, started, stopped and uninstalled.^[25]

Related Research Articles

Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and designed for businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officially released to retail on February 17, 2000 and September 26, 2000 for Windows 2000 Datacenter Server. It was Microsoft's business operating system until the introduction of Windows XP Professional in 2001.

In computing, at is a command in Unix-like operating systems, Microsoft Windows, and ReactOS used to schedule commands to be executed once, at a particular time in the future.

A background process is a computer process that runs behind the scenes and without user intervention. Typical tasks for these processes include logging, system monitoring, scheduling, and user notification.

Windows Update is a Microsoft service for the Windows 9x and Windows NT families of the Microsoft Windows operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers software updates for Windows, as well as the various Microsoft antivirus products, including Windows Defender and Microsoft Security Essentials. Since its inception, Microsoft has introduced two extensions of the service: Microsoft Update and Windows Update for Business. The former expands the core service to include other Microsoft products, such as Microsoft Office and Microsoft Expression Studio. The latter is available to business editions of Windows 10 and permits postponing updates or receiving updates only after they have undergone rigorous testing.

In computing, kill is a command that is used in several popular operating systems to send signals to running processes.

Command Prompt, also known as cmd.exe or cmd, is the default command-line interpreter for the OS/2, eComStation, ArcaOS, Microsoft Windows, and ReactOS operating systems. On Windows CE .NET 4.2, Windows CE 5.0 and Windows Embedded CE 6.0 it is referred to as the Command Processor Shell. Its implementations differ between operating systems, but the behavior and basic set of commands are consistent. cmd.exe is the counterpart of COMMAND.COM in DOS and Windows 9x systems, and analogous to the Unix shells used on Unix-like systems. The initial version of cmd.exe for Windows NT was developed by Therese Stowell. Windows CE 2.11 was the first embedded Windows release to support a console and a Windows CE version of cmd.exe. The ReactOS implementation of cmd.exe is derived from FreeCOM, the FreeDOS command line interpreter.

Messenger service is a network-based system notification Windows service by Microsoft that was included in some earlier versions of Microsoft Windows.

Windows Preinstallation Environment is a lightweight version of Windows used for the deployment of PCs, workstations, and servers, or troubleshooting an operating system while it is offline. It is intended to replace MS-DOS boot disks and can be booted via USB flash drive, PXE, iPXE, CD, DVD, or hard disk. Traditionally used by large corporations and OEMs, it is now widely available free of charge via Windows Assessment and Deployment Kit (WADK).

In computing, SUBST is a command on the DOS, IBM OS/2, Microsoft Windows and ReactOS operating systems used for substituting paths on physical and logical drives as virtual drives.

The booting process of Windows NT is the process run to start Windows NT. The process has been changed between releases, with the biggest changes being made with Windows Vista. In versions before Vista, the booting process begins when the BIOS loads the Windows NT bootloader, NTLDR. Starting with Vista, the booting process begins with either the BIOS or UEFI load the Windows Boot Manager, which replaces NTLDR as the bootloader. Next, the bootloader starts the kernel, which starts the session manager, which begins the login process. Once the user is logged in, File Explorer, the graphical user interface used by Windows NT, is started.

In computing, regsvr32 is a command-line utility in Microsoft Windows and ReactOS for registering and unregistering DLLs and ActiveX controls in the operating system Registry. Despite the suffix "32" in the name of the file, there are both 32-bit and 64-bit versions of this utility. regsvr32 requires elevated privileges.

The Client/Server Runtime Subsystem, or csrss.exe, is a component of the Windows NT family of operating systems that provides the user mode side of the Win32 subsystem. In modern versions of Windows, it is primarily involved with process and thread management, console window handling, side-by-side assembly loading and the shutdown process. Historically, it had also been responsible for window management and graphics rendering, however, these operations have been moved to kernel mode starting with Windows NT 4.0 to improve performance.

Microsoft Drive Optimizer is a utility in Microsoft Windows designed to increase data access speed by rearranging files stored on a disk to occupy contiguous storage locations, a technique called defragmentation. Defragmenting a disk minimizes head travel, which reduces the time it takes to read files from and write files to the disk. As a result of the decreased read and write times, Microsoft Drive Optimizer decreases system startup times for systems starting from magnetic storage devices such as a hard drive. However, defragmentation is not helpful on storage devices such as solid state drives, USB drives or SD cards that use flash memory to increase speeds, as these drives do not use a head. Defragmentation may decrease lifespan for certain technologies, e.g. solid state drives. Microsoft Drive Optimizer was first officially shipped with Windows XP.

<span class="mw-page-title-main">Quick Assist</span> Microsoft Windows remote access feature

Quick Assist is a Microsoft Windows feature that allows a user to view or control a remote Windows computer over a network or the Internet to resolve issues without directly touching the unit. It is based on the Remote Desktop Protocol (RDP). It is complemented by Get Help, a feature introduced in Windows 10 that enables the user to contact Microsoft directly but does not allow for remote desktoping or screen sharing.

Windows Vista contains a range of new technologies and features that are intended to help network administrators and power users better manage their systems. Notable changes include a complete replacement of both the Windows Setup and the Windows startup processes, completely rewritten deployment mechanisms, new diagnostic and health monitoring tools such as random access memory diagnostic program, support for per-application Remote Desktop sessions, a completely new Task Scheduler, and a range of new Group Policy settings covering many of the features new to Windows Vista. Subsystem for UNIX Applications, which provides a POSIX-compatible environment is also introduced.

Task Scheduler is a job scheduler in Microsoft Windows that launches computer programs or scripts at pre-defined times or after specified time intervals. Microsoft introduced this component in the Microsoft Plus! for Windows 95 as System Agent. Its core component is an eponymous Windows service. The Windows Task Scheduler infrastructure is the basis for the Windows PowerShell scheduled jobs feature introduced with PowerShell v3.

To shut down or power off a computer is to remove power from a computer's main components in a controlled way. After a computer is shut down, main components such as CPUs, RAM modules and hard disk drives are powered down, although some internal components, such as an internal clock, may retain power.

In computing, diskpart is a command-line disk partitioning utility included in Windows 2000 and later Microsoft operating systems, replacing its predecessor, fdisk. The command is also available in ReactOS.

In computing, net is a command in IBM OS/2, Microsoft Windows, ReactOS and Greentea OS used to manage and configure the operating system from the command-line. It is also part of the IBM PC Network Program for DOS.

The booting process of Windows NT Setup before Vista works very similarly to the one of a regular Windows NT boot except that it runs from a CD-ROM. For this boot method to work, the BIOS must be compatible with the El Torito specification. The ISO 9660 file system on the install CD is not fully compatible with the standard. Although it is "Level 1", the file names don't have the file version appended to them. The boot image is of the "no emulation" type, 1 sector long and is loaded at segment 0x7c0. It can be extracted from an ISO image by using a file-extraction program such as 7-Zip or WinZip. The ISO image is also not hybridized like ISO images from most Linux distributions and therefore it does not contain any master boot record (MBR) which makes it unable to boot by just copying the image over a block device such as a pen drive.

References

1 2 3 "Services overview". TechNet . Microsoft. Retrieved 29 March 2013.
↑ "Services". Microsoft Developer Network . Microsoft. Retrieved 29 March 2013.
↑ "New Elevation PowerToys for Windows Vista". TechNet Magazine. Microsoft. June 2008. Retrieved 21 June 2013. The service CmdAsSystem is configured as interactive whose support is being deprecated. The service may not function properly. The problem is that this script tries to create and start an interactive service. Interactive services will not function correctly due to Session 0 Isolation in Windows Vista.
↑ "Services in Windows". MSDN . Microsoft. 18 October 2010. Retrieved 21 June 2013.
↑ "Start, stop, pause, resume, or restart a service". TechNet . Microsoft. Retrieved 29 March 2013.
↑ "ServiceInstaller.DelayedAutoStart Property (System.ServiceProcess)". Microsoft. Retrieved 28 November 2017See Remarks section{{cite web}}: CS1 maint: postscript (link)
↑ "How to create a Windows service by using Sc.exe". Support. Microsoft. 11 September 2011. Retrieved 29 March 2013.
↑ "Command-line reference A-Z: SC". TechNet . Microsoft . Retrieved 8 January 2014.
1 2 "Command-Line Reference: Sc". TechNet . Microsoft . Retrieved 8 January 2014. Windows 7, Windows 8, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista
↑ SC - Service Control - Windows CMD - SS64.com
↑ reactos/sc.c at master · reactos/reactos · GitHub
1 2 MS-DOS and Windows command line sc command
↑ "Get-Service". TechNet. Microsoft. Retrieved 29 March 2013.
↑ "New-Service". TechNet. Microsoft. Retrieved 29 March 2013.
↑ "Restart-Service". TechNet. Microsoft. Retrieved 29 March 2013.
↑ "Resume-Service". TechNet. Microsoft. Retrieved 29 March 2013.
↑ "Set-Service". TechNet. Microsoft. Retrieved 29 March 2013.
↑ "Start-Service". TechNet. Microsoft. Retrieved 29 March 2013.
↑ "Stop-Service". TechNet. Microsoft. Retrieved 29 March 2013.
↑ "Suspend-Service". TechNet. Microsoft. Retrieved 29 March 2013.
↑ "Start, stop, pause, resume, or restart a service". TechNet . Microsoft . Retrieved 8 January 2014.
↑ "INF AddService Directive". Microsoft. Retrieved 10 July 2017.
↑ "SetupInstallServicesFromInfSection function". MSDN. Microsoft. Retrieved 10 July 2017.
↑ "SetupInstallServicesFromInfSectionEx function". MSDN. Microsoft. Retrieved 10 July 2017.
↑ "How To Create a User-Defined Service". Support. Microsoft. Retrieved 29 March 2013.

External links

Windows Sysinternals: Autoruns for Windows v13.4 – An extremely detailed query of services
Service Management With Windows Sc From Command Line – Windows Service Management Tutorial
Windows Service Manager Tray

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[Services_snap-in-1] 1 2 3 "Services overview". TechNet . Microsoft. Retrieved 29 March 2013.

[Service_MSDN-2] "Services". Microsoft Developer Network . Microsoft. Retrieved 29 March 2013.

[3] "New Elevation PowerToys for Windows Vista". TechNet Magazine. Microsoft. June 2008. Retrieved 21 June 2013. The service CmdAsSystem is configured as interactive whose support is being deprecated. The service may not function properly. The problem is that this script tries to create and start an interactive service. Interactive services will not function correctly due to Session 0 Isolation in Windows Vista.

[4] "Services in Windows". MSDN . Microsoft. 18 October 2010. Retrieved 21 June 2013.

[technet-start-5] "Start, stop, pause, resume, or restart a service". TechNet . Microsoft. Retrieved 29 March 2013.

[6] "ServiceInstaller.DelayedAutoStart Property (System.ServiceProcess)". Microsoft. Retrieved 28 November 2017See Remarks section{{cite web}}: CS1 maint: postscript (link)

[7] "How to create a Windows service by using Sc.exe". Support. Microsoft. 11 September 2011. Retrieved 29 March 2013.

[8] "Command-line reference A-Z: SC". TechNet . Microsoft . Retrieved 8 January 2014.

[sc.exe-9] 1 2 "Command-Line Reference: Sc". TechNet . Microsoft . Retrieved 8 January 2014. Windows 7, Windows 8, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista

[10] SC - Service Control - Windows CMD - SS64.com

[11] reactos/sc.c at master · reactos/reactos · GitHub

[computerhope-12] 1 2 MS-DOS and Windows command line sc command

[13] "Get-Service". TechNet. Microsoft. Retrieved 29 March 2013.

[14] "New-Service". TechNet. Microsoft. Retrieved 29 March 2013.

[15] "Restart-Service". TechNet. Microsoft. Retrieved 29 March 2013.

[16] "Resume-Service". TechNet. Microsoft. Retrieved 29 March 2013.

[17] "Set-Service". TechNet. Microsoft. Retrieved 29 March 2013.

[18] "Start-Service". TechNet. Microsoft. Retrieved 29 March 2013.

[19] "Stop-Service". TechNet. Microsoft. Retrieved 29 March 2013.

[20] "Suspend-Service". TechNet. Microsoft. Retrieved 29 March 2013.

[21] "Start, stop, pause, resume, or restart a service". TechNet . Microsoft . Retrieved 8 January 2014.

[22] "INF AddService Directive". Microsoft. Retrieved 10 July 2017.

[23] "SetupInstallServicesFromInfSection function". MSDN. Microsoft. Retrieved 10 July 2017.

[24] "SetupInstallServicesFromInfSectionEx function". MSDN. Microsoft. Retrieved 10 July 2017.

[25] "How To Create a User-Defined Service". Support. Microsoft. Retrieved 29 March 2013.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

[23]

[24]

[25]

v t e Windows command-line programs and shell builtins
COMMAND.COM Command Prompt Windows PowerShell Recovery Console
File system navigation	cd (chdir) dir popd pushd tree
File management	attrib cacls cipher compact copy del (erase) deltree icacls mkdir (md) mklink move openfiles recover ren (rename) replace rmdir (rd) robocopy takeown xcopy
Archiving	expand extrac32 extract makecab pax tar
Disk management	chkdsk convert defrag diskcomp diskcopy diskpart diskraid diskshadow drvspace fdisk format fsutil label manage-bde refsutil subst scandisk sys vol vssadmin
Processes	at exit kill powercfg runas sc schtasks shutdown start taskkill tasklist
Registry	assoc ftype reg regini regsvr32
User environment	chcp cmdkey date graftabl mode path set setver setx time title ver where whoami
File contents	comp edit edlin fc find findstr print type
Scripting	choice clip cscript doskey echo for forfiles goto if more pause prompt rem timeout
Networking	arp bitsadmin curl getmac hostname ipconfig nbtstat net netsh netstat nslookup PathPing ping rpcping route scp setspn sftp ssh ssh-add ssh-agent ssh-keygen ssh-keyscan tracert winrm winrs
Maintenance and care	auditpol dispdiag driverquery eventcreate eventtriggers logman mofcomp msiexec ntbackup pnpunattend pnputil REAgentC relog sfc sxstrace systeminfo tracerpt typeperf w32tm WBAdmin wecutil wevtutil winmgmt winsat wmic
Boot management	bcdedit bootcfg bootsect fixboot fixmbr
Software development	debug exe2bin QBasic
Miscellaneous	break cls dism dpath gpresult gpupdate help MSCDEX pentnt tpmtool tpmvscmgr wsl
List of DOS commands Environment variables Windows Support Tools