LSA 1: Identify Service Properties¶
Overview of Windows Services¶
Windows Services are specialized applications designed to run in the background of a Windows operating system, executing long-running tasks that do not require direct user interaction. Unlike regular applications that typically run in the foreground with a graphical user interface (GUI), Windows services operate invisibly, allowing the system to perform essential functions while the user is working or even when no user is logged in. These services are an integral part of maintaining the stability, security, and functionality of the system.
Windows services differ from regular programs in several key ways:
-
Background Operation: Services run continuously without the need for a user interface and perform system-level tasks in the background, such as managing network connections, handling print jobs, and ensuring the system stays up-to-date.
-
User Intervention Not Required: Unlike standard applications that need to be manually started by a user, services can be initiated automatically by the system, often without user interaction, especially for core system tasks that need to be available at all times.
-
Automatic Startup: Many services are configured to auto-start when the system boots, often before the user even logs in. This ensures that essential services, like network protocols and security mechanisms, are running immediately after the system starts.
-
Port Management: Some services, when started, also open specific network ports to allow communication with other devices or services. For example, services like DNS, DHCP, and RDP rely on open ports to manage domain name resolution, IP address assignments, and remote desktop access.
Configuration Components of Windows Services¶
A Windows service setup consists of several key components that work together to provide service functionality, manage service behavior, and ensure communication between services and the operating system.
1. Service Applications:¶
Service applications are the core executable components of a Windows service. These can be either executable files (.exe) or dynamic link libraries (DLLs). While executable files are standalone services, most Windows services are DLLs that need a shared process (such as svchost.exe) to run. The system uses the Service Control Manager (SCM) to interact with these services.
The HKLM\Software\Microsoft\Windows NT\CurrentVersion\SvcHost registry key identifies each instance of svchost.exe and the specific services it hosts. This allows multiple services to share a single process, reducing resource consumption and improving system performance.
2. Service Control Manager (SCM):¶
The Service Control Manager (SCM) is the central management service for all Windows services. It is responsible for starting, stopping, pausing, and interacting with all system services. The SCM ensures that services are running as needed, and it maintains the overall health of services by restarting or managing them when necessary.
When the operating system boots, the SCM loads and initializes the necessary services based on their startup configuration.
3. Service Control Programs (SCPs):¶
Service Control Programs (SCPs) are the tools used to interact with and manage services on a Windows system. These can include graphical user interfaces (GUIs), command-line tools, or PowerShell scripts. SCPs allow administrators and users to configure, start, stop, and monitor services.
Some common tools for managing services include:
- services.msc (a GUI tool for managing Windows services)
- sc.exe (a command-line tool)
- PowerShell cmdlets (like Get-Service
, Start-Service
, Stop-Service
)
Through these tools, users can view important service details such as its current status, startup type, and logon credentials, and can also make changes to service configurations.
4. Service Accounts:¶
Windows services run under specific service accounts, each with different levels of privileges and permissions. The service account determines what resources the service can access and what actions it can perform on the system. The three primary service accounts are:
-
Local System Account: The most commonly used account for Windows services. It has extensive privileges on the local machine, but very limited network access. Services that need access to system resources, but not necessarily external network resources, run under this account.
-
Local Service Account: This account has minimal privileges and is used by services that need to interact with network resources anonymously. Services running under the Local Service account can access the local machine but have limited access to the network.
-
Network Service Account: This account is used by services that need to interact with other systems on the network. It has limited local system privileges but can authenticate to other networked machines and resources, ensuring that services have the necessary permissions to perform tasks on remote systems.
Viewing and Managing Services¶
The services.msc tool is the primary interface used to view and manage Windows services. It provides administrators with a centralized location for configuring service settings, checking service status, and troubleshooting service issues. Here’s how to use services.msc:
Launching the Services Tool¶
- Open the Start Menu: Click on the Start button or press
Win + S
. - Search for Services: Type “services” into the search box.
- Run as Administrator: Click on "Services" from the search results, then select “Run as Administrator” to open the Services management console.
Service Management Console Overview¶
Once the Services window is open, you’ll see a list of all services running on the system. This window typically displays the following information for each service: - Name: The name of the service (e.g., Windows Update, Print Spooler). - Description: A brief description of what the service does. - Status: Whether the service is currently running, stopped, or paused. - Startup Type: The configuration of the service’s startup behavior. This can be set to: - Automatic: Starts when the system boots. - Manual: Starts only when specifically requested. - Disabled: The service will not start. - Log On As: The account under which the service is running (e.g., Local System, Network Service, or Local Service).
Customizing the View¶
The services.msc interface provides several menus and options for customizing the view and managing services. You can sort the list by various criteria, filter services by their startup type, and adjust how the tool displays information. Additionally, the context menu (right-clicking on a service) allows you to start, stop, pause, or restart a service, as well as configure its properties, including its startup type and account settings.
Summary¶
Windows services play a vital role in the operation of a Windows-based system, handling key tasks such as network communication, security, system maintenance, and user authentication. By understanding the structure and configuration of services—such as service applications, the Service Control Manager (SCM), and service accounts—administrators can effectively manage the Windows environment, ensuring that services run efficiently and securely. The services.msc tool provides a user-friendly interface for interacting with and configuring these services, allowing users to monitor service health, adjust settings, and troubleshoot issues as they arise.