Shaun Cassells at MyITForum.com

SMS 2003 and ConfigMgr 2007, PowerShell, Scripting, Finance, Fitness and Fun

News

Locations of visitors to this page

December 2008 - Posts

8 Ways to Manipulate a Service

I have been working on a client health script and one of the key issues was how to configure a service.  There are two components of a service runtime that are most relevant at first, is it running? What the service set to do?  The following are the possible values:

  • Mode
    • Boot
    • System
    • Auto
    • Demand (Manual)
    • Disabled
  • Status
    • Running
    • Stopped
    • Pause
 

The major methods for controlling a service

  1. Control Panel
    1. The control panel provides you with a list of all services in the registry and control of each.
    2. Winkey + r >> services.msc
  2. Command Line: NET
    1. The command line of NET has a limitation of only modifying the status of services.  It cannot change the Mode.
    2. Winkey + r >> cmd
    3. NET Start lists running services.
    4. When typed at the command prompt, service names of two words or more must be enclosed in quotation marks. For example, NET START "NET LOGON" starts the net logon service.
  3. SC.exe
    1. Service Control is a command line executable.
    2. There are multiple versions of SC.exe.

                                                               i.      Windows 2000 server pack came with 4.0.1371.1

                                                             ii.      Windows XP came with 5.1.2600.0

1.      Note this is windows version not file version

2.      %systemroot%\system32\sc.exe

                                                            iii.      Visual Studio 2005 came with version 5.00.2134.1

1.      This looks to be the same as the Windows XP version

2.      C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin\winnt\

    1. SC can gather information, change status and mode, security (SDSET), create and delete
    2. http://msdn.microsoft.com/en-us/library/ms810435.aspx
  1. PsService.exe
    1. All the same functionality as SC.exe plus:

                                                               i.      Allows you to control a service on a remote machine with a different account. 

                                                             ii.      Service Search which identifies active instances of a service on your network. 

                                                            iii.      Works on NT4 à Windows 7.

    1. Tip: to prevent the EULA from popping up use the switch: -accepteula
    2. http://technet.microsoft.com/en-us/sysinternals/bb897542.aspx
  1. Registry
    1. Another interesting thing I ran across was you can determine the status of a service from the registry.  Through you could not change the status via the registry.  If you do change the value only services.msc would displayed a difference.
                                                               i.      HKLM\SYSTEM\CurrentControlSet\Services\
    1. This was extremely useful in determining if WMI was running on a box without attempting to create a WMI object
  1. ADSI
    1. See the code snippet at the article entitled Start a Service via ADSI
    2. http://myitforum.com/cs2/blogs/scassells/archive/2008/12/12/start-a-service-via-adsi.aspx
  2. PowerShell
    1. PowerShell Makes it Easy to grab and manipulate WMI objects
    2. Example useful commands
                                                               i.      Get-Service

1.      Display all the member functions possible by:

2.      Get-service | gm                                                              ii.      Stop-Service                                                            iii.      Start-Service
  1. WMI Section
    1. You can modify the Win32_Services class in WMI.  
    2. The namespace is root\cimv2.

                                                               i.      There are no proceeding or trailing slash on the namespace

                                                             ii.      If you are connecting to a remote computer you will have a double slash before the computer name and slash between the computer name and namespace

1.      \\ComputerName\root\cimv2

    1. You can use CIM Studio to change the values directly

                                                               i.      http://myitforum.com/cs2/blogs/scassells/archive/2008/06/06/how-to-find-the-sms-or-configmgr-namespace-in-wmi.aspx

    1. You can use VB script to connect to a WMI provider and change the service
    2. Or you can connect to WMI via PowerShell very easily. The following code snippet will list the Name, State, Mode, and start name. (careful of word wrap – all on one line)
                                                               i.      Get-WmiObject -class Win32_Service | Select-Object -property name, state, startmode, startname | Sort-Object -property startmode, state, name | Format-Table *
    1. Another Option is to do a query executed
                                                               i.      $Query = “select * from win32_Service”                                                             ii.      $a = Get-WMIObject –namespace “root\cimv2” –query $Query                                                            iii.      $a | Format-List * 

The above information is about different methods to interact with a service. Think tools in a box.  Use the one most appropriate.

Enjoy

Posted: Dec 12 2008, 02:43 PM by scassells | with no comments
Filed under: , , , ,
Start a Service via ADSI

I recently ran into the problem of WMI being stopped on workstations.  As such I needed to find an easy way to start the service on the box locally without using WMI.  The code snippet below uses WSH and ADSI to start WMI.  If it fails it attempts to run sc.exe.

 

Interesting.  I am also writing another entry about 7 other methods. 

Here:

   

' ========================================================

' Method:       StartWMIbyADSI

' ========================================================

Sub StartWMIbyADSI()

            On Error Resume Next

Dim WSHShell:            Set WSHShell = CreateObject("WScript.Shell")

If err <> 0 Then Wscript.Echo “ Failed to create Wscript.Shell object”

            ' define a constant for stopped services

            ' define ADSI status constants

            Const ADS_SERVICE_STOPPED          = 1

            Const ADS_SERVICE_START_PENDING    = 2

            Const ADS_SERVICE_STOP_PENDING     = 3

            Const ADS_SERVICE_RUNNING          = 4

            Const ADS_SERVICE_CONTINUE_PENDING = 5

            Const ADS_SERVICE_PAUSE_PENDING    = 6

            Const ADS_SERVICE_PAUSED           = 7

            Const ADS_SERVICE_ERROR            = 8

           

            ' get an ADSI object for a computer

            Set objComputer = GetObject("WinNT://" & COMPUTER & ",computer")

            ' get an object for a service

            Set objService  = objComputer.GetObject("Service","winmgmt")

            ' check to see if the service is stopped

            If (objService.Status = ADS_SERVICE_STOPPED) Then

              ' if the service is stopped, then start it

                        objService.Start

            If Err.number<>0 Then 'Exit sub

                        'Start Failed

                        'Try starting by SC.exe

SCEXELocation = %systemroot% & “\system32”

                        wshshell.run SCEXELocation & "\sc.exe config winmgmt start= auto",0,1

                        wshshell.run SCEXELocation & "\sc.exe start winmgmt",0,1

                        Wscript.Quit

            End If

            While objService.Status <> ADS_SERVICE_RUNNING: Wend

            End If

 

            If Err <> 0 Then Wscript.Echo "ERROR StartWMIbyADSI"

            On Error GoTo 0

End Sub

 

Reference: http://support.microsoft.com/kb/247557

Reference: http://msdn.microsoft.com/en-us/library/aa746326.aspx

Posted: Dec 12 2008, 02:18 PM by scassells | with no comments
Filed under: , ,
Swim: 12 Days of Christmas Set

300 IM

275 Free (Swim or Pull)

250 Kick

225 Back (125)/*** (100)

200 IM

175 Free (Swim or Pull)

150 Kick

125 Back (75)/*** (50)

100 IM

75 Free

50 Kick

25 Fly

 

The first day is the above set in a descending order. Each successive day drops the top item from the list and then descends the remaining swims. For example, Day 2 would start with the 275 Kick after the 25 Back and descend down the list. Day 3 would start with the 250 Free and descend from there. The last Day (12th) of Christmas would be only the 25 Back. The set is 9,100 yards. Rest is usually based on the group dynamics. If some swimmers are faster than the others, they should go an extra 50 on the longer swims to maintain moving the group through the set as a unit.

Posted: Dec 12 2008, 10:28 AM by scassells | with no comments
Filed under:
Bringing in the New Year 10,000 Yard Swim Workout

About 3 hours.

 

Total Yards

 Set Interval
1000 10 x 100 @ 5 seconds rest (warm-up pace)
2000 10 x 100 Drill / Swim @ 1:40
3000 10 x 100 Kick (with fins) @ 1:35
4000 10 x 100 Pull @ 1:40
5000 10 x 100 Pyramid of Stroke @ 1:45
  100 Free  
  75 Free / 25 Stroke  
  50 Free / 50 Stroke  
  25 Free / 75 Stroke  
  100 Stroke  
  100 Stroke  
  75 Stroke / 25 Free  
  50 Stroke / 50 Free  
  25 Stroke / 75 Free  
  100 Free  
5500 5 x 100 IM (fins optional) @ 1:40
6000 5 x 100 Stroke @ 1:40
6500 5 x 100 Free @ 1:35
7500 10 x 100 Kick (with fins) @ 1:35
8000 5 x 100 Drill @ 1:40
8500 5 x 100 IM (fins optional) @ 1:40
9000 5 x 100 Stroke @ 1:40
9600 6 x 100 Free Descend @ 1:40, 1:35, 1:30, 1:25, 1:20
10000 4 x 100 Warm-down Choice @ 15 seconds rest
Posted: Dec 12 2008, 10:26 AM by scassells | with no comments
Filed under:
Space Shuttle Fly by at JSC

From my brother.   JSC = Johnson Space Center  Houston, Tx

Wide Load

Hey Guys,

        The last shuttle flight STS-126 had to land in California at Edwards Air Force base due to high winds at the Kennedy Space Center.  So they were ferrying the space shuttle back to Florida on top of its 747 carrier plane.  On its way back to Florida they had it do a fly by over JSC and the surrounding clear lake area during lunch time yesterday.  It was really cool to see in person, as the plane probably wasn't more then a few hundred feet of the ground so we got a nice close up.

Zoom Lens

Zoom Lens 2

        Ironically I was also giving a VIP tour yesterday (which I don't like doing) and had a good excuse to cut it short and take the tour outside to watch the shuttle fly by.   Yes, the other plan following is its fighter escort.

JSC JSCFraming

All photo credits go to people at JSC.

Posted: Dec 12 2008, 09:46 AM by scassells | with no comments
Filed under:
Security Maxims

Infinity Maxim: There are an unlimited number of security vulnerabilities for a given security device, system, or program, most of which will never be discovered (by the good guys or bad guys).

Arrogance Maxim: The ease of defeating a security device or system is proportional to how confident/arrogant the designer, manufacturer, or user is about it, and to how often they use words like “impossible” or “tamper-proof”.

Ignorance is Bliss Maxim: The confidence that people have in security is inversely proportional to how much they know about it.

Be Afraid, Be Very Afraid Maxim: If you’re not running scared, you have bad security or a bad security product.

High-Tech Maxim: The amount of careful thinking that has gone into a given security device, system, or program is inversely proportional to the amount of high-technology it uses.

Schneier’s Maxim #1: The more excited people are about a given security technology, the less they understand (1) that technology and (2) their own security problems.

Low-Tech Maxim: Low-tech attacks work (even against high-tech devices and systems).

Father Knows Best Maxim: The amount that (non-security) senior managers in any organization know about security is inversely proportional to (1) how easy they think security is, and (2) how much they will micro-manage security and invent arbitrary rules.

Huh Maxim: When a (non-security) senior manager, bureaucrat, or government official talks publicly about security, he or she will usually say something stupid, unrealistic, inaccurate, and/or naive.

Voltaire’s Maxim: The problem with common sense is that it is not all that common.

Yipee Maxim: There are effective, simple, and low-cost counter-measures (at least partial countermeasures) to most vulnerabilities.

Arg Maxim: But users, manufacturers, managers, and bureaucrats will be reluctant to implement them for reasons of inertia, pride, bureaucracy, fear, wishful thinking, and/or cognitive dissonance.

Show Me Maxim: No serious security vulnerability, including blatantly obvious ones, will be dealt with until there is overwhelming evidence and widespread recognition that adversaries have already catastrophically exploited it. In other words, “significant psychological (or literal) damage is required before any significant security changes will be made.”

I Just Work Here Maxim: No salesperson, engineer, or executive of a company that sells security products or services is prepared to answer a significant question about vulnerabilities, and few potential customers will ever ask them one.

Bob Knows a Guy Maxim: Most security products and services will be chosen by the end-user based on purchase price plus hype, rumor, innuendo, hearsay, and gossip.

Familiarity Maxim: Any security technology becomes more vulnerable to attacks when it becomes more widely used, and when it has been used for a longer period of time.

Antique Maxim: A security device, system, or program is most vulnerable near the end of its life.

Payoff Maxim: The more money that can be made from defeating a technology, the more attacks, attackers, and hackers will appear.

I Hate You Maxim 1: The more a given technology is despised or distrusted, the more attacks, attackers, and hackers will appear.

I Hate You Maxim 2: The more a given technology causes hassles or annoys security personnel, the less effective it will be.

Shannon’s (Kerckhoffs’) Maxim: The adversaries know and understand the security hardware and strategies being employed.

Corollary to Shannon’s Maxim: Thus, “Security by Obscurity”, i.e., security based on keeping long-term secrets, is not a good idea.

Gossip Maxim: People and organizations can’t keep secrets.

Plug into the Formula Maxim: Engineers don’t understand security. They think nature is the adversary, not people. They tend to work in solution space, not problem space. They think systems fail stochastically, not through deliberate, intelligent, malicious intent.

Rohrbach’s Maxim: No security device, system, or program will ever be used properly (the way it was designed) all the time.

Rohrbach Was An Optimist Maxim: Few security devices, systems, or programs will ever be used properly.

Insider Risk Maxim: Most organizations will ignore or seriously underestimate the threat from insiders.

We Have Met the Enemy and He is Us Maxim: The insider threat from careless or complacent employees and contractors exceeds the threat from malicious insiders (though the latter is not negligible.)

Troublemaker Maxim: The probability that a security professional has been marginalized by his or her organization is proportional to his/her skill, creativity, knowledge, competence, and eagerness to provide effective security.

Feynman’s Maxim: An organization will fear and despise loyal vulnerability assessors and others who point out vulnerabilities or suggest security changes more than malicious adversaries.

Irresponsibility Maxim: It’ll often be considered “irresponsible” to point out security vulnerabilities (including the theoretical possibility that they might exist), but you’ll rarely be called irresponsible for ignoring or covering them up.

Backwards Maxim: Most people will assume everything is secure until provided strong evidence to the contrary—exactly backwards from a reasonable approach.

You Could’ve Knocked Me Over with a Feather Maxim 1: Security managers, manufacturers, vendors, and end users will always be amazed at how easily their security products or programs can be defeated.

You Could’ve Knocked Me Over with a Feather Maxim 2: Having been amazed once, security managers, manufacturers, vendors, and end users will be equally amazed the next time around.

That’s Why They Pay Us the Big Bucks Maxim: Security is nigh near impossible. It’s extremely difficult to stop a determined adversary. Often the best you can do is discourage him and maybe minimize the consequences when he does attack.

Throw the Bums Out Maxim: An organization that fires high-level security managers when there is a major security incident, or severely disciplines or fires low-level security personnel when there is a minor incident, will never have good security.

Better to be Lucky than Good Maxim: Most of the time when security appears to be working, it’s because no adversary is currently prepared to attack.

A Priest, a Minister, and a Rabbi Maxim: People lacking imagination, skepticism, and a sense of humor should not work in the security field.

Mr. Spock Maxim: The effectiveness of a security device, system, or program is inversely proportional to how angry or upset people get about the idea that there might be vulnerabilities.

Double Edge Sword Maxim: Within a few months of its availability, new technology helps the bad guys at least as much as it helps the good guys.

Mission Creep Maxim: Any given device, system, or program that is designed for inventory will very quickly come to be viewed—quite incorrectly—as a security device, system, or program.

We’ll Worry About it Later Maxim: Effective security is difficult enough when you design it in from first principles. It almost never works to retrofit it in, or to slap security on at the last minute, especially onto inventory technology.

Somebody Must’ve Thought it Through Maxim: The more important the security application, the less careful and critical thought has gone into it.

That’s Entertainment Maxim: Ceremonial Security (a.k.a. “Security Theater”) will usually be confused with Real Security; even when it is not, it will be favored over Real Security.

Schneier’s Maxim #2: Control will usually get confused with Security.

Ass Sets Maxim: Most security programs focus on protecting the wrong assets.

Vulnerabilities Trump Threats Maxim: If you know the vulnerabilities (weaknesses), you’ve got a shot at understanding the threats (the probability that the weaknesses will be exploited and by whom). Plus you might even be okay if you get the threats all wrong. But if you focus mostly on the threats, you’re probably in trouble.

Mermaid Maxim: The most common excuse for not fixing security vulnerabilities is that they simply can’t exist.

Onion Maxim: The second most common excuse for not fixing security vulnerabilities is that “we have many layers of security”, i.e., we rely on “Security in Depth”.

Hopeless Maxim: The third most common excuse for not fixing security vulnerabilities is that “all security devices, systems, and programs can be defeated.” (This is typically expressed by the same person who initially invoked the Mermaid Maxim.)

Takes One to Know One Maxim: The fourth most common excuse for not fixing security vulnerabilities is that “our adversaries are too stupid and/or unresourceful to figure that out.”

Depth, What Depth? Maxim: For any given security program, the amount of critical, skeptical, and intelligence thinking that has been undertaken is inversely proportional to how strongly the strategy of “Security in Depth” (layered security) is embraced.

Source = http://www.ne.anl.gov/capabilities/vat/seals/maxims.html

Posted: Dec 03 2008, 09:46 AM by scassells | with no comments
Filed under: