The Core Technologies Blog

Our Software // Windows Services // 24×7 Operation

Q&A: What’s the difference between a Windows Service and a Web Service?

Windows Service vs Web Service
I see that your website has a lot of information about Windows Services and you also make AlwaysUp Web Service. How is a Windows Service different than a Web Service? When would I use one over the other? I’m new to programming and a bit confused by the terminologies.

— Justin

Hi Justin.

Yes, the terminology can be confusing! Let’s start with some definitions.

What is a Windows Service?

A Windows Service:

  • Is a Windows application that integrates with the Service Control Manager.
  • Is controlled through the Services Control Panel application.
  • Implements system-level tasks that must operate outside the boundaries of a user’s login session.
  • Is usually long-running, starting when the computer boots and running uninterrupted, 24/7.
  • Works invisibly in the background. A service can’t easily show itself on a user’s desktop.
  • Can do anything that a “regular” application can. Services can read and write files, print documents, check the time, access the network, and much more.
  • Runs on Windows only. Windows Services are not available on Linux, macOS, Andriod, iOS or any other operating system.
  • Is typically written in C++ or C# (to best work with the low-level Windows Services API).
  • May or may not communicate with other programs. Inter-application communication is not a key feature and most services do not expose an interface of any kind.

A modern PC comes with one to two hundred Windows Services pre-installed, each managing an important aspect of your computing experience. For example:

  • Print Spooler: Manages all printing on your computer.

  • Power: Implements your computer’s power schemes, policies and notifications.

  • Task Scheduler: Responsible for automatically launching executables, batch files and scripts at specified times, without human intervention.

What is a Web Service?

A Web Service:

  • Interacts with other applications or services using a well-defined system of data exchange (such as REST or SOAP).
  • Typically communicates over HTTP with an appropriate messaging format on top (such as XML or JSON).
  • Is usually hosted in a web server/container, like Apache Tomcat, Microsoft IIS or Play Framework. A good framework provides easy-to-use messaging “plumbing” and makes it significantly simpler to develop a robust web service.
  • Has a web-based interface (if any at all).
  • Is not restricted to Windows alone. In fact, most web services are deployed on UNIX servers.

Examples of web services include:

Amazon Simple Storage Service (S3): Integrate cloud storage into any application.
Google Maps: Lookup addresses, plot directions, access street views and more.
WorldTimeAPI: Get the current time in any time zone.

The upshot: Windows Services and Web Services are very different!

The only things they have in common are that they are both server technologies and have the word “Service” in their names. 🙂 As a developer, you shouldn’t have much trouble choosing which technology is appropriate for your project.

However, the W* Services are not completely complementary. Though rare, there are a few applications that are both a Windows Service and web service. A good example is our own AlwaysUp Web Service, which must run 24×7 on Windows while providing an XML web service to control the computer remotely.

I hope these similar-sounding technologies make a bit more sense now. Please be sure to get in touch if you have any other questions.

Posted in Windows Services | Tagged , , | Leave a comment

Windows Services Memory Fix (Microsoft June 2020 Patch Tuesday)

Windows Services Memory Fix

On the second Tuesday of each month, Microsoft releases the latest security updates for Windows, Windows Server, and other products. This monthly event is dubbed Patch Tuesday.

The June 2020 Patch Tuesday update fixes a whopping 129 important defects. It’s the largest Patch Tuesday update ever!

As usual, we’ve scoured the list of vulnerabilities to identify fixes focused on Windows Services. Fortunately there is just one item — CVE-2020-1268.

CVE-2020-1268: Windows Service Information Disclosure Vulnerability

According to Microsoft, an attacker could leverage CVE-2020-1268 to read private areas of a service’s memory. These kind of “memory exploits” are quite serious.

The patch fixes the problem by correcting how a Windows Service handles objects in memory.

How can an attacker exploit this defect?

To exploit the defect, an attacker would have to:

  • Log in to your Windows computer

  • Run a “specially crafted application”

  • Locate something of value in the service’s memory

That is, the defect is only exploitable by an authorized person with sophisticated programming experience.

Nevertheless, it presents a significant security hole.

For example, suppose your service caches a user’s credit card information securely in RAM. A rogue employee could craft a program that invades your service’s memory space and extracts the card details. The same stealing could happen with passwords, personally identifiable information and other sensitive data that your application records in memory.

Which versions of Windows does CVE-2020-1268 affect?

Microsoft has identified and developed patches for the operating systems impacted — Windows 10 (Versions 1903, 1909, 2004) and Windows Server 2019 (Versions 1903, 1909, 2004).

Apparently the flaw does not exist in Windows 8 or Windows Server 2016, Microsoft’s other supported operating systems.

What else do you know about CVE-2020-1268?

  • The vulnerability was not publicly disclosed prior to June 2020.

  • There are no reports of exploits in the wild.

  • CVE-2020-1268 does not allow an attacker to execute code or to elevate user rights directly.

  • Because it requires access and sophistication to exploit, Microsoft classifies it as “Exploitation less likely”.

Should I apply the patch?

Yes. We agree with Microsoft’s recommendation to apply the patch.

Because, as the folks at ZDNet wisely point out:

Malware authors are known to keep on eye out on Microsoft’s monthly security updates, select the most useful bugs, and patch-diff the security updates to find the exact bug that Microsoft fixed — so they can weaponize it as soon as possible.

Questions? Problems?

If you would like to know more about CVE-2020-1268 or the enormous June 2020 Patch Tuesday update, please feel free to get in touch. We will do our best to help you.

Be safe out there!

Posted in Windows Services | Tagged , , , , , | Leave a comment

Essential Windows Services: Windows Update (wuauserv)

Windows Update Service (wuauserv)

What is the Windows Update service?

The Windows Update service is responsible for automatically downloading and installing Microsoft-created software on your computer. It is a critical component that is instrumental in keeping your PC up to date with vital security patches.

The service’s name is wuauserv. It runs inside the shared services host process, svchost.exe:

Windows Update Service

The service’s startup type is Manual. It remains dormant until explicitly started by operating system components that run on a schedule.

Is it safe to disable the Windows Update service?

In their guidance on disabling system services on Windows Server 2016, Microsoft does not designate Windows Update as a critical service. Indeed, your computer will operate just fine if you disable the service — you simply won’t get updated software from Microsoft.

But while avoiding periodic updates is great for system consistency, allowing your operating system to become stagnant can have serious security implications. It is likely that your computer will become vulnerable to attacks — especially if it is connected to an external network like the Internet.

So if you do disable the Windows Update service, we recommend re-enabling it every few weeks/months to apply security updates. Best to be safe!

How do I disable the Windows Update service and prevent it from starting?

To disable the Windows Update service:

  1. Launch the Windows Services application. You can find it by searching for “services” in the Control Panel or by running services.msc at a command prompt.

  2. Scroll the list of services to find the Windows Update service. Double-click the entry to open it.

  3. If the service is running, click the Stop button to terminate it.

  4. And in the Startup type field, change the selection to Disabled:

    Disable wuauserv
  5. Click OK to save your settings.

You can also disable the service by running these two commands from an administrative command prompt:

sc stop wuauserv
sc config wuauserv start= disabled

With the service disabled, any attempt to update your operating system will fail:

Windows Update: Error encountered

Note: To re-enable the service, simply repeat the steps above but set the Startup type back to Manual.

Questions? Problems?

If you would like to know more about the Windows Update service, or you have a specific problem, please feel free to get in touch. We will do our best to help you!

Posted in Windows Services | Tagged , , , | Leave a comment

Q&A: Why doesn’t “Allow service to interact with desktop” work?

  Our legacy Windows Service shows an alert box when it fails to print a document on our server 2012 R2 controller.

I went into the service, clicked on the properties and set it to be able to interact with the desktop. How come I still can’t see the alert windows? Do I need to change something else?

Allow service to interact with desktop

— Justin F.

Hi Justin.

Unfortunately that setting is from a bygone time. It no longer does what you expect. Let me explain.

Old versions of Windows supported interactive services

Old versions of Windows support interactive services

In Windows NT, 2000, XP and Server 2003 it was reasonable (and occasionally encouraged) for a service to create windows and other graphical elements. It was possible for someone logging in to the PC to see a service’s windows, happily intermingling with conventional applications on his desktop (like Word and Excel).

On those old operating systems, the “Allow service to interact with desktop” setting controlled the visibility of the service’s interface. If checked, the first person logging into the PC would see the service’s windows. If unchecked, the windows would not be visible. In short, the checkbox made sense.

However, in the mid-2000s, the concept of interactive services was exposed as a security risk. Hackers developed rogue Windows Services that would invade the desktop, requesting passwords, installing dangerous software and ultimately compromising a healthy computer. Those so called shatter attacks (because they visibly shatter the user’s secure environment) emerged as a serious threat.

Fortunately the folks in Redmond were quick to respond.

Interactive services are crippled (or eliminated) in current editions of Windows

Interactive services are crippled in current editions of Windows

Microsoft plugged the shatter attack security hole in Windows Vista. The remedy — known as Session 0 Isolation — is an architectural change that prevents a service’s windows from showing up on a regular desktop. Going forward, windows created by a service would be effectively hidden.

The change profoundly diminished the utility of the “Allow service to interact with desktop” option. Checking the box still enables a service to show its windows, but only on the hidden Session 0 desktop.

The reality is that on or off, the checkbox cannot empower a Windows Service to show itself on your own desktop.

But all is not lost for your situation…

However you can still see alerts from your service since you’re on Windows Server 2012

In versions of Windows where Session 0 is accessible — specifically Windows 8.1/8 and Server 2016/2012 — you can see the alerts from your service. You have to switch to Session 0 to see them though.

To make that possible:

  1. Enable interactive services.

    Start Regedit, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows and change the value of NoInteractiveServices from 1 to 0:

    Enable interactive services registry value
  2. Enable the Interactive Services Detection service.

    Launch Services, open the Interactive Services Detection service and change the Startup type to Automatic or Automatic (Delayed Start):

    Enable the Interactive Services Detection service

With that in place, Windows will pop up a window whenever your service is showing an alert in Session 0:

Interactive Services Detection prompt

Click View the message to switch to the austere Session 0 desktop where you should see your alert window.

And when you’re done, click Return now to go back to the safety of your regular desktop.

Note: There is no way to see your service’s alerts on Windows Server 2019

Unfortunately the solution for Server 2012 will not work on Server 2019 because Microsoft has completely removed access to Session 0 in their newest operating systems. There is simply no way to see an application running on the hidden desktop.

Please keep that in mind before you upgrade your server!

Posted in Windows Services | Tagged , , , , | Leave a comment

Q&A: How do I Restart my Windows Service at a Specific Time every Week?

Q&A - Restart Windows Service at a Specific Time
  I want to restart some specific service for a specific time every week. Can I use the NET command?

— Shanmuga

Hi Shanmuga.

Yes. With the help of the Windows Task Scheduler, you can use the NET command to restart a specific service at a specific time.

To do so:

1. Find the name of your service

Each Windows Service has two names — a short service name and a friendly display name. We need the service name for the NET command.

If you don’t already know the service name, or want to validate it:

  1. Launch the Windows Services application. You can find it by searching for “services” in the Control Panel, or by running services.msc at a command prompt.

  2. Scroll to locate your service in the list:

    Windows Services application
  3. Double-click the entry to open the service’s properties. The service name is displayed at the top.

Here we see that the name of the Print Spooler service is actually “Spooler”:

Print Spooler service name

2. Create a batch file to restart your service

With the service name in hand, we can now use the NET command to restart the service.

Create a new batch file and enter the following two commands:

NET STOP "Your Service Name"
NET START "Your Service Name"

Please replace Your Service Name with the service name identified in step 1. The quotes are required if the service name contains a space.

For example, if your service name is “Spooler”, the batch file should look like this:

NET STOP "Spooler"
NET START "Spooler"

Save the batch file to a well-known location. We’ll use it in the next step.

Test the batch file

At this point, we recommend performing a quick test to ensure that the batch file works as expected. Run it from an administrative command prompt and confirm that it restarts your service.

3. Create a scheduled task to run the batch file at the time you wish to restart the service

Now that you are able to restart the service with the batch file, let’s schedule it to run whenever you like.

For example, here is how we would restart the Print Spooler service every Sunday at 1 AM:

  1. Open the Windows Task Scheduler. You start it from the Control Panel or by running taskschd.msc from a command prompt.

  2. Click Create Basic Task on the right:

    Task Scheduler: Create Basic Task

    The Create Basic Task Wizard window will come up.

  3. Give the task a descriptive name:

    Enter the task name

    Click Next to continue.

  4. Select Weekly and click Next:

    Set the task to run weekly
  5. Set the day and time to restart the service:

    Set the day and time to restart the service

    Click Next to continue.

  6. Ensure that the action is Start a program and move to the next step:

    Set the action - Start a program
  7. Enter the full path to the batch file you created to restart the service:

    Specify the batch file to restart the service

    Click Next to continue.

  8. Review the summary and make sure that everything looks good.

    Check the Open the Properties dialog… box at the bottom because we’ll need to adjust one of the tasks properties:

    Review the summary of the task

    Click Finish.

  9. And finally, in the Properties window, check the Run with highest privileges box. The batch file must run with administrative rights so that it can restart the service.

    Run the task with highest privileges

    Click OK to save your settings.

Going forward, the new task will come alive at the scheduled time to promptly restart the service. You should be good to go.

Improvement: Use ServicePilot instead of NET for better reliability

Use ServicePilot instead of NET.EXE

While NET.EXE will work for most situations, there are a few scenarios where it may fall short.

Does your service:

  • take longer than 30 seconds to shut down?
  • occasionally hang and refuse to stop?

If so, the NET STOP command may fail. And when that happens, the subsequent call to NET START will fail too (because the service will not be idle). The end result is that your service will be left in an unusable/unresponsive state!

Our free ServicePilot utility was built to work around NET’s shortcomings. It will wait for longer than 30 seconds if necessary and will do its best to forcibly terminate an unresponsive service.

To use ServicePilot instead of NET:

  1. Download ServicePilot from our website. Save the executable in a well-known location (e.g. C:\Apps\ServicePilot\ServicePilot.exe).

  2. Edit the batch file you created to restart the service.

  3. Delete the two NET lines.

  4. Add the following line (adjusting the full path to ServicePilot and your service name as necessary):

    C:\Apps\ServicePilot\ServicePilot.exe -restart -wait 300 "Your Service Name"

    Note: The -wait 300 parameter instructs ServicePilot to wait up to 300 seconds (5 minutes) for the service to stop and restart. Feel free to increase (or decrease) the timeout based your specific use case.

  5. Save the batch file.

As you did with the NET version, please perform a quick test to ensure that the updated batch file works as expected. Launch it from an administrative command prompt and confirm that it restarts your service.

Best of luck with your service!

Posted in Windows Services | Tagged , , , , | Leave a comment